Search in sources :

Example 51 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class JwtHmacKeyManagerTest method createSignVerifyRaw_withDifferentHeaders.

@Test
public void createSignVerifyRaw_withDifferentHeaders() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256_RAW");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtHmacKey keyProto = JwtHmacKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    byte[] keyValue = keyProto.getKeyValue().toByteArray();
    SecretKeySpec keySpec = new SecretKeySpec(keyValue, "HMAC");
    PrfHmacJce prf = new PrfHmacJce("HMACSHA256", keySpec);
    PrfMac rawPrimitive = new PrfMac(prf, prf.getMaxOutputLength());
    JwtMac primitive = handle.getPrimitive(JwtMac.class);
    JsonObject payload = new JsonObject();
    payload.addProperty("jti", "jwtId");
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    // Normal, valid signed compact.
    JsonObject normalHeader = new JsonObject();
    normalHeader.addProperty("alg", "HS256");
    String normalSignedCompact = generateSignedCompact(rawPrimitive, normalHeader, payload);
    primitive.verifyMacAndDecode(normalSignedCompact, validator);
    // valid token, with "typ" set in the header
    JsonObject goodHeader = new JsonObject();
    goodHeader.addProperty("alg", "HS256");
    goodHeader.addProperty("typ", "typeHeader");
    String goodSignedCompact = generateSignedCompact(rawPrimitive, goodHeader, payload);
    primitive.verifyMacAndDecode(goodSignedCompact, JwtValidator.newBuilder().expectTypeHeader("typeHeader").allowMissingExpiration().build());
    // invalid token with an empty header
    JsonObject emptyHeader = new JsonObject();
    String emptyHeaderSignedCompact = generateSignedCompact(rawPrimitive, emptyHeader, payload);
    assertThrows(GeneralSecurityException.class, () -> primitive.verifyMacAndDecode(emptyHeaderSignedCompact, validator));
    // invalid token with a valid but incorrect algorithm in the header
    JsonObject badAlgoHeader = new JsonObject();
    badAlgoHeader.addProperty("alg", "RS256");
    String badAlgoSignedCompact = generateSignedCompact(rawPrimitive, badAlgoHeader, payload);
    assertThrows(GeneralSecurityException.class, () -> primitive.verifyMacAndDecode(badAlgoSignedCompact, validator));
    // for raw keys without customKid, the validation should work even if a "kid" header is present.
    JsonObject headerWithUnknownKid = new JsonObject();
    headerWithUnknownKid.addProperty("alg", "HS256");
    headerWithUnknownKid.addProperty("kid", "unknown");
    String tokenWithUnknownKid = generateSignedCompact(rawPrimitive, headerWithUnknownKid, payload);
    primitive.verifyMacAndDecode(tokenWithUnknownKid, validator);
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Keyset(com.google.crypto.tink.proto.Keyset) PrfMac(com.google.crypto.tink.subtle.PrfMac) SecretKeySpec(javax.crypto.spec.SecretKeySpec) JwtHmacKey(com.google.crypto.tink.proto.JwtHmacKey) JsonObject(com.google.gson.JsonObject) PrfHmacJce(com.google.crypto.tink.subtle.PrfHmacJce) ByteString(com.google.protobuf.ByteString) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 52 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class JwtHmacKeyManagerTest method withCustomKid.

/* Create a new keyset handle with the "custom_kid" value set. */
private KeysetHandle withCustomKid(KeysetHandle keysetHandle, String customKid) throws Exception {
    Keyset keyset = CleartextKeysetHandle.getKeyset(keysetHandle);
    JwtHmacKey hmacKey = JwtHmacKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    JwtHmacKey hmacKeyWithKid = hmacKey.toBuilder().setCustomKid(CustomKid.newBuilder().setValue(customKid).build()).build();
    KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(hmacKeyWithKid.toByteString()).build();
    Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
    return CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) JwtHmacKey(com.google.crypto.tink.proto.JwtHmacKey) KeyData(com.google.crypto.tink.proto.KeyData)

Example 53 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class JwtRsaSsaPkcs1SignKeyManagerTest method createSignVerifyTink_withDifferentHeaders.

