Examples with Keyset com.google.crypto.tink.proto.Keyset used on opensource projects

Example 71 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class KeysetHandle method readNoSecret.

/**
 * Tries to create a {@link KeysetHandle} from a keyset, obtained via {@code reader}, which
 * contains no secret key material.
 *
 * <p>This can be used to load public keysets or envelope encryption keysets. Users that need to
 * load cleartext keysets can use {@link CleartextKeysetHandle}.
 *
 * @return a new {@link KeysetHandle} from {@code serialized} that is a serialized {@link Keyset}
 * @throws GeneralSecurityException
 */
public static final KeysetHandle readNoSecret(KeysetReader reader) throws GeneralSecurityException, IOException {
    try {
        Keyset keyset = reader.read();
        assertNoSecretKeyMaterial(keyset);
        return KeysetHandle.fromKeyset(keyset);
    } catch (@SuppressWarnings("UnusedException") InvalidProtocolBufferException e) {
        // Do not propagate InvalidProtocolBufferException to guarantee no key material is leaked
        throw new GeneralSecurityException("invalid keyset");
    }
}

Example 72 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class KeysetHandle method readNoSecret.

/**
 * Tries to create a {@link KeysetHandle} from a serialized keyset which contains no secret key
 * material.
 *
 * <p>This can be used to load public keysets or envelope encryption keysets. Users that need to
 * load cleartext keysets can use {@link CleartextKeysetHandle}.
 *
 * @return a new {@link KeysetHandle} from {@code serialized} that is a serialized {@link Keyset}
 * @throws GeneralSecurityException
 */
public static final KeysetHandle readNoSecret(final byte[] serialized) throws GeneralSecurityException {
    try {
        Keyset keyset = Keyset.parseFrom(serialized, ExtensionRegistryLite.getEmptyRegistry());
        assertNoSecretKeyMaterial(keyset);
        return KeysetHandle.fromKeyset(keyset);
    } catch (@SuppressWarnings("UnusedException") InvalidProtocolBufferException e) {
        // Do not propagate InvalidProtocolBufferException to guarantee no key material is leaked
        throw new GeneralSecurityException("invalid keyset");
    }
}

Example 73 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class KeysetHandle method getPublicKeysetHandle.

/**
 * If the managed keyset contains private keys, returns a {@link KeysetHandle} of the public keys.
 *
 * @throws GenernalSecurityException if the managed keyset is null or if it contains any
 *     non-private keys.
 */
public KeysetHandle getPublicKeysetHandle() throws GeneralSecurityException {
    if (keyset == null) {
        throw new GeneralSecurityException("cleartext keyset is not available");
    }
    Keyset.Builder keysetBuilder = Keyset.newBuilder();
    for (Keyset.Key key : keyset.getKeyList()) {
        KeyData keyData = createPublicKeyData(key.getKeyData());
        keysetBuilder.addKey(Keyset.Key.newBuilder().mergeFrom(key).setKeyData(keyData).build());
    }
    keysetBuilder.setPrimaryKeyId(keyset.getPrimaryKeyId());
    return new KeysetHandle(keysetBuilder.build());
}

Example 74 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class JwtServiceImpl method fromJwkSet.

/**
 * Converts a JWK set to a Tink JWT Keyset.
 */
@Override
public void fromJwkSet(JwtFromJwkSetRequest request, StreamObserver<JwtFromJwkSetResponse> responseObserver) {
    JwtFromJwkSetResponse response;
    try {
        KeysetHandle keysetHandle = JwkSetConverter.toPublicKeysetHandle(request.getJwkSet());
        Keyset keyset = CleartextKeysetHandle.getKeyset(keysetHandle);
        ByteArrayOutputStream keysetStream = new ByteArrayOutputStream();
        BinaryKeysetWriter.withOutputStream(keysetStream).write(keyset);
        keysetStream.close();
        response = JwtFromJwkSetResponse.newBuilder().setKeyset(ByteString.copyFrom(keysetStream.toByteArray())).build();
    } catch (GeneralSecurityException | InvalidProtocolBufferException e) {
        response = JwtFromJwkSetResponse.newBuilder().setErr(e.toString()).build();
    } catch (IOException e) {
        responseObserver.onError(Status.UNKNOWN.withDescription(e.getMessage()).asException());
        return;
    }
    responseObserver.onNext(response);
    responseObserver.onCompleted();
}

Example 75 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class KeysetServiceImpl method public_.

@Override
public void public_(KeysetPublicRequest request, StreamObserver<KeysetPublicResponse> responseObserver) {
    KeysetPublicResponse response;
    try {
        KeysetHandle privateKeysetHandle = CleartextKeysetHandle.read(BinaryKeysetReader.withBytes(request.getPrivateKeyset().toByteArray()));
        KeysetHandle publicKeysetHandle = privateKeysetHandle.getPublicKeysetHandle();
        Keyset publicKeyset = CleartextKeysetHandle.getKeyset(publicKeysetHandle);
        ByteArrayOutputStream publicKeysetStream = new ByteArrayOutputStream();
        BinaryKeysetWriter.withOutputStream(publicKeysetStream).write(publicKeyset);
        publicKeysetStream.close();
        response = KeysetPublicResponse.newBuilder().setPublicKeyset(ByteString.copyFrom(publicKeysetStream.toByteArray())).build();
    } catch (GeneralSecurityException | InvalidProtocolBufferException e) {
        response = KeysetPublicResponse.newBuilder().setErr(e.toString()).build();
    } catch (IOException e) {
        responseObserver.onError(Status.UNKNOWN.withDescription(e.getMessage()).asException());
        return;
    }
    responseObserver.onNext(response);
    responseObserver.onCompleted();
}