use of com.google.crypto.tink.tinkkey.internal.ProtoKey in project tink by google.
the class KeysetManagerTest method addKeyHandleWithKeyAccess_existingKeyset_shouldAddKey.
@Test
public void addKeyHandleWithKeyAccess_existingKeyset_shouldAddKey() throws Exception {
KeyTemplate keyTemplate1 = KeyTemplates.get("AES128_GCM");
KeysetManager keysetManager = KeysetManager.withEmptyKeyset().add(keyTemplate1);
KeyTemplate keyTemplate2 = KeyTemplates.get("AES256_GCM");
KeyAccess keyAccess = SecretKeyAccess.insecureSecretAccess();
KeyHandle keyHandle = KeyHandle.createFromKey(new ProtoKey(Registry.newKeyData(keyTemplate2), keyTemplate2.getOutputPrefixType()), keyAccess);
keysetManager = keysetManager.add(keyHandle, keyAccess);
KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
Keyset keyset = keysetHandle.getKeyset();
expect.that(keyset.getKeyCount()).isEqualTo(2);
Keyset.Key key1 = keyset.getKey(0);
expect.that(key1.getStatus()).isEqualTo(KeyStatusType.ENABLED);
expect.that(key1.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
expect.that(key1.hasKeyData()).isTrue();
expect.that(key1.getKeyData().getTypeUrl()).isEqualTo(keyTemplate1.getTypeUrl());
AesGcmKeyFormat aesGcmKeyFormat1 = AesGcmKeyFormat.parseFrom(keyTemplate1.getValue(), ExtensionRegistryLite.getEmptyRegistry());
AesGcmKey aesGcmKey1 = AesGcmKey.parseFrom(key1.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
expect.that(aesGcmKey1.getKeyValue().size()).isEqualTo(aesGcmKeyFormat1.getKeySize());
Keyset.Key key2 = keyset.getKey(1);
expect.that(key2.getStatus()).isEqualTo(KeyStatusType.ENABLED);
expect.that(key2.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
expect.that(key2.hasKeyData()).isTrue();
expect.that(key2.getKeyData().getTypeUrl()).isEqualTo(keyTemplate2.getTypeUrl());
AesGcmKeyFormat aesGcmKeyFormat2 = AesGcmKeyFormat.parseFrom(keyTemplate2.getValue(), ExtensionRegistryLite.getEmptyRegistry());
AesGcmKey aesGcmKey2 = AesGcmKey.parseFrom(key2.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
expect.that(aesGcmKey2.getKeyValue().size()).isEqualTo(aesGcmKeyFormat2.getKeySize());
// No primary key because add doesn't automatically promote the new key to primary.
assertThrows(GeneralSecurityException.class, () -> keysetHandle.getPrimitive(Aead.class));
}
use of com.google.crypto.tink.tinkkey.internal.ProtoKey in project tink by google.
the class KeysetHandleTest method getKeys.
@Test
public void getKeys() throws Exception {
KeyTemplate keyTemplate = KeyTemplates.get("AES128_EAX");
KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
final int numKeys = 3;
for (int i = 0; i < numKeys; i++) {
keysetManager.add(keyTemplate);
}
KeysetHandle handle = keysetManager.getKeysetHandle();
Keyset keyset = handle.getKeyset();
List<KeyHandle> keysetKeys = handle.getKeys();
expect.that(keysetKeys).hasSize(numKeys);
Map<Integer, KeyHandle> keysetKeysMap = keysetKeys.stream().collect(Collectors.toMap(KeyHandle::getId, key -> key));
for (Keyset.Key key : keyset.getKeyList()) {
expect.that(keysetKeysMap).containsKey(key.getKeyId());
KeyHandle keysetKey = keysetKeysMap.get(key.getKeyId());
expect.that(KeyStatusTypeProtoConverter.toProto(keysetKey.getStatus())).isEqualTo(key.getStatus());
KeyData keyData = ((ProtoKey) keysetKey.getKey(SecretKeyAccess.insecureSecretAccess())).getProtoKey();
expect.that(keyData).isEqualTo(key.getKeyData());
}
}
use of com.google.crypto.tink.tinkkey.internal.ProtoKey in project tink by google.
the class KeysetManagerTest method addKeyHandle_fromKeysetWithDisabledKey_shouldCopyStatusCorrectly.
@Test
public void addKeyHandle_fromKeysetWithDisabledKey_shouldCopyStatusCorrectly() throws Exception {
KeyTemplate keyTemplate = KeyTemplates.get("AES128_GCM_RAW");
KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
for (int i = 0; i < 3; i++) {
keysetManager.add(keyTemplate);
}
keysetManager.disable(keysetManager.getKeysetHandle().getKeys().get(0).getId());
KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
List<KeyHandle> keyList = keysetHandle.getKeys();
KeysetManager copiedKeysetManager = KeysetManager.withEmptyKeyset();
for (KeyHandle key : keyList) {
copiedKeysetManager.add(key);
}
KeysetHandle copiedKeysetHandle = copiedKeysetManager.getKeysetHandle();
List<KeyHandle> copiedKeyList = copiedKeysetHandle.getKeys();
expect.that(copiedKeyList.size()).isEqualTo(keyList.size());
for (int i = 0; i < copiedKeyList.size(); i++) {
KeyHandle copiedKeyHandle = copiedKeyList.get(i);
KeyHandle keyHandle = keyList.get(i);
expect.that(copiedKeyHandle.getStatus()).isEqualTo(keyHandle.getStatus());
expect.that(copiedKeyHandle.hasSecret()).isEqualTo(keyHandle.hasSecret());
expect.that(copiedKeyHandle.getId()).isEqualTo(keyHandle.getId());
ProtoKey copiedProtoKey = (ProtoKey) copiedKeyHandle.getKey(SecretKeyAccess.insecureSecretAccess());
ProtoKey protoKey = (ProtoKey) keyHandle.getKey(SecretKeyAccess.insecureSecretAccess());
expect.that(copiedProtoKey.getOutputPrefixType()).isEqualTo(protoKey.getOutputPrefixType());
expect.that(copiedProtoKey.getProtoKey()).isEqualTo(protoKey.getProtoKey());
}
}
use of com.google.crypto.tink.tinkkey.internal.ProtoKey in project tink by google.
the class KeysetHandle method getKeys.
/**
* Returns the keyset data as a list of {@link KeyHandle}s.
*/
public List<KeyHandle> getKeys() {
ArrayList<KeyHandle> result = new ArrayList<>();
for (Keyset.Key key : keyset.getKeyList()) {
KeyData keyData = key.getKeyData();
result.add(new InternalKeyHandle(new ProtoKey(keyData, KeyTemplate.fromProto(key.getOutputPrefixType())), key.getStatus(), key.getKeyId()));
}
return Collections.unmodifiableList(result);
}
use of com.google.crypto.tink.tinkkey.internal.ProtoKey in project tink by google.
the class KeysetManager method add.
/**
* Adds the input {@code KeyHandle} to the existing keyset with {@code OutputPrefixType.TINK}.
*
* @throws GeneralSecurityException if the given {@code KeyAccess} does not grant access to the
* key contained in the {@code KeyHandle}.
* @throws UnsupportedOperationException if the {@code KeyHandle} contains a {@code TinkKey} which
* is not a {@code ProtoKey}.
* @deprecated Use KeysetManager.add(KeyHandle) instead.
*/
@Deprecated
public synchronized KeysetManager add(KeyHandle keyHandle, KeyAccess access) throws GeneralSecurityException {
ProtoKey pkey;
try {
pkey = (ProtoKey) keyHandle.getKey(access);
} catch (ClassCastException e) {
throw new UnsupportedOperationException("KeyHandles which contain TinkKeys that are not ProtoKeys are not yet supported.", e);
}
keysetBuilder.addKey(createKeysetKey(pkey.getProtoKey(), KeyTemplate.toProto(pkey.getOutputPrefixType())));
return this;
}
Aggregations