Example 1 with KeyHandle
use of com.google.crypto.tink.tinkkey.KeyHandle in project tink by google.
the class KeysetHandle method getKeys.
/**
* Returns the keyset data as a list of {@link KeyHandle}s.
*/
public List<KeyHandle> getKeys() {
ArrayList<KeyHandle> result = new ArrayList<>();
for (Keyset.Key key : keyset.getKeyList()) {
KeyData keyData = key.getKeyData();
result.add(new InternalKeyHandle(new ProtoKey(keyData, KeyTemplate.fromProto(key.getOutputPrefixType())), key.getStatus(), key.getKeyId()));
}
return Collections.unmodifiableList(result);
}
Also used :
EncryptedKeyset(com.google.crypto.tink.proto.EncryptedKeyset)
Keyset(com.google.crypto.tink.proto.Keyset)
InternalKeyHandle(com.google.crypto.tink.tinkkey.internal.InternalKeyHandle)
ProtoKey(com.google.crypto.tink.tinkkey.internal.ProtoKey)
ArrayList(java.util.ArrayList)
KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle)
InternalKeyHandle(com.google.crypto.tink.tinkkey.internal.InternalKeyHandle)
KeyData(com.google.crypto.tink.proto.KeyData)
Example 2 with KeyHandle
use of com.google.crypto.tink.tinkkey.KeyHandle in project tink by google.
the class KeysetManagerTest method addKeyHandle_newKeyset_shouldAddKey.
@Test
public void addKeyHandle_newKeyset_shouldAddKey() throws Exception {
KeyTemplate keyTemplate = KeyTemplates.get("AES256_GCM");
KeyHandle keyHandle = KeyHandle.generateNew(keyTemplate);
KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
keysetManager = keysetManager.add(keyHandle);
KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
Keyset keyset = keysetHandle.getKeyset();
expect.that(keyset.getKeyCount()).isEqualTo(1);
Keyset.Key key = keyset.getKey(0);
expect.that(key.getKeyId()).isEqualTo(keyHandle.getId());
expect.that(key.getStatus()).isEqualTo(KeyStatusType.ENABLED);
expect.that(key.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
expect.that(key.hasKeyData()).isTrue();
expect.that(key.getKeyData().getTypeUrl()).isEqualTo(keyTemplate.getTypeUrl());
AesGcmKeyFormat aesGcmKeyFormat = AesGcmKeyFormat.parseFrom(keyTemplate.getValue(), ExtensionRegistryLite.getEmptyRegistry());
AesGcmKey aesGcmKey = AesGcmKey.parseFrom(key.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
expect.that(aesGcmKey.getKeyValue().size()).isEqualTo(aesGcmKeyFormat.getKeySize());
// No primary key because add doesn't automatically promote the new key to primary.
assertThrows(GeneralSecurityException.class, () -> keysetHandle.getPrimitive(Aead.class));
}Example 3 with KeyHandle
use of com.google.crypto.tink.tinkkey.KeyHandle in project tink by google.
the class KeysetManagerTest method addKeyHandleWithKeyAccess_newKeyset_shouldAddKey.
@Test
public void addKeyHandleWithKeyAccess_newKeyset_shouldAddKey() throws Exception {
KeyTemplate keyTemplate = KeyTemplates.get("AES128_GCM");
KeyHandle keyHandle = KeyHandle.generateNew(keyTemplate);
KeyAccess keyAccess = SecretKeyAccess.insecureSecretAccess();
KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
keysetManager = keysetManager.add(keyHandle, keyAccess);
KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
Keyset keyset = keysetHandle.getKeyset();
expect.that(keyset.getKeyCount()).isEqualTo(1);
Keyset.Key key = keyset.getKey(0);
expect.that(key.getStatus()).isEqualTo(KeyStatusType.ENABLED);
expect.that(key.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
expect.that(key.hasKeyData()).isTrue();
expect.that(key.getKeyData().getTypeUrl()).isEqualTo(keyTemplate.getTypeUrl());
AesGcmKeyFormat aesGcmKeyFormat = AesGcmKeyFormat.parseFrom(keyTemplate.getValue(), ExtensionRegistryLite.getEmptyRegistry());
AesGcmKey aesGcmKey = AesGcmKey.parseFrom(key.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
expect.that(aesGcmKey.getKeyValue().size()).isEqualTo(aesGcmKeyFormat.getKeySize());
// No primary key because add doesn't automatically promote the new key to primary.
assertThrows(GeneralSecurityException.class, () -> keysetHandle.getPrimitive(Aead.class));
}
Also used :
Keyset(com.google.crypto.tink.proto.Keyset)
SecretKeyAccess(com.google.crypto.tink.tinkkey.SecretKeyAccess)
KeyAccess(com.google.crypto.tink.tinkkey.KeyAccess)
AesGcmKeyFormat(com.google.crypto.tink.proto.AesGcmKeyFormat)
Key(com.google.crypto.tink.proto.Keyset.Key)
KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle)
AesGcmKey(com.google.crypto.tink.proto.AesGcmKey)
Test(org.junit.Test)
Example 4 with KeyHandle
use of com.google.crypto.tink.tinkkey.KeyHandle in project tink by google.
the class KeysetManagerTest method addKeyHandleWithKeyAccess_existingKeyset_shouldAddKey.
