Search in sources :

Example 6 with JwtToken

use of com.google.crypto.tink.proto.testing.JwtToken in project tink by google.

the class JwtServiceImplTest method verifyFailsWithWrongKey.

@Test
public void verifyFailsWithWrongKey() throws Exception {
    byte[] template = KeyTemplateProtoConverter.toByteArray(JwtHmacKeyManager.hs256Template());
    KeysetGenerateResponse keysetResponse = generateKeyset(keysetStub, template);
    assertThat(keysetResponse.getErr()).isEmpty();
    byte[] keyset = keysetResponse.getKeyset().toByteArray();
    JwtToken token = generateToken("audience", 1234 + 100, 0);
    JwtSignRequest signRequest = JwtSignRequest.newBuilder().setKeyset(ByteString.copyFrom(keyset)).setRawJwt(token).build();
    JwtSignResponse signResponse = jwtStub.computeMacAndEncode(signRequest);
    assertThat(signResponse.getErr()).isEmpty();
    KeysetGenerateResponse wrongKeysetResponse = generateKeyset(keysetStub, template);
    assertThat(wrongKeysetResponse.getErr()).isEmpty();
    byte[] wrongKeyset = wrongKeysetResponse.getKeyset().toByteArray();
    JwtValidator validator = JwtValidator.newBuilder().setExpectedTypeHeader(StringValue.newBuilder().setValue("typeHeader")).setExpectedIssuer(StringValue.newBuilder().setValue("issuer")).setExpectedAudience(StringValue.newBuilder().setValue("audience")).setNow(Timestamp.newBuilder().setSeconds(1234)).build();
    JwtVerifyRequest verifyRequest = JwtVerifyRequest.newBuilder().setKeyset(ByteString.copyFrom(wrongKeyset)).setSignedCompactJwt(signResponse.getSignedCompactJwt()).setValidator(validator).build();
    JwtVerifyResponse verifyResponse = jwtStub.verifyMacAndDecode(verifyRequest);
    assertThat(verifyResponse.getErr()).isNotEmpty();
}
Also used : JwtToken(com.google.crypto.tink.proto.testing.JwtToken) JwtSignRequest(com.google.crypto.tink.proto.testing.JwtSignRequest) JwtValidator(com.google.crypto.tink.proto.testing.JwtValidator) JwtSignResponse(com.google.crypto.tink.proto.testing.JwtSignResponse) KeysetGenerateResponse(com.google.crypto.tink.proto.testing.KeysetGenerateResponse) JwtVerifyRequest(com.google.crypto.tink.proto.testing.JwtVerifyRequest) JwtVerifyResponse(com.google.crypto.tink.proto.testing.JwtVerifyResponse) Test(org.junit.Test)

Example 7 with JwtToken

use of com.google.crypto.tink.proto.testing.JwtToken in project tink by google.

the class JwtServiceImpl method publicKeyVerifyAndDecode.

/**
 * Decodes and verifies a signed, compact JWT.
 */
@Override
public void publicKeyVerifyAndDecode(JwtVerifyRequest request, StreamObserver<JwtVerifyResponse> responseObserver) {
    JwtVerifyResponse response;
    try {
        KeysetHandle keysetHandle = CleartextKeysetHandle.read(BinaryKeysetReader.withBytes(request.getKeyset().toByteArray()));
        JwtValidator validator = convertProtoValidatorToValidator(request.getValidator());
        JwtPublicKeyVerify verifier = keysetHandle.getPrimitive(JwtPublicKeyVerify.class);
        VerifiedJwt verifiedJwt = verifier.verifyAndDecode(request.getSignedCompactJwt(), validator);
        JwtToken token = convertVerifiedJwtToJwtToken(verifiedJwt);
        response = JwtVerifyResponse.newBuilder().setVerifiedJwt(token).build();
    } catch (GeneralSecurityException | InvalidProtocolBufferException e) {
        response = JwtVerifyResponse.newBuilder().setErr(e.toString()).build();
    } catch (IOException e) {
        responseObserver.onError(Status.UNKNOWN.withDescription(e.getMessage()).asException());
        return;
    }
    responseObserver.onNext(response);
    responseObserver.onCompleted();
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) JwtToken(com.google.crypto.tink.proto.testing.JwtToken) JwtValidator(com.google.crypto.tink.jwt.JwtValidator) VerifiedJwt(com.google.crypto.tink.jwt.VerifiedJwt) GeneralSecurityException(java.security.GeneralSecurityException) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) JwtPublicKeyVerify(com.google.crypto.tink.jwt.JwtPublicKeyVerify) IOException(java.io.IOException) JwtVerifyResponse(com.google.crypto.tink.proto.testing.JwtVerifyResponse)

Example 8 with JwtToken

use of com.google.crypto.tink.proto.testing.JwtToken in project tink by google.

the class JwtServiceImpl method verifyMacAndDecode.