@Test
public void createSignVerifyTink_withDifferentHeaders() throws Exception {
    if (TestUtil.isTsan()) {
        // We do not use assume because Theories expects to find something which is not skipped.
        return;
    }
    KeyTemplate template = KeyTemplates.get("JWT_RS256_2048_F4");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtRsaSsaPkcs1PrivateKey keyProto = JwtRsaSsaPkcs1PrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    RSAPrivateCrtKey privateKey = createPrivateKey(keyProto);
    JwtRsaSsaPkcs1Algorithm algorithm = keyProto.getPublicKey().getAlgorithm();
    Enums.HashType hash = JwtRsaSsaPkcs1VerifyKeyManager.hashForPkcs1Algorithm(algorithm);
    RsaSsaPkcs1SignJce rawSigner = new RsaSsaPkcs1SignJce(privateKey, hash);
    JwtPublicKeyVerify verifier = handle.getPublicKeysetHandle().getPrimitive(JwtPublicKeyVerify.class);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    String kid = JwtFormat.getKid(keyset.getKey(0).getKeyId(), keyset.getKey(0).getOutputPrefixType()).get();
    JsonObject payload = new JsonObject();
    payload.addProperty("jti", "jwtId");
    // normal, valid token
    JsonObject normalHeader = new JsonObject();
    normalHeader.addProperty("alg", "RS256");
    normalHeader.addProperty("kid", kid);
    String validToken = generateSignedCompact(rawSigner, normalHeader, payload);
    verifier.verifyAndDecode(validToken, validator);
    // token without kid are rejected, even if they are valid.
    JsonObject headerWithoutKid = new JsonObject();
    headerWithoutKid.addProperty("alg", "RS256");
    String tokenWithoutKid = generateSignedCompact(rawSigner, headerWithoutKid, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithoutKid, validator));
    // token without algorithm in header
    JsonObject headerWithoutAlg = new JsonObject();
    headerWithoutAlg.addProperty("kid", kid);
    String tokenWithoutAlg = generateSignedCompact(rawSigner, headerWithoutAlg, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithoutAlg, validator));
    // invalid token with an incorrect algorithm in the header
    JsonObject headerWithBadAlg = new JsonObject();
    headerWithBadAlg.addProperty("alg", "PS256");
    headerWithBadAlg.addProperty("kid", kid);
    String tokenWithBadAlg = generateSignedCompact(rawSigner, headerWithBadAlg, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithBadAlg, validator));
    // token with an unknown "kid" in the header is invalid
    JsonObject headerWithUnknownKid = new JsonObject();
    headerWithUnknownKid.addProperty("alg", "RS256");
    headerWithUnknownKid.addProperty("kid", "unknown");
    String tokenWithUnknownKid = generateSignedCompact(rawSigner, headerWithUnknownKid, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithUnknownKid, validator));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Keyset(com.google.crypto.tink.proto.Keyset) RSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey) JwtRsaSsaPkcs1PrivateKey(com.google.crypto.tink.proto.JwtRsaSsaPkcs1PrivateKey) JsonObject(com.google.gson.JsonObject) RsaSsaPkcs1SignJce(com.google.crypto.tink.subtle.RsaSsaPkcs1SignJce) ByteString(com.google.protobuf.ByteString) Enums(com.google.crypto.tink.subtle.Enums) JwtRsaSsaPkcs1Algorithm(com.google.crypto.tink.proto.JwtRsaSsaPkcs1Algorithm) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 54 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method createSignVerifyTink_withDifferentHeaders.

