use of com.google.crypto.tink.proto.testing.JwtSignResponse in project tink by google.
the class JwtServiceImplTest method jwtComputeVerifyMac_success.
@Test
public void jwtComputeVerifyMac_success() throws Exception {
byte[] template = KeyTemplateProtoConverter.toByteArray(KeyTemplates.get("JWT_HS256"));
KeysetGenerateResponse keysetResponse = generateKeyset(keysetStub, template);
assertThat(keysetResponse.getErr()).isEmpty();
byte[] keyset = keysetResponse.getKeyset().toByteArray();
long expSecs = 1234 + 100;
int expNanos = 567000000;
JwtToken token = generateToken("audience", expSecs, expNanos);
JwtSignRequest signRequest = JwtSignRequest.newBuilder().setKeyset(ByteString.copyFrom(keyset)).setRawJwt(token).build();
JwtSignResponse signResponse = jwtStub.computeMacAndEncode(signRequest);
assertThat(signResponse.getErr()).isEmpty();
JwtValidator validator = JwtValidator.newBuilder().setExpectedTypeHeader(StringValue.newBuilder().setValue("typeHeader")).setExpectedIssuer(StringValue.newBuilder().setValue("issuer")).setExpectedAudience(StringValue.newBuilder().setValue("audience")).setNow(Timestamp.newBuilder().setSeconds(1234)).build();
JwtVerifyRequest verifyRequest = JwtVerifyRequest.newBuilder().setKeyset(ByteString.copyFrom(keyset)).setSignedCompactJwt(signResponse.getSignedCompactJwt()).setValidator(validator).build();
JwtToken expectedToken = generateToken("audience", expSecs, 0);
JwtVerifyResponse verifyResponse = jwtStub.verifyMacAndDecode(verifyRequest);
assertThat(verifyResponse.getErr()).isEmpty();
assertThat(verifyResponse.getVerifiedJwt()).isEqualTo(expectedToken);
}
use of com.google.crypto.tink.proto.testing.JwtSignResponse in project tink by google.
the class JwtServiceImplTest method verifyFailsWhenExpired.
@Test
public void verifyFailsWhenExpired() throws Exception {
byte[] template = KeyTemplateProtoConverter.toByteArray(JwtHmacKeyManager.hs256Template());
KeysetGenerateResponse keysetResponse = generateKeyset(keysetStub, template);
assertThat(keysetResponse.getErr()).isEmpty();
byte[] keyset = keysetResponse.getKeyset().toByteArray();
JwtToken token = generateToken("audience", 1234 - 10, 0);
JwtSignRequest signRequest = JwtSignRequest.newBuilder().setKeyset(ByteString.copyFrom(keyset)).setRawJwt(token).build();
JwtSignResponse signResponse = jwtStub.computeMacAndEncode(signRequest);
assertThat(signResponse.getErr()).isEmpty();
JwtValidator validator = JwtValidator.newBuilder().setExpectedTypeHeader(StringValue.newBuilder().setValue("typeHeader")).setExpectedIssuer(StringValue.newBuilder().setValue("issuer")).setExpectedAudience(StringValue.newBuilder().setValue("audience")).setNow(Timestamp.newBuilder().setSeconds(1234)).build();
JwtVerifyRequest verifyRequest = JwtVerifyRequest.newBuilder().setKeyset(ByteString.copyFrom(keyset)).setSignedCompactJwt(signResponse.getSignedCompactJwt()).setValidator(validator).build();
JwtVerifyResponse verifyResponse = jwtStub.verifyMacAndDecode(verifyRequest);
assertThat(verifyResponse.getErr()).isNotEmpty();
}
use of com.google.crypto.tink.proto.testing.JwtSignResponse in project tink by google.
the class JwtServiceImplTest method jwtEmptyTokenComputeVerifyMac_success.