/**
 * Decodes and verifies a signed, compact JWT.
 */
@Override
public void verifyMacAndDecode(JwtVerifyRequest request, StreamObserver<JwtVerifyResponse> responseObserver) {
    JwtVerifyResponse response;
    try {
        KeysetHandle keysetHandle = CleartextKeysetHandle.read(BinaryKeysetReader.withBytes(request.getKeyset().toByteArray()));
        JwtValidator validator = convertProtoValidatorToValidator(request.getValidator());
        JwtMac jwtMac = keysetHandle.getPrimitive(JwtMac.class);
        VerifiedJwt verifiedJwt = jwtMac.verifyMacAndDecode(request.getSignedCompactJwt(), validator);
        JwtToken token = convertVerifiedJwtToJwtToken(verifiedJwt);
        response = JwtVerifyResponse.newBuilder().setVerifiedJwt(token).build();
    } catch (GeneralSecurityException | InvalidProtocolBufferException e) {
        response = JwtVerifyResponse.newBuilder().setErr(e.toString()).build();
    } catch (IOException e) {
        responseObserver.onError(Status.UNKNOWN.withDescription(e.getMessage()).asException());
        return;
    }
    responseObserver.onNext(response);
    responseObserver.onCompleted();
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) JwtToken(com.google.crypto.tink.proto.testing.JwtToken) JwtMac(com.google.crypto.tink.jwt.JwtMac) JwtValidator(com.google.crypto.tink.jwt.JwtValidator) VerifiedJwt(com.google.crypto.tink.jwt.VerifiedJwt) GeneralSecurityException(java.security.GeneralSecurityException) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) IOException(java.io.IOException) JwtVerifyResponse(com.google.crypto.tink.proto.testing.JwtVerifyResponse)

Example 9 with JwtToken

use of com.google.crypto.tink.proto.testing.JwtToken in project tink by google.

the class JwtServiceImplTest method publicKeySignVerify_success.

@Test
public void publicKeySignVerify_success() throws Exception {
    byte[] template = KeyTemplateProtoConverter.toByteArray(KeyTemplates.get("JWT_ES256"));
    KeysetGenerateResponse keysetResponse = generateKeyset(keysetStub, template);
    assertThat(keysetResponse.getErr()).isEmpty();
    byte[] privateKeyset = keysetResponse.getKeyset().toByteArray();
    KeysetPublicResponse pubResponse = publicKeyset(keysetStub, privateKeyset);
    assertThat(pubResponse.getErr()).isEmpty();
    byte[] publicKeyset = pubResponse.getPublicKeyset().toByteArray();
    long expSecs = 1234 + 100;
    int expNanos = 567000000;
    JwtToken token = generateToken("audience", expSecs, expNanos);
    JwtSignRequest signRequest = JwtSignRequest.newBuilder().setKeyset(ByteString.copyFrom(privateKeyset)).setRawJwt(token).build();
    JwtSignResponse signResponse = jwtStub.publicKeySignAndEncode(signRequest);
    assertThat(signResponse.getErr()).isEmpty();
    JwtValidator validator = JwtValidator.newBuilder().setExpectedTypeHeader(StringValue.newBuilder().setValue("typeHeader")).setExpectedIssuer(StringValue.newBuilder().setValue("issuer")).setExpectedAudience(StringValue.newBuilder().setValue("audience")).setNow(Timestamp.newBuilder().setSeconds(1234)).build();
    JwtVerifyRequest verifyRequest = JwtVerifyRequest.newBuilder().setKeyset(ByteString.copyFrom(publicKeyset)).setSignedCompactJwt(signResponse.getSignedCompactJwt()).setValidator(validator).build();
    JwtToken expectedToken = generateToken("audience", expSecs, 0);
    JwtVerifyResponse verifyResponse = jwtStub.publicKeyVerifyAndDecode(verifyRequest);
    assertThat(verifyResponse.getErr()).isEmpty();
    assertThat(verifyResponse.getVerifiedJwt()).isEqualTo(expectedToken);
}
Also used : JwtToken(com.google.crypto.tink.proto.testing.JwtToken) JwtSignRequest(com.google.crypto.tink.proto.testing.JwtSignRequest) JwtValidator(com.google.crypto.tink.proto.testing.JwtValidator) JwtSignResponse(com.google.crypto.tink.proto.testing.JwtSignResponse) KeysetGenerateResponse(com.google.crypto.tink.proto.testing.KeysetGenerateResponse) JwtVerifyRequest(com.google.crypto.tink.proto.testing.JwtVerifyRequest) JwtVerifyResponse(com.google.crypto.tink.proto.testing.JwtVerifyResponse) KeysetPublicResponse(com.google.crypto.tink.proto.testing.KeysetPublicResponse) Test(org.junit.Test)

