Search in sources :

Example 1 with JwtFromJwkSetResponse

use of com.google.crypto.tink.proto.testing.JwtFromJwkSetResponse in project tink by google.

the class JwtServiceImplTest method jwtToFromJwt_success.

@Test
public void jwtToFromJwt_success() throws Exception {
    byte[] template = KeyTemplateProtoConverter.toByteArray(KeyTemplates.get("JWT_ES256"));
    KeysetGenerateResponse keysetResponse = generateKeyset(keysetStub, template);
    assertThat(keysetResponse.getErr()).isEmpty();
    byte[] privateKeyset = keysetResponse.getKeyset().toByteArray();
    KeysetPublicResponse pubResponse = publicKeyset(keysetStub, privateKeyset);
    assertThat(pubResponse.getErr()).isEmpty();
    byte[] publicKeyset = pubResponse.getPublicKeyset().toByteArray();
    JwtToken token = generateToken("audience", 1245, 0);
    JwtSignRequest signRequest = JwtSignRequest.newBuilder().setKeyset(ByteString.copyFrom(privateKeyset)).setRawJwt(token).build();
    JwtSignResponse signResponse = jwtStub.publicKeySignAndEncode(signRequest);
    assertThat(signResponse.getErr()).isEmpty();
    // Convert the public keyset to a JWK set
    JwtToJwkSetRequest toRequest = JwtToJwkSetRequest.newBuilder().setKeyset(ByteString.copyFrom(publicKeyset)).build();
    JwtToJwkSetResponse toResponse = jwtStub.toJwkSet(toRequest);
    assertThat(toResponse.getErr()).isEmpty();
    assertThat(toResponse.getJwkSet()).contains("{\"keys\":[{\"kty\":\"EC\",\"crv\":\"P-256\",");
    // Convert the public keyset to a JWK set
    JwtFromJwkSetRequest fromRequest = JwtFromJwkSetRequest.newBuilder().setJwkSet(toResponse.getJwkSet()).build();
    JwtFromJwkSetResponse fromResponse = jwtStub.fromJwkSet(fromRequest);
    assertThat(fromResponse.getErr()).isEmpty();
    // Use that output keyset to verify the token
    JwtValidator validator = JwtValidator.newBuilder().setExpectedTypeHeader(StringValue.newBuilder().setValue("typeHeader")).setExpectedIssuer(StringValue.newBuilder().setValue("issuer")).setExpectedAudience(StringValue.newBuilder().setValue("audience")).setNow(Timestamp.newBuilder().setSeconds(1234)).build();
    JwtVerifyRequest verifyRequest = JwtVerifyRequest.newBuilder().setKeyset(fromResponse.getKeyset()).setSignedCompactJwt(signResponse.getSignedCompactJwt()).setValidator(validator).build();
    JwtVerifyResponse verifyResponse = jwtStub.publicKeyVerifyAndDecode(verifyRequest);
    assertThat(verifyResponse.getErr()).isEmpty();
}
Also used : JwtFromJwkSetRequest(com.google.crypto.tink.proto.testing.JwtFromJwkSetRequest) JwtToJwkSetRequest(com.google.crypto.tink.proto.testing.JwtToJwkSetRequest) JwtToJwkSetResponse(com.google.crypto.tink.proto.testing.JwtToJwkSetResponse) JwtFromJwkSetResponse(com.google.crypto.tink.proto.testing.JwtFromJwkSetResponse) JwtSignResponse(com.google.crypto.tink.proto.testing.JwtSignResponse) KeysetGenerateResponse(com.google.crypto.tink.proto.testing.KeysetGenerateResponse) JwtToken(com.google.crypto.tink.proto.testing.JwtToken) JwtSignRequest(com.google.crypto.tink.proto.testing.JwtSignRequest) JwtValidator(com.google.crypto.tink.proto.testing.JwtValidator) JwtVerifyRequest(com.google.crypto.tink.proto.testing.JwtVerifyRequest) JwtVerifyResponse(com.google.crypto.tink.proto.testing.JwtVerifyResponse) KeysetPublicResponse(com.google.crypto.tink.proto.testing.KeysetPublicResponse) Test(org.junit.Test)

Example 2 with JwtFromJwkSetResponse

use of com.google.crypto.tink.proto.testing.JwtFromJwkSetResponse in project tink by google.

the class JwtServiceImpl method fromJwkSet.

/**
 * Converts a JWK set to a Tink JWT Keyset.
 */
@Override
public void fromJwkSet(JwtFromJwkSetRequest request, StreamObserver<JwtFromJwkSetResponse> responseObserver) {
    JwtFromJwkSetResponse response;
    try {
        KeysetHandle keysetHandle = JwkSetConverter.toPublicKeysetHandle(request.getJwkSet());
        Keyset keyset = CleartextKeysetHandle.getKeyset(keysetHandle);
        ByteArrayOutputStream keysetStream = new ByteArrayOutputStream();
        BinaryKeysetWriter.withOutputStream(keysetStream).write(keyset);
        keysetStream.close();
        response = JwtFromJwkSetResponse.newBuilder().setKeyset(ByteString.copyFrom(keysetStream.toByteArray())).build();
    } catch (GeneralSecurityException | InvalidProtocolBufferException e) {
        response = JwtFromJwkSetResponse.newBuilder().setErr(e.toString()).build();
    } catch (IOException e) {
        responseObserver.onError(Status.UNKNOWN.withDescription(e.getMessage()).asException());
        return;
    }
    responseObserver.onNext(response);
    responseObserver.onCompleted();
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Keyset(com.google.crypto.tink.proto.Keyset) JwtFromJwkSetResponse(com.google.crypto.tink.proto.testing.JwtFromJwkSetResponse) GeneralSecurityException(java.security.GeneralSecurityException) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException)

Aggregations

JwtFromJwkSetResponse (com.google.crypto.tink.proto.testing.JwtFromJwkSetResponse)2 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)1 KeysetHandle (com.google.crypto.tink.KeysetHandle)1 Keyset (com.google.crypto.tink.proto.Keyset)1 JwtFromJwkSetRequest (com.google.crypto.tink.proto.testing.JwtFromJwkSetRequest)1 JwtSignRequest (com.google.crypto.tink.proto.testing.JwtSignRequest)1 JwtSignResponse (com.google.crypto.tink.proto.testing.JwtSignResponse)1 JwtToJwkSetRequest (com.google.crypto.tink.proto.testing.JwtToJwkSetRequest)1 JwtToJwkSetResponse (com.google.crypto.tink.proto.testing.JwtToJwkSetResponse)1 JwtToken (com.google.crypto.tink.proto.testing.JwtToken)1 JwtValidator (com.google.crypto.tink.proto.testing.JwtValidator)1 JwtVerifyRequest (com.google.crypto.tink.proto.testing.JwtVerifyRequest)1 JwtVerifyResponse (com.google.crypto.tink.proto.testing.JwtVerifyResponse)1 KeysetGenerateResponse (com.google.crypto.tink.proto.testing.KeysetGenerateResponse)1 KeysetPublicResponse (com.google.crypto.tink.proto.testing.KeysetPublicResponse)1 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 IOException (java.io.IOException)1 GeneralSecurityException (java.security.GeneralSecurityException)1 Test (org.junit.Test)1