Example 26 with Keyset
use of com.google.crypto.tink.proto.Keyset in project tink by google.
the class NoSecretKeysetHandleTest method testBasic.
@Test
public void testBasic() throws Exception {
// Create a keyset that contains a single HmacKey.
KeyTemplate template = MacKeyTemplates.HMAC_SHA256_128BITTAG;
KeysetManager manager = KeysetManager.withEmptyKeyset().rotate(template);
Keyset keyset = manager.getKeysetHandle().getKeyset();
GeneralSecurityException e = assertThrows(GeneralSecurityException.class, () -> {
KeysetHandle unused = NoSecretKeysetHandle.parseFrom(keyset.toByteArray());
});
assertExceptionContains(e, "keyset contains secret key material");
}
Also used :
Keyset(com.google.crypto.tink.proto.Keyset)
GeneralSecurityException(java.security.GeneralSecurityException)
KeyTemplate(com.google.crypto.tink.proto.KeyTemplate)
Test(org.junit.Test)
Example 27 with Keyset
use of com.google.crypto.tink.proto.Keyset in project tink by google.
the class KeysetManagerTest method testAdd_existingKeySet_shouldAddNewKey_proto.
@Test
public void testAdd_existingKeySet_shouldAddNewKey_proto() throws Exception {
KeysetHandle existing = KeysetManager.withEmptyKeyset().rotate(MacKeyTemplates.HMAC_SHA256_128BITTAG).getKeysetHandle();
int existingPrimaryKeyId = existing.getKeyset().getPrimaryKeyId();
Keyset keyset = KeysetManager.withKeysetHandle(existing).add(MacKeyTemplates.HMAC_SHA256_256BITTAG).getKeysetHandle().getKeyset();
assertThat(keyset.getKeyCount()).isEqualTo(2);
assertThat(keyset.getPrimaryKeyId()).isEqualTo(existingPrimaryKeyId);
TestUtil.assertHmacKey(KeyTemplates.get("HMAC_SHA256_128BITTAG"), keyset.getKey(0));
TestUtil.assertHmacKey(KeyTemplates.get("HMAC_SHA256_256BITTAG"), keyset.getKey(1));
}Example 28 with Keyset
use of com.google.crypto.tink.proto.Keyset in project tink by google.
the class KeysetManagerTest method testDestroy_shouldDestroyKey.
@Test
public void testDestroy_shouldDestroyKey() throws Exception {
int primaryKeyId = 42;
int otherKeyId = 43;
KeysetHandle handle = KeysetHandle.fromKeyset(TestUtil.createKeyset(createEnabledKey(primaryKeyId), createEnabledKey(otherKeyId)));
Keyset keyset = KeysetManager.withKeysetHandle(handle).destroy(otherKeyId).getKeysetHandle().getKeyset();
assertThat(keyset.getKeyCount()).isEqualTo(2);
assertThat(keyset.getKey(0).getKeyId()).isEqualTo(primaryKeyId);
assertThat(keyset.getKey(0).getStatus()).isEqualTo(KeyStatusType.ENABLED);
assertThat(keyset.getKey(1).getKeyId()).isEqualTo(otherKeyId);
assertThat(keyset.getKey(1).getStatus()).isEqualTo(KeyStatusType.DESTROYED);
assertThat(keyset.getKey(1).hasKeyData()).isFalse();
}Example 29 with Keyset
use of com.google.crypto.tink.proto.Keyset in project tink by google.
the class KeysetManagerTest method testDisable_shouldDisableKey.
@Test
public void testDisable_shouldDisableKey() throws Exception {
int primaryKeyId = 42;
int otherKeyId = 43;
KeysetHandle handle = KeysetHandle.fromKeyset(TestUtil.createKeyset(createEnabledKey(primaryKeyId), createEnabledKey(otherKeyId)));
Keyset keyset = KeysetManager.withKeysetHandle(handle).disable(otherKeyId).getKeysetHandle().getKeyset();
assertThat(keyset.getKeyCount()).isEqualTo(2);
assertThat(keyset.getKey(0).getKeyId()).isEqualTo(primaryKeyId);
assertThat(keyset.getKey(0).getStatus()).isEqualTo(KeyStatusType.ENABLED);
assertThat(keyset.getKey(1).getKeyId()).isEqualTo(otherKeyId);
assertThat(keyset.getKey(1).getStatus()).isEqualTo(KeyStatusType.DISABLED);
}Example 30 with Keyset
use of com.google.crypto.tink.proto.Keyset in project tink by google.
the class KeysetManagerTest method addKeyHandle_newKeyset_shouldAddKey.
@Test
public void addKeyHandle_newKeyset_shouldAddKey() throws Exception {
KeyTemplate keyTemplate = KeyTemplates.get("AES256_GCM");
KeyHandle keyHandle = KeyHandle.generateNew(keyTemplate);
KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
keysetManager = keysetManager.add(keyHandle);
KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
Keyset keyset = keysetHandle.getKeyset();
expect.that(keyset.getKeyCount()).isEqualTo(1);
Keyset.Key key = keyset.getKey(0);
expect.that(key.getKeyId()).isEqualTo(keyHandle.getId());
expect.that(key.getStatus()).isEqualTo(KeyStatusType.ENABLED);
expect.that(key.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
expect.that(key.hasKeyData()).isTrue();
expect.that(key.getKeyData().getTypeUrl()).isEqualTo(keyTemplate.getTypeUrl());
AesGcmKeyFormat aesGcmKeyFormat = AesGcmKeyFormat.parseFrom(keyTemplate.getValue(), ExtensionRegistryLite.getEmptyRegistry());
AesGcmKey aesGcmKey = AesGcmKey.parseFrom(key.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
expect.that(aesGcmKey.getKeyValue().size()).isEqualTo(aesGcmKeyFormat.getKeySize());
// No primary key because add doesn't automatically promote the new key to primary.
assertThrows(GeneralSecurityException.class, () -> keysetHandle.getPrimitive(Aead.class));
}Aggregations
Keyset (com.google.crypto.tink.proto.Keyset)108
Test (org.junit.Test)81
GeneralSecurityException (java.security.GeneralSecurityException)22
CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)17
KeysetHandle (com.google.crypto.tink.KeysetHandle)17
KeyData (com.google.crypto.tink.proto.KeyData)17
KeyTemplate (com.google.crypto.tink.KeyTemplate)12
EncryptedKeyset (com.google.crypto.tink.proto.EncryptedKeyset)12
ByteArrayOutputStream (java.io.ByteArrayOutputStream)11
ByteString (com.google.protobuf.ByteString)10
InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)10
Key (com.google.crypto.tink.proto.Keyset.Key)9
JsonObject (com.google.gson.JsonObject)9
AesGcmKey (com.google.crypto.tink.proto.AesGcmKey)8
KeysetReader (com.google.crypto.tink.KeysetReader)7
IOException (java.io.IOException)7
AesEaxKey (com.google.crypto.tink.proto.AesEaxKey)6
AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)6
Enums (com.google.crypto.tink.subtle.Enums)6
KeyHandle (com.google.crypto.tink.tinkkey.KeyHandle)6
