Example 1 with JwtToJwkSetResponse
use of com.google.crypto.tink.proto.testing.JwtToJwkSetResponse in project tink by google.
the class JwtServiceImplTest method jwtToFromJwt_success.
@Test
public void jwtToFromJwt_success() throws Exception {
byte[] template = KeyTemplateProtoConverter.toByteArray(KeyTemplates.get("JWT_ES256"));
KeysetGenerateResponse keysetResponse = generateKeyset(keysetStub, template);
assertThat(keysetResponse.getErr()).isEmpty();
byte[] privateKeyset = keysetResponse.getKeyset().toByteArray();
KeysetPublicResponse pubResponse = publicKeyset(keysetStub, privateKeyset);
assertThat(pubResponse.getErr()).isEmpty();
byte[] publicKeyset = pubResponse.getPublicKeyset().toByteArray();
JwtToken token = generateToken("audience", 1245, 0);
JwtSignRequest signRequest = JwtSignRequest.newBuilder().setKeyset(ByteString.copyFrom(privateKeyset)).setRawJwt(token).build();
JwtSignResponse signResponse = jwtStub.publicKeySignAndEncode(signRequest);
assertThat(signResponse.getErr()).isEmpty();
// Convert the public keyset to a JWK set
JwtToJwkSetRequest toRequest = JwtToJwkSetRequest.newBuilder().setKeyset(ByteString.copyFrom(publicKeyset)).build();
JwtToJwkSetResponse toResponse = jwtStub.toJwkSet(toRequest);
assertThat(toResponse.getErr()).isEmpty();
assertThat(toResponse.getJwkSet()).contains("{\"keys\":[{\"kty\":\"EC\",\"crv\":\"P-256\",");
// Convert the public keyset to a JWK set
JwtFromJwkSetRequest fromRequest = JwtFromJwkSetRequest.newBuilder().setJwkSet(toResponse.getJwkSet()).build();
JwtFromJwkSetResponse fromResponse = jwtStub.fromJwkSet(fromRequest);
assertThat(fromResponse.getErr()).isEmpty();
// Use that output keyset to verify the token
JwtValidator validator = JwtValidator.newBuilder().setExpectedTypeHeader(StringValue.newBuilder().setValue("typeHeader")).setExpectedIssuer(StringValue.newBuilder().setValue("issuer")).setExpectedAudience(StringValue.newBuilder().setValue("audience")).setNow(Timestamp.newBuilder().setSeconds(1234)).build();
JwtVerifyRequest verifyRequest = JwtVerifyRequest.newBuilder().setKeyset(fromResponse.getKeyset()).setSignedCompactJwt(signResponse.getSignedCompactJwt()).setValidator(validator).build();
JwtVerifyResponse verifyResponse = jwtStub.publicKeyVerifyAndDecode(verifyRequest);
assertThat(verifyResponse.getErr()).isEmpty();
}
Also used :
JwtFromJwkSetRequest(com.google.crypto.tink.proto.testing.JwtFromJwkSetRequest)
JwtToJwkSetRequest(com.google.crypto.tink.proto.testing.JwtToJwkSetRequest)
JwtToJwkSetResponse(com.google.crypto.tink.proto.testing.JwtToJwkSetResponse)
JwtFromJwkSetResponse(com.google.crypto.tink.proto.testing.JwtFromJwkSetResponse)
JwtSignResponse(com.google.crypto.tink.proto.testing.JwtSignResponse)
KeysetGenerateResponse(com.google.crypto.tink.proto.testing.KeysetGenerateResponse)
JwtToken(com.google.crypto.tink.proto.testing.JwtToken)
JwtSignRequest(com.google.crypto.tink.proto.testing.JwtSignRequest)
JwtValidator(com.google.crypto.tink.proto.testing.JwtValidator)
JwtVerifyRequest(com.google.crypto.tink.proto.testing.JwtVerifyRequest)
JwtVerifyResponse(com.google.crypto.tink.proto.testing.JwtVerifyResponse)
KeysetPublicResponse(com.google.crypto.tink.proto.testing.KeysetPublicResponse)
Test(org.junit.Test)
Example 2 with JwtToJwkSetResponse
use of com.google.crypto.tink.proto.testing.JwtToJwkSetResponse in project tink by google.
the class JwtServiceImpl method toJwkSet.
/**
* Converts a Tink JWT Keyset to a JWK set.
*/
@Override
public void toJwkSet(JwtToJwkSetRequest request, StreamObserver<JwtToJwkSetResponse> responseObserver) {
JwtToJwkSetResponse response;
try {
KeysetHandle keysetHandle = CleartextKeysetHandle.read(BinaryKeysetReader.withBytes(request.getKeyset().toByteArray()));
String jwkSet = JwkSetConverter.fromPublicKeysetHandle(keysetHandle);
response = JwtToJwkSetResponse.newBuilder().setJwkSet(jwkSet).build();
} catch (GeneralSecurityException | InvalidProtocolBufferException e) {
response = JwtToJwkSetResponse.newBuilder().setErr(e.toString()).build();
} catch (IOException e) {
responseObserver.onError(Status.UNKNOWN.withDescription(e.getMessage()).asException());
return;
}
responseObserver.onNext(response);
responseObserver.onCompleted();
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle)
JwtToJwkSetResponse(com.google.crypto.tink.proto.testing.JwtToJwkSetResponse)
GeneralSecurityException(java.security.GeneralSecurityException)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
ByteString(com.google.protobuf.ByteString)
IOException(java.io.IOException)
Aggregations
JwtToJwkSetResponse (com.google.crypto.tink.proto.testing.JwtToJwkSetResponse)2
CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)1
KeysetHandle (com.google.crypto.tink.KeysetHandle)1
JwtFromJwkSetRequest (com.google.crypto.tink.proto.testing.JwtFromJwkSetRequest)1
JwtFromJwkSetResponse (com.google.crypto.tink.proto.testing.JwtFromJwkSetResponse)1
JwtSignRequest (com.google.crypto.tink.proto.testing.JwtSignRequest)1
JwtSignResponse (com.google.crypto.tink.proto.testing.JwtSignResponse)1
JwtToJwkSetRequest (com.google.crypto.tink.proto.testing.JwtToJwkSetRequest)1
JwtToken (com.google.crypto.tink.proto.testing.JwtToken)1
JwtValidator (com.google.crypto.tink.proto.testing.JwtValidator)1
JwtVerifyRequest (com.google.crypto.tink.proto.testing.JwtVerifyRequest)1
JwtVerifyResponse (com.google.crypto.tink.proto.testing.JwtVerifyResponse)1
KeysetGenerateResponse (com.google.crypto.tink.proto.testing.KeysetGenerateResponse)1
KeysetPublicResponse (com.google.crypto.tink.proto.testing.KeysetPublicResponse)1
ByteString (com.google.protobuf.ByteString)1
InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1
IOException (java.io.IOException)1
GeneralSecurityException (java.security.GeneralSecurityException)1
Test (org.junit.Test)1