Example 10 with JwtToken

use of com.google.crypto.tink.proto.testing.JwtToken in project tink by google.

the class JwtServiceImplTest method verifyFailsWithWrongAudience.

@Test
public void verifyFailsWithWrongAudience() throws Exception {
    byte[] template = KeyTemplateProtoConverter.toByteArray(JwtHmacKeyManager.hs256Template());
    KeysetGenerateResponse keysetResponse = generateKeyset(keysetStub, template);
    assertThat(keysetResponse.getErr()).isEmpty();
    byte[] keyset = keysetResponse.getKeyset().toByteArray();
    JwtToken token = generateToken("wrong_audience", 1234 + 100, 0);
    JwtSignRequest signRequest = JwtSignRequest.newBuilder().setKeyset(ByteString.copyFrom(keyset)).setRawJwt(token).build();
    JwtSignResponse signResponse = jwtStub.computeMacAndEncode(signRequest);
    assertThat(signResponse.getErr()).isEmpty();
    JwtValidator validator = JwtValidator.newBuilder().setExpectedTypeHeader(StringValue.newBuilder().setValue("typeHeader")).setExpectedIssuer(StringValue.newBuilder().setValue("issuer")).setExpectedAudience(StringValue.newBuilder().setValue("audience")).setNow(Timestamp.newBuilder().setSeconds(1234)).build();
    JwtVerifyRequest verifyRequest = JwtVerifyRequest.newBuilder().setKeyset(ByteString.copyFrom(keyset)).setSignedCompactJwt(signResponse.getSignedCompactJwt()).setValidator(validator).build();
    JwtVerifyResponse verifyResponse = jwtStub.verifyMacAndDecode(verifyRequest);
    assertThat(verifyResponse.getErr()).isNotEmpty();
}
Also used : JwtToken(com.google.crypto.tink.proto.testing.JwtToken) JwtSignRequest(com.google.crypto.tink.proto.testing.JwtSignRequest) JwtValidator(com.google.crypto.tink.proto.testing.JwtValidator) JwtSignResponse(com.google.crypto.tink.proto.testing.JwtSignResponse) KeysetGenerateResponse(com.google.crypto.tink.proto.testing.KeysetGenerateResponse) JwtVerifyRequest(com.google.crypto.tink.proto.testing.JwtVerifyRequest) JwtVerifyResponse(com.google.crypto.tink.proto.testing.JwtVerifyResponse) Test(org.junit.Test)

Aggregations

JwtToken (com.google.crypto.tink.proto.testing.JwtToken)10 JwtVerifyResponse (com.google.crypto.tink.proto.testing.JwtVerifyResponse)9 JwtSignRequest (com.google.crypto.tink.proto.testing.JwtSignRequest)8 JwtSignResponse (com.google.crypto.tink.proto.testing.JwtSignResponse)8 Test (org.junit.Test)8 JwtValidator (com.google.crypto.tink.proto.testing.JwtValidator)7 JwtVerifyRequest (com.google.crypto.tink.proto.testing.JwtVerifyRequest)7 KeysetGenerateResponse (com.google.crypto.tink.proto.testing.KeysetGenerateResponse)7 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)2 KeysetHandle (com.google.crypto.tink.KeysetHandle)2 JwtValidator (com.google.crypto.tink.jwt.JwtValidator)2 VerifiedJwt (com.google.crypto.tink.jwt.VerifiedJwt)2 KeysetPublicResponse (com.google.crypto.tink.proto.testing.KeysetPublicResponse)2 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)2 IOException (java.io.IOException)2 GeneralSecurityException (java.security.GeneralSecurityException)2 JwtMac (com.google.crypto.tink.jwt.JwtMac)1 JwtPublicKeyVerify (com.google.crypto.tink.jwt.JwtPublicKeyVerify)1 JwtFromJwkSetRequest (com.google.crypto.tink.proto.testing.JwtFromJwkSetRequest)1 JwtFromJwkSetResponse (com.google.crypto.tink.proto.testing.JwtFromJwkSetResponse)1