@Test
public void createSignVerifyTink_withDifferentHeaders() throws Exception {
    // creating keys is too slow in Tsan.
    assumeFalse(TestUtil.isTsan());
    KeyTemplate template = KeyTemplates.get("JWT_PS256_2048_F4");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtRsaSsaPssPrivateKey keyProto = JwtRsaSsaPssPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    RSAPrivateCrtKey privateKey = createPrivateKey(keyProto);
    JwtRsaSsaPssAlgorithm algorithm = keyProto.getPublicKey().getAlgorithm();
    Enums.HashType hash = JwtRsaSsaPssVerifyKeyManager.hashForPssAlgorithm(algorithm);
    int saltLength = JwtRsaSsaPssVerifyKeyManager.saltLengthForPssAlgorithm(algorithm);
    RsaSsaPssSignJce rawSigner = new RsaSsaPssSignJce(privateKey, hash, hash, saltLength);
    JwtPublicKeyVerify verifier = handle.getPublicKeysetHandle().getPrimitive(JwtPublicKeyVerify.class);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    String kid = JwtFormat.getKid(keyset.getKey(0).getKeyId(), keyset.getKey(0).getOutputPrefixType()).get();
    JsonObject payload = new JsonObject();
    payload.addProperty("jti", "jwtId");
    // normal, valid token
    JsonObject normalHeader = new JsonObject();
    normalHeader.addProperty("alg", "PS256");
    normalHeader.addProperty("kid", kid);
    String validToken = generateSignedCompact(rawSigner, normalHeader, payload);
    verifier.verifyAndDecode(validToken, validator);
    // token without kid are rejected, even if they are valid.
    JsonObject headerWithoutKid = new JsonObject();
    headerWithoutKid.addProperty("alg", "PS256");
    String tokenWithoutKid = generateSignedCompact(rawSigner, headerWithoutKid, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithoutKid, validator));
    // token without algorithm in header
    JsonObject headerWithoutAlg = new JsonObject();
    headerWithoutAlg.addProperty("kid", kid);
    String tokenWithoutAlg = generateSignedCompact(rawSigner, headerWithoutAlg, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithoutAlg, validator));
    // invalid token with an incorrect algorithm in the header
    JsonObject headerWithBadAlg = new JsonObject();
    headerWithBadAlg.addProperty("alg", "RS256");
    headerWithBadAlg.addProperty("kid", kid);
    String tokenWithBadAlg = generateSignedCompact(rawSigner, headerWithBadAlg, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithBadAlg, validator));
    // token with an unknown "kid" in the header is invalid
    JsonObject headerWithUnknownKid = new JsonObject();
    headerWithUnknownKid.addProperty("alg", "PS256");
    headerWithUnknownKid.addProperty("kid", "unknown");
    String tokenWithUnknownKid = generateSignedCompact(rawSigner, headerWithUnknownKid, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithUnknownKid, validator));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Keyset(com.google.crypto.tink.proto.Keyset) RSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey) JsonObject(com.google.gson.JsonObject) ByteString(com.google.protobuf.ByteString) RsaSsaPssSignJce(com.google.crypto.tink.subtle.RsaSsaPssSignJce) Enums(com.google.crypto.tink.subtle.Enums) JwtRsaSsaPssPrivateKey(com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey) JwtRsaSsaPssAlgorithm(com.google.crypto.tink.proto.JwtRsaSsaPssAlgorithm) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 55 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class JwtEcdsaSignKeyManagerTest method createSignVerifyTink_withDifferentHeaders.

