Examples with ProtoKey com.google.crypto.tink.tinkkey.internal.ProtoKey used on opensource projects

Example 6 with ProtoKey

use of com.google.crypto.tink.tinkkey.internal.ProtoKey in project tink by google.

the class KeysetHandleTest method getKeys.

@Test
public void getKeys() throws Exception {
    KeyTemplate keyTemplate = KeyTemplates.get("AES128_EAX");
    KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
    final int numKeys = 3;
    for (int i = 0; i < numKeys; i++) {
        keysetManager.add(keyTemplate);
    }
    KeysetHandle handle = keysetManager.getKeysetHandle();
    Keyset keyset = handle.getKeyset();
    List<KeyHandle> keysetKeys = handle.getKeys();
    expect.that(keysetKeys).hasSize(numKeys);
    Map<Integer, KeyHandle> keysetKeysMap = keysetKeys.stream().collect(Collectors.toMap(KeyHandle::getId, key -> key));
    for (Keyset.Key key : keyset.getKeyList()) {
        expect.that(keysetKeysMap).containsKey(key.getKeyId());
        KeyHandle keysetKey = keysetKeysMap.get(key.getKeyId());
        expect.that(KeyStatusTypeProtoConverter.toProto(keysetKey.getStatus())).isEqualTo(key.getStatus());
        KeyData keyData = ((ProtoKey) keysetKey.getKey(SecretKeyAccess.insecureSecretAccess())).getProtoKey();
        expect.that(keyData).isEqualTo(key.getKeyData());
    }
}

Example 7 with ProtoKey

use of com.google.crypto.tink.tinkkey.internal.ProtoKey in project tink by google.

the class KeysetManagerTest method addKeyHandle_fromKeysetWithDisabledKey_shouldCopyStatusCorrectly.

@Test
public void addKeyHandle_fromKeysetWithDisabledKey_shouldCopyStatusCorrectly() throws Exception {
    KeyTemplate keyTemplate = KeyTemplates.get("AES128_GCM_RAW");
    KeysetManager keysetManager = KeysetManager.withEmptyKeyset();
    for (int i = 0; i < 3; i++) {
        keysetManager.add(keyTemplate);
    }
    keysetManager.disable(keysetManager.getKeysetHandle().getKeys().get(0).getId());
    KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
    List<KeyHandle> keyList = keysetHandle.getKeys();
    KeysetManager copiedKeysetManager = KeysetManager.withEmptyKeyset();
    for (KeyHandle key : keyList) {
        copiedKeysetManager.add(key);
    }
    KeysetHandle copiedKeysetHandle = copiedKeysetManager.getKeysetHandle();
    List<KeyHandle> copiedKeyList = copiedKeysetHandle.getKeys();
    expect.that(copiedKeyList.size()).isEqualTo(keyList.size());
    for (int i = 0; i < copiedKeyList.size(); i++) {
        KeyHandle copiedKeyHandle = copiedKeyList.get(i);
        KeyHandle keyHandle = keyList.get(i);
        expect.that(copiedKeyHandle.getStatus()).isEqualTo(keyHandle.getStatus());
        expect.that(copiedKeyHandle.hasSecret()).isEqualTo(keyHandle.hasSecret());
        expect.that(copiedKeyHandle.getId()).isEqualTo(keyHandle.getId());
        ProtoKey copiedProtoKey = (ProtoKey) copiedKeyHandle.getKey(SecretKeyAccess.insecureSecretAccess());
        ProtoKey protoKey = (ProtoKey) keyHandle.getKey(SecretKeyAccess.insecureSecretAccess());
        expect.that(copiedProtoKey.getOutputPrefixType()).isEqualTo(protoKey.getOutputPrefixType());
        expect.that(copiedProtoKey.getProtoKey()).isEqualTo(protoKey.getProtoKey());
    }
}

Example 8 with ProtoKey

use of com.google.crypto.tink.tinkkey.internal.ProtoKey in project tink by google.

the class JwkSetConverter method toPublicKeysetHandle.

/**
 * Converts a Json Web Key (JWK) set with public keys into a Tink KeysetHandle.
 *
 * <p>It requires that all keys in the set have the "alg" field set. The currently supported
 * algorithms are ES256, ES384, ES512, RS256, RS384, RS512, PS256, PS384 and PS512. JWK is defined
 * in https://www.rfc-editor.org/rfc/rfc7517.txt.
 */
public static KeysetHandle toPublicKeysetHandle(String jwkSet) throws IOException, GeneralSecurityException {
    JsonObject jsonKeyset;
    try {
        JsonReader jsonReader = new JsonReader(new StringReader(jwkSet));
        jsonReader.setLenient(false);
        jsonKeyset = Streams.parse(jsonReader).getAsJsonObject();
    } catch (IllegalStateException | JsonParseException | StackOverflowError ex) {
        throw new IOException("JWK set is invalid JSON", ex);
    }
    KeysetManager manager = KeysetManager.withEmptyKeyset();
    JsonArray jsonKeys = jsonKeyset.get("keys").getAsJsonArray();
    for (JsonElement element : jsonKeys) {
        JsonObject jsonKey = element.getAsJsonObject();
        String algPrefix = getStringItem(jsonKey, "alg").substring(0, 2);
        KeyData keyData;
        switch(algPrefix) {
            case "RS":
                keyData = convertToRsaSsaPkcs1Key(jsonKey);
                break;
            case "PS":
                keyData = convertToRsaSsaPssKey(jsonKey);
                break;
            case "ES":
                keyData = convertToEcdsaKey(jsonKey);
                break;
            default:
                throw