@Test
public void jwtEmptyTokenComputeVerifyMac_success() throws Exception {
byte[] template = KeyTemplateProtoConverter.toByteArray(JwtHmacKeyManager.hs256Template());
KeysetGenerateResponse keysetResponse = generateKeyset(keysetStub, template);
assertThat(keysetResponse.getErr()).isEmpty();
byte[] keyset = keysetResponse.getKeyset().toByteArray();
JwtToken token = JwtToken.getDefaultInstance();
JwtSignRequest signRequest = JwtSignRequest.newBuilder().setKeyset(ByteString.copyFrom(keyset)).setRawJwt(token).build();
JwtSignResponse signResponse = jwtStub.computeMacAndEncode(signRequest);
assertThat(signResponse.getErr()).isEmpty();
JwtValidator validator = JwtValidator.newBuilder().setAllowMissingExpiration(true).build();
JwtVerifyRequest verifyRequest = JwtVerifyRequest.newBuilder().setKeyset(ByteString.copyFrom(keyset)).setSignedCompactJwt(signResponse.getSignedCompactJwt()).setValidator(validator).build();
JwtVerifyResponse verifyResponse = jwtStub.verifyMacAndDecode(verifyRequest);
assertThat(verifyResponse.getErr()).isEmpty();
assertThat(verifyResponse.getVerifiedJwt()).isEqualTo(token);
}
use of com.google.crypto.tink.proto.testing.JwtSignResponse in project tink by google.
the class JwtServiceImplTest method jwtToFromJwt_success.
@Test
public void jwtToFromJwt_success() throws Exception {
byte[] template = KeyTemplateProtoConverter.toByteArray(KeyTemplates.get("JWT_ES256"));
KeysetGenerateResponse keysetResponse = generateKeyset(keysetStub, template);
assertThat(keysetResponse.getErr()).isEmpty();
byte[] privateKeyset = keysetResponse.getKeyset().toByteArray();
KeysetPublicResponse pubResponse = publicKeyset(keysetStub, privateKeyset);
assertThat(pubResponse.getErr()).isEmpty();
byte[] publicKeyset = pubResponse.getPublicKeyset().toByteArray();
JwtToken token = generateToken("audience", 1245, 0);
JwtSignRequest signRequest = JwtSignRequest.newBuilder().setKeyset(ByteString.copyFrom(privateKeyset)).setRawJwt(token).build();
JwtSignResponse signResponse = jwtStub.publicKeySignAndEncode(signRequest);
assertThat(signResponse.getErr()).isEmpty();
// Convert the public keyset to a JWK set
JwtToJwkSetRequest toRequest = JwtToJwkSetRequest.newBuilder().setKeyset(ByteString.copyFrom(publicKeyset)).build();
JwtToJwkSetResponse toResponse = jwtStub.toJwkSet(toRequest);
assertThat(toResponse.getErr()).isEmpty();
assertThat(toResponse.getJwkSet()).contains("{\"keys\":[{\"kty\":\"EC\",\"crv\":\"P-256\",");
// Convert the public keyset to a JWK set
JwtFromJwkSetRequest fromRequest = JwtFromJwkSetRequest.newBuilder().setJwkSet(toResponse.getJwkSet()).build();
JwtFromJwkSetResponse fromResponse = jwtStub.fromJwkSet(fromRequest);
assertThat(fromResponse.getErr()).isEmpty();
// Use that output keyset to verify the token
JwtValidator validator = JwtValidator.newBuilder().setExpectedTypeHeader(StringValue.newBuilder().setValue("typeHeader")).setExpectedIssuer(StringValue.newBuilder().setValue("issuer")).setExpectedAudience(StringValue.newBuilder().setValue("audience")).setNow(Timestamp.newBuilder().setSeconds(1234)).build();
JwtVerifyRequest verifyRequest = JwtVerifyRequest.newBuilder().setKeyset(fromResponse.getKeyset()).setSignedCompactJwt(signResponse.getSignedCompactJwt()).setValidator(validator).build();
JwtVerifyResponse verifyResponse = jwtStub.publicKeyVerifyAndDecode(verifyRequest);
assertThat(verifyResponse.getErr()).isEmpty();
}
use of com.google.crypto.tink.proto.testing.JwtSignResponse in project tink by google.
the class JwtServiceImplTest method signFailsOnBadKeyset.
@Test
public void signFailsOnBadKeyset() throws Exception {
byte[] badKeyset = "bad keyset".getBytes(UTF_8);
JwtToken token = generateToken("audience", 1234, 0);
JwtSignRequest signRequest = JwtSignRequest.newBuilder().setKeyset(ByteString.copyFrom(badKeyset)).setRawJwt(token).build();
JwtSignResponse signResponse = jwtStub.computeMacAndEncode(signRequest);
assertThat(signResponse.getErr()).isNotEmpty();
}
Aggregations