@Test
public void addKeyHandleWithKeyAccess_existingKeyset_shouldAddKey() throws Exception {
KeyTemplate keyTemplate1 = KeyTemplates.get("AES128_GCM");
KeysetManager keysetManager = KeysetManager.withEmptyKeyset().add(keyTemplate1);
KeyTemplate keyTemplate2 = KeyTemplates.get("AES256_GCM");
KeyAccess keyAccess = SecretKeyAccess.insecureSecretAccess();
KeyHandle keyHandle = KeyHandle.createFromKey(new ProtoKey(Registry.newKeyData(keyTemplate2), keyTemplate2.getOutputPrefixType()), keyAccess);
keysetManager = keysetManager.add(keyHandle, keyAccess);
KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
Keyset keyset = keysetHandle.getKeyset();
expect.that(keyset.getKeyCount()).isEqualTo(2);
Keyset.Key key1 = keyset.getKey(0);
expect.that(key1.getStatus()).isEqualTo(KeyStatusType.ENABLED);
expect.that(key1.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
expect.that(key1.hasKeyData()).isTrue();
expect.that(key1.getKeyData().getTypeUrl()).isEqualTo(keyTemplate1.getTypeUrl());
AesGcmKeyFormat aesGcmKeyFormat1 = AesGcmKeyFormat.parseFrom(keyTemplate1.getValue(), ExtensionRegistryLite.getEmptyRegistry());
AesGcmKey aesGcmKey1 = AesGcmKey.parseFrom(key1.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
expect.that(aesGcmKey1.getKeyValue().size()).isEqualTo(aesGcmKeyFormat1.getKeySize());
Keyset.Key key2 = keyset.getKey(1);
expect.that(key2.getStatus()).isEqualTo(KeyStatusType.ENABLED);
expect.that(key2.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
expect.that(key2.hasKeyData()).isTrue();
expect.that(key2.getKeyData().getTypeUrl()).isEqualTo(keyTemplate2.getTypeUrl());
AesGcmKeyFormat aesGcmKeyFormat2 = AesGcmKeyFormat.parseFrom(keyTemplate2.getValue(), ExtensionRegistryLite.getEmptyRegistry());
AesGcmKey aesGcmKey2 = AesGcmKey.parseFrom(key2.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
expect.that(aesGcmKey2.getKeyValue().size()).isEqualTo(aesGcmKeyFormat2.getKeySize());
// No primary key because add doesn't automatically promote the new key to primary.
assertThrows(GeneralSecurityException.class, () -> keysetHandle.getPrimitive(Aead.class));
}
Also used :
Keyset(com.google.crypto.tink.proto.Keyset)
SecretKeyAccess(com.google.crypto.tink.tinkkey.SecretKeyAccess)
KeyAccess(com.google.crypto.tink.tinkkey.KeyAccess)
ProtoKey(com.google.crypto.tink.tinkkey.internal.ProtoKey)
AesGcmKeyFormat(com.google.crypto.tink.proto.AesGcmKeyFormat)
Key(com.google.crypto.tink.proto.Keyset.Key)
KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle)
AesGcmKey(com.google.crypto.tink.proto.AesGcmKey)
Test(org.junit.Test)
Example 5 with KeyHandle
use of com.google.crypto.tink.tinkkey.KeyHandle in project tink by google.
the class KeysetHandleTest method getKeys.
@Test
public void getKeys() throws Exception {
KeyTemplate keyTemplate = KeyTemplates.get("AES128_EAX");
KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
final int numKeys = 3;
for (int i = 0; i < numKeys; i++) {
keysetManager.add(keyTemplate);
}
KeysetHandle handle = keysetManager.getKeysetHandle();
Keyset keyset = handle.getKeyset();
List<KeyHandle> keysetKeys = handle.getKeys();
expect.that(keysetKeys).hasSize(numKeys);
Map<Integer, KeyHandle> keysetKeysMap = keysetKeys.stream().collect(Collectors.toMap(KeyHandle::getId, key -> key));
for (Keyset.Key key : keyset.getKeyList()) {
expect.that(keysetKeysMap).containsKey(key.getKeyId());
KeyHandle keysetKey = keysetKeysMap.get(key.getKeyId());
expect.that(KeyStatusTypeProtoConverter.toProto(keysetKey.getStatus())).isEqualTo(key.getStatus());
KeyData keyData = ((ProtoKey) keysetKey.getKey(SecretKeyAccess.insecureSecretAccess())).getProtoKey();
expect.that(keyData).isEqualTo(key.getKeyData());
}
}
Also used :
Keyset(com.google.crypto.tink.proto.Keyset)
Keyset(com.google.crypto.tink.proto.Keyset)
PublicKeySignFactory(com.google.crypto.tink.signature.PublicKeySignFactory)
PublicKeyVerifyFactory(com.google.crypto.tink.signature.PublicKeyVerifyFactory)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
BeforeClass(org.junit.BeforeClass)
SignatureConfig(com.google.crypto.tink.signature.SignatureConfig)
Assert.assertThrows(org.junit.Assert.assertThrows)
KeyStatusType(com.google.crypto.tink.proto.KeyStatusType)
RunWith(org.junit.runner.RunWith)
EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey)
Random(com.google.crypto.tink.subtle.Random)
ProtoKey(com.google.crypto.tink.tinkkey.internal.ProtoKey)
TreeSet(java.util.TreeSet)
GeneralSecurityException(java.security.GeneralSecurityException)
SignatureKeyTemplates(com.google.crypto.tink.signature.SignatureKeyTemplates)
ByteArrayInputStream(java.io.ByteArrayInputStream)
KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle)
AesEaxKeyManager(com.google.crypto.tink.aead.AesEaxKeyManager)
ExtensionRegistryLite(com.google.protobuf.ExtensionRegistryLite)
Map(java.util.Map)
TestUtil(com.google.crypto.tink.testing.TestUtil)
SecretKeyAccess(com.google.crypto.tink.tinkkey.SecretKeyAccess)
Expect(com.google.common.truth.Expect)
AesEaxKey(com.google.crypto.tink.proto.AesEaxKey)
UTF_8(java.nio.charset.StandardCharsets.UTF_8)
TinkConfig(com.google.crypto.tink.config.TinkConfig)
OutputPrefixType(com.google.crypto.tink.proto.OutputPrefixType)
Set(java.util.Set)
Test(org.junit.Test)
JUnit4(org.junit.runners.JUnit4)
Truth.assertThat(com.google.common.truth.Truth.assertThat)
Hex(com.google.crypto.tink.subtle.Hex)
Collectors(java.util.stream.Collectors)
KeyStatusTypeProtoConverter(com.google.crypto.tink.internal.KeyStatusTypeProtoConverter)
List(java.util.List)
Rule(org.junit.Rule)
KeyAccess(com.google.crypto.tink.tinkkey.KeyAccess)
AesEaxKeyFormat(com.google.crypto.tink.proto.AesEaxKeyFormat)
KeyData(com.google.crypto.tink.proto.KeyData)
ProtoKey(com.google.crypto.tink.tinkkey.internal.ProtoKey)
KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle)
KeyData(com.google.crypto.tink.proto.KeyData)
Test(org.junit.Test)
Aggregations
KeyHandle (com.google.crypto.tink.tinkkey.KeyHandle)12
Test (org.junit.Test)11
Keyset (com.google.crypto.tink.proto.Keyset)7
KeyAccess (com.google.crypto.tink.tinkkey.KeyAccess)5
SecretKeyAccess (com.google.crypto.tink.tinkkey.SecretKeyAccess)5
ProtoKey (com.google.crypto.tink.tinkkey.internal.ProtoKey)5
AesGcmKey (com.google.crypto.tink.proto.AesGcmKey)4
AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)4
Key (com.google.crypto.tink.proto.Keyset.Key)4
AesEaxKey (com.google.crypto.tink.proto.AesEaxKey)2
AesEaxKeyFormat (com.google.crypto.tink.proto.AesEaxKeyFormat)2
KeyData (com.google.crypto.tink.proto.KeyData)2
TinkKey (com.google.crypto.tink.tinkkey.TinkKey)2
Expect (com.google.common.truth.Expect)1
Truth.assertThat (com.google.common.truth.Truth.assertThat)1
AesEaxKeyManager (com.google.crypto.tink.aead.AesEaxKeyManager)1
TinkConfig (com.google.crypto.tink.config.TinkConfig)1
KeyStatusTypeProtoConverter (com.google.crypto.tink.internal.KeyStatusTypeProtoConverter)1
EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)1
EncryptedKeyset (com.google.crypto.tink.proto.EncryptedKeyset)1
