Example 6 with KeyHandle
use of com.google.crypto.tink.tinkkey.KeyHandle in project tink by google.
the class KeysetManagerTest method addKeyHandle_existingKeyset_shouldAddKey.
@Test
public void addKeyHandle_existingKeyset_shouldAddKey() throws Exception {
KeyTemplate keyTemplate1 = KeyTemplates.get("AES128_GCM_RAW");
KeyHandle keyHandle1 = KeyHandle.generateNew(keyTemplate1);
KeysetManager keysetManager = KeysetManager.withEmptyKeyset().add(keyHandle1);
keysetManager.setPrimary(keyHandle1.getId());
KeyTemplate keyTemplate2 = KeyTemplates.get("AES256_GCM_RAW");
KeyHandle keyHandle2 = KeyHandle.generateNew(keyTemplate2);
keysetManager = keysetManager.add(keyHandle2);
Keyset keyset = keysetManager.getKeysetHandle().getKeyset();
expect.that(keyset.getKeyCount()).isEqualTo(2);
expect.that(keyset.getPrimaryKeyId()).isEqualTo(keyHandle1.getId());
Keyset.Key key1 = keyset.getKey(0);
expect.that(key1.getKeyId()).isEqualTo(keyHandle1.getId());
expect.that(key1.getStatus()).isEqualTo(KeyStatusType.ENABLED);
expect.that(key1.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
expect.that(key1.hasKeyData()).isTrue();
expect.that(key1.getKeyData().getTypeUrl()).isEqualTo(keyTemplate1.getTypeUrl());
AesGcmKeyFormat aesGcmKeyFormat1 = AesGcmKeyFormat.parseFrom(keyTemplate1.getValue(), ExtensionRegistryLite.getEmptyRegistry());
AesGcmKey aesGcmKey1 = AesGcmKey.parseFrom(key1.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
expect.that(aesGcmKey1.getKeyValue().size()).isEqualTo(aesGcmKeyFormat1.getKeySize());
Keyset.Key key2 = keyset.getKey(1);
expect.that(key2.getKeyId()).isEqualTo(keyHandle2.getId());
expect.that(key2.getStatus()).isEqualTo(KeyStatusType.ENABLED);
expect.that(key2.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
expect.that(key2.hasKeyData()).isTrue();
expect.that(key2.getKeyData().getTypeUrl()).isEqualTo(keyTemplate2.getTypeUrl());
AesGcmKeyFormat aesGcmKeyFormat2 = AesGcmKeyFormat.parseFrom(keyTemplate2.getValue(), ExtensionRegistryLite.getEmptyRegistry());
AesGcmKey aesGcmKey2 = AesGcmKey.parseFrom(key2.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
expect.that(aesGcmKey2.getKeyValue().size()).isEqualTo(aesGcmKeyFormat2.getKeySize());
}Example 7 with KeyHandle
use of com.google.crypto.tink.tinkkey.KeyHandle in project tink by google.
the class KeysetManagerTest method addKeyHandle_existingKeyset_collidingKeyIds_shouldThrow.
@Test
public void addKeyHandle_existingKeyset_collidingKeyIds_shouldThrow() throws Exception {
KeyTemplate keyTemplate1 = KeyTemplates.get("AES128_GCM_RAW");
KeyHandle keyHandle1 = KeyHandle.generateNew(keyTemplate1);
KeysetManager keysetManager = KeysetManager.withEmptyKeyset().add(keyHandle1);
assertThrows(GeneralSecurityException.class, () -> keysetManager.add(keyHandle1));
}Example 8 with KeyHandle
use of com.google.crypto.tink.tinkkey.KeyHandle in project tink by google.
the class KeysetManagerTest method addKeyHandle_fromKeysetWithDisabledKey_shouldCopyStatusCorrectly.
@Test
public void addKeyHandle_fromKeysetWithDisabledKey_shouldCopyStatusCorrectly() throws Exception {
KeyTemplate keyTemplate = KeyTemplates.get("AES128_GCM_RAW");
KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
for (int i = 0; i < 3; i++) {
keysetManager.add(keyTemplate);
}
keysetManager.disable(keysetManager.getKeysetHandle().getKeys().get(0).getId());
KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
List<KeyHandle> keyList = keysetHandle.getKeys();
KeysetManager copiedKeysetManager = KeysetManager.withEmptyKeyset();
for (KeyHandle key : keyList) {
copiedKeysetManager.add(key);
}
KeysetHandle copiedKeysetHandle = copiedKeysetManager.getKeysetHandle();
List<KeyHandle> copiedKeyList = copiedKeysetHandle.getKeys();
expect.that(copiedKeyList.size()).isEqualTo(keyList.size());
for (int i = 0; i < copiedKeyList.size(); i++) {
KeyHandle copiedKeyHandle = copiedKeyList.get(i);
KeyHandle keyHandle = keyList.get(i);
expect.that(copiedKeyHandle.getStatus()).isEqualTo(keyHandle.getStatus());
expect.that(copiedKeyHandle.hasSecret()).isEqualTo(keyHandle.hasSecret());
expect.that(copiedKeyHandle.getId()).isEqualTo(keyHandle.getId());
ProtoKey copiedProtoKey = (ProtoKey) copiedKeyHandle.getKey(SecretKeyAccess.insecureSecretAccess());
ProtoKey protoKey = (ProtoKey) keyHandle.getKey(SecretKeyAccess.insecureSecretAccess());
expect.that(copiedProtoKey.getOutputPrefixType()).isEqualTo(protoKey.getOutputPrefixType());
expect.that(copiedProtoKey.getProtoKey()).isEqualTo(protoKey.getProtoKey());
}
}Example 9 with KeyHandle
use of com.google.crypto.tink.tinkkey.KeyHandle in project tink by google.
the class KeysetManagerTest method addKeyHandle_unsupportedTinkKey_shouldThrow.
@Test
public void addKeyHandle_unsupportedTinkKey_shouldThrow() throws Exception {
TinkKey tinkKey = new TinkKey() {
@Override
public boolean hasSecret() {
return false;
}
@Override
public KeyTemplate getKeyTemplate() {
throw new UnsupportedOperationException();
}
};
KeyHandle keyHandle = KeyHandle.createFromKey(tinkKey, KeyAccess.publicAccess());
KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
assertThrows(UnsupportedOperationException.class, () -> keysetManager.add(keyHandle));
}Example 10 with KeyHandle
use of com.google.crypto.tink.tinkkey.KeyHandle in project tink by google.
the class KeysetManagerTest method addKeyHandleWithKeyAccess_unsupportedTinkKey_shouldThrow.
@Test
public void addKeyHandleWithKeyAccess_unsupportedTinkKey_shouldThrow() throws Exception {
TinkKey tinkKey = new TinkKey() {
@Override
public boolean hasSecret() {
return false;
}
@Override
public KeyTemplate getKeyTemplate() {
throw new UnsupportedOperationException();
}
};
KeyAccess keyAccess = KeyAccess.publicAccess();
KeyHandle keyHandle = KeyHandle.createFromKey(tinkKey, keyAccess);
KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
assertThrows(UnsupportedOperationException.class, () -> keysetManager.add(keyHandle, keyAccess));
}
Also used :
SecretKeyAccess(com.google.crypto.tink.tinkkey.SecretKeyAccess)
KeyAccess(com.google.crypto.tink.tinkkey.KeyAccess)
TinkKey(com.google.crypto.tink.tinkkey.TinkKey)
KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle)
Test(org.junit.Test)
Aggregations
KeyHandle (com.google.crypto.tink.tinkkey.KeyHandle)12
Test (org.junit.Test)11
Keyset (com.google.crypto.tink.proto.Keyset)7
KeyAccess (com.google.crypto.tink.tinkkey.KeyAccess)5
SecretKeyAccess (com.google.crypto.tink.tinkkey.SecretKeyAccess)5
ProtoKey (com.google.crypto.tink.tinkkey.internal.ProtoKey)5
AesGcmKey (com.google.crypto.tink.proto.AesGcmKey)4
AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)4
Key (com.google.crypto.tink.proto.Keyset.Key)4
AesEaxKey (com.google.crypto.tink.proto.AesEaxKey)2
AesEaxKeyFormat (com.google.crypto.tink.proto.AesEaxKeyFormat)2
KeyData (com.google.crypto.tink.proto.KeyData)2
TinkKey (com.google.crypto.tink.tinkkey.TinkKey)2
Expect (com.google.common.truth.Expect)1
Truth.assertThat (com.google.common.truth.Truth.assertThat)1
AesEaxKeyManager (com.google.crypto.tink.aead.AesEaxKeyManager)1
TinkConfig (com.google.crypto.tink.config.TinkConfig)1
KeyStatusTypeProtoConverter (com.google.crypto.tink.internal.KeyStatusTypeProtoConverter)1
EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)1
EncryptedKeyset (com.google.crypto.tink.proto.EncryptedKeyset)1