@Test
public void createSignVerifyTink_withDifferentHeaders() throws Exception {
    // KeysetHandle.generateNew is too slow in Tsan.
    assumeFalse(TestUtil.isTsan());
    KeyTemplate template = KeyTemplates.get("JWT_ES256");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtEcdsaPrivateKey keyProto = JwtEcdsaPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    ECPrivateKey privateKey = EllipticCurves.getEcPrivateKey(JwtEcdsaVerifyKeyManager.getCurve(keyProto.getPublicKey().getAlgorithm()), keyProto.getKeyValue().toByteArray());
    JwtEcdsaAlgorithm algorithm = keyProto.getPublicKey().getAlgorithm();
    Enums.HashType hash = JwtEcdsaVerifyKeyManager.hashForEcdsaAlgorithm(algorithm);
    EcdsaSignJce rawSigner = new EcdsaSignJce(privateKey, hash, EcdsaEncoding.IEEE_P1363);
    String kid = JwtFormat.getKid(keyset.getKey(0).getKeyId(), keyset.getKey(0).getOutputPrefixType()).get();
    JsonObject payload = new JsonObject();
    payload.addProperty("jti", "jwtId");
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    JwtPublicKeyVerify verifier = handle.getPublicKeysetHandle().getPrimitive(JwtPublicKeyVerify.class);
    // Normal, valid signed token.
    JsonObject normalHeader = new JsonObject();
    normalHeader.addProperty("alg", "ES256");
    normalHeader.addProperty("kid", kid);
    String normalToken = generateSignedCompact(rawSigner, normalHeader, payload);
    verifier.verifyAndDecode(normalToken, validator);
    // token without kid are rejected, even if they are valid.
    JsonObject headerWithoutKid = new JsonObject();
    headerWithoutKid.addProperty("alg", "ES256");
    String tokenWithoutKid = generateSignedCompact(rawSigner, headerWithoutKid, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithoutKid, validator));
    // token without algorithm in the header
    JsonObject headerWithoutAlg = new JsonObject();
    headerWithoutAlg.addProperty("kid", kid);
    String tokenWithoutAlg = generateSignedCompact(rawSigner, headerWithoutAlg, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithoutAlg, validator));
    // token with an incorrect algorithm in the header
    JsonObject headerWithBadAlg = new JsonObject();
    headerWithBadAlg.addProperty("kid", kid);
    headerWithBadAlg.addProperty("alg", "RS256");
    String badAlgToken = generateSignedCompact(rawSigner, headerWithBadAlg, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(badAlgToken, validator));
    // token with an unknown kid header
    JsonObject unknownKidHeader = new JsonObject();
    unknownKidHeader.addProperty("alg", "ES256");
    unknownKidHeader.addProperty("kid", "unknown");
    String unknownKidSignedCompact = generateSignedCompact(rawSigner, unknownKidHeader, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(unknownKidSignedCompact, validator));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Keyset(com.google.crypto.tink.proto.Keyset) ECPrivateKey(java.security.interfaces.ECPrivateKey) JsonObject(com.google.gson.JsonObject) ByteString(com.google.protobuf.ByteString) JwtEcdsaPrivateKey(com.google.crypto.tink.proto.JwtEcdsaPrivateKey) Enums(com.google.crypto.tink.subtle.Enums) EcdsaSignJce(com.google.crypto.tink.subtle.EcdsaSignJce) JwtEcdsaAlgorithm(com.google.crypto.tink.proto.JwtEcdsaAlgorithm) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Aggregations

Keyset (com.google.crypto.tink.proto.Keyset)108 Test (org.junit.Test)81 GeneralSecurityException (java.security.GeneralSecurityException)22 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)17 KeysetHandle (com.google.crypto.tink.KeysetHandle)17 KeyData (com.google.crypto.tink.proto.KeyData)17 KeyTemplate (com.google.crypto.tink.KeyTemplate)12 EncryptedKeyset (com.google.crypto.tink.proto.EncryptedKeyset)12 ByteArrayOutputStream (java.io.ByteArrayOutputStream)11 ByteString (com.google.protobuf.ByteString)10 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)10 Key (com.google.crypto.tink.proto.Keyset.Key)9 JsonObject (com.google.gson.JsonObject)9 AesGcmKey (com.google.crypto.tink.proto.AesGcmKey)8 KeysetReader (com.google.crypto.tink.KeysetReader)7 IOException (java.io.IOException)7 AesEaxKey (com.google.crypto.tink.proto.AesEaxKey)6 AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)6 Enums (com.google.crypto.tink.subtle.Enums)6 KeyHandle (com.google.crypto.tink.tinkkey.KeyHandle)6