Examples with Keyset com.google.crypto.tink.proto.Keyset used on opensource projects

Search in sources :

Example 56 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class JwtEcdsaSignKeyManagerTest method withCustomKid.

/* Create a new keyset handle with the "custom_kid" value set. */
private KeysetHandle withCustomKid(KeysetHandle keysetHandle, String customKid) throws Exception {
    Keyset keyset = CleartextKeysetHandle.getKeyset(keysetHandle);
    JwtEcdsaPrivateKey privateKey = JwtEcdsaPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    JwtEcdsaPublicKey publicKeyWithKid = privateKey.getPublicKey().toBuilder().setCustomKid(CustomKid.newBuilder().setValue(customKid).build()).build();
    JwtEcdsaPrivateKey privateKeyWithKid = privateKey.toBuilder().setPublicKey(publicKeyWithKid).build();
    KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(privateKeyWithKid.toByteString()).build();
    Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
    return CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) JwtEcdsaPublicKey(com.google.crypto.tink.proto.JwtEcdsaPublicKey) JwtEcdsaPrivateKey(com.google.crypto.tink.proto.JwtEcdsaPrivateKey) KeyData(com.google.crypto.tink.proto.KeyData)

Example 57 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method withCustomKid.

/* Create a new keyset handle with the "custom_kid" value set. */
private KeysetHandle withCustomKid(KeysetHandle keysetHandle, String customKid) throws Exception {
    Keyset keyset = CleartextKeysetHandle.getKeyset(keysetHandle);
    JwtRsaSsaPssPrivateKey privateKey = JwtRsaSsaPssPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    JwtRsaSsaPssPublicKey publicKeyWithKid = privateKey.getPublicKey().toBuilder().setCustomKid(CustomKid.newBuilder().setValue(customKid).build()).build();
    JwtRsaSsaPssPrivateKey privateKeyWithKid = privateKey.toBuilder().setPublicKey(publicKeyWithKid).build();
    KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(privateKeyWithKid.toByteString()).build();
    Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
    return CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) JwtRsaSsaPssPublicKey(com.google.crypto.tink.proto.JwtRsaSsaPssPublicKey) JwtRsaSsaPssPrivateKey(com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey) KeyData(com.google.crypto.tink.proto.KeyData)

Example 58 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method signWithTinkKeyAndCustomKid_fails.

@Test
public void signWithTinkKeyAndCustomKid_fails() throws Exception {
    // KeysetHandle.generateNew is too slow in Tsan.
    assumeFalse(TestUtil.isTsan());
    KeyTemplate template = KeyTemplates.get("JWT_PS256_2048_F4");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    // Create a new handle with the "kid" value set.
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtRsaSsaPssPrivateKey privateKey = JwtRsaSsaPssPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    JwtRsaSsaPssPublicKey publicKeyWithKid = privateKey.getPublicKey().toBuilder().setCustomKid(CustomKid.newBuilder().setValue("Lorem ipsum dolor sit amet, consectetur adipiscing elit").build()).build();
    JwtRsaSsaPssPrivateKey privateKeyWithKid = privateKey.toBuilder().setPublicKey(publicKeyWithKid).build();
    KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(privateKeyWithKid.toByteString()).build();
    Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
    KeysetHandle handleWithKid = CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
    JwtPublicKeySign signerWithKid = handleWithKid.getPrimitive(JwtPublicKeySign.class);
    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
    assertThrows(JwtInvalidException.class, () -> signerWithKid.signAndEncode(rawToken));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Keyset(com.google.crypto.tink.proto.Keyset) JwtRsaSsaPssPublicKey(com.google.crypto.tink.proto.JwtRsaSsaPssPublicKey) JwtRsaSsaPssPrivateKey(com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey) KeyTemplate(com.google.crypto.tink.KeyTemplate) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Example 59 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class JwtEcdsaSignKeyManagerTest method createSignVerifyRaw_withDifferentHeaders.

@Test
public void createSignVerifyRaw_withDifferentHeaders() throws Exception {
    // KeysetHandle.generateNew is too slow in Tsan.
    assumeFalse(TestUtil.isTsan());
    KeyTemplate template = KeyTemplates.get("JWT_ES256_RAW");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtEcdsaPrivateKey keyProto = JwtEcdsaPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    ECPrivateKey privateKey = EllipticCurves.getEcPrivateKey(JwtEcdsaVerifyKeyManager.getCurve(keyProto.getPublicKey().getAlgorithm()), keyProto.getKeyValue().toByteArray());
    JwtEcdsaAlgorithm algorithm = keyProto.getPublicKey().getAlgorithm();
    Enums.HashType hash = JwtEcdsaVerifyKeyManager.hashForEcdsaAlgorithm(algorithm);
    EcdsaSignJce rawSigner = new EcdsaSignJce(privateKey, hash, EcdsaEncoding.IEEE_P1363);
    JsonObject payload = new JsonObject();
    payload.addProperty("jid", "jwtId");
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    JwtPublicKeyVerify verifier = handle.getPublicKeysetHandle().getPrimitive(JwtPublicKeyVerify.class);
    // Normal, valid signed compact.
    JsonObject normalHeader = new JsonObject();
    normalHeader.addProperty("alg", "ES256");
    String normalSignedCompact = generateSignedCompact(rawSigner, normalHeader, payload);
    verifier.verifyAndDecode(normalSignedCompact, validator);
    // valid token, with "typ" set in the header
    JsonObject goodHeader = new JsonObject();
    goodHeader.addProperty("alg", "ES256");
    goodHeader.addProperty("typ", "typeHeader");
    String goodSignedCompact = generateSignedCompact(rawSigner, goodHeader, payload);
    verifier.verifyAndDecode(goodSignedCompact, JwtValidator.newBuilder().expectTypeHeader("typeHeader").allowMissingExpiration().build());
    // invalid token with an empty header
    JsonObject emptyHeader = new JsonObject();
    String emptyHeaderSignedCompact = generateSignedCompact(rawSigner, emptyHeader, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(emptyHeaderSignedCompact, validator));
    // invalid token with a valid but incorrect algorithm in the header
    JsonObject badAlgoHeader = new JsonObject();
    badAlgoHeader.addProperty("alg", "RS256");
    String badAlgoSignedCompact = generateSignedCompact(rawSigner, badAlgoHeader, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(badAlgoSignedCompact, validator));
    // for raw keys, the validation should work even if a "kid" header is present.
    JsonObject unknownKidHeader = new JsonObject();
    unknownKidHeader.addProperty("alg", "ES256");
    unknownKidHeader.addProperty("kid", "unknown");
    String unknownKidSignedCompact = generateSignedCompact(rawSigner, unknownKidHeader, payload);
    verifier.verifyAndDecode(unknownKidSignedCompact, validator);
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Keyset(com.google.crypto.tink.proto.Keyset) ECPrivateKey(java.security.interfaces.ECPrivateKey) JsonObject(com.google.gson.JsonObject) ByteString(com.google.protobuf.ByteString) JwtEcdsaPrivateKey(com.google.crypto.tink.proto.JwtEcdsaPrivateKey) Enums(com.google.crypto.tink.subtle.Enums) EcdsaSignJce(com.google.crypto.tink.subtle.EcdsaSignJce) JwtEcdsaAlgorithm(com.google.crypto.tink.proto.JwtEcdsaAlgorithm) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 60 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class JwtHmacKeyManagerTest method macWithTinkKeyAndCustomKid_fails.

@Test
public void macWithTinkKeyAndCustomKid_fails() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    // Create a new handle with the "kid" value set.
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtHmacKey hmacKey = JwtHmacKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    JwtHmacKey hmacKeyWithKid = hmacKey.toBuilder().setCustomKid(CustomKid.newBuilder().setValue("Lorem ipsum dolor sit amet, consectetur adipiscing elit").build()).build();
    KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(hmacKeyWithKid.toByteString()).build();
    Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
    KeysetHandle handleWithKid = CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
    JwtMac jwtMacWithKid = handleWithKid.getPrimitive(JwtMac.class);
    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
    assertThrows(JwtInvalidException.class, () -> jwtMacWithKid.computeMacAndEncode(rawToken));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Keyset(com.google.crypto.tink.proto.Keyset) JwtHmacKey(com.google.crypto.tink.proto.JwtHmacKey) KeyTemplate(com.google.crypto.tink.KeyTemplate) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Aggregations

Keyset (com.google.crypto.tink.proto.Keyset)108 Test (org.junit.Test)81 GeneralSecurityException (java.security.GeneralSecurityException)22 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)17 KeysetHandle (com.google.crypto.tink.KeysetHandle)17 KeyData (com.google.crypto.tink.proto.KeyData)17 KeyTemplate (com.google.crypto.tink.KeyTemplate)12 EncryptedKeyset (com.google.crypto.tink.proto.EncryptedKeyset)12 ByteArrayOutputStream (java.io.ByteArrayOutputStream)11 ByteString (com.google.protobuf.ByteString)10 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)10 Key (com.google.crypto.tink.proto.Keyset.Key)9 JsonObject (com.google.gson.JsonObject)9 AesGcmKey (com.google.crypto.tink.proto.AesGcmKey)8 KeysetReader (com.google.crypto.tink.KeysetReader)7 IOException (java.io.IOException)7 AesEaxKey (com.google.crypto.tink.proto.AesEaxKey)6 AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)6 Enums (com.google.crypto.tink.subtle.Enums)6 KeyHandle (com.google.crypto.tink.tinkkey.KeyHandle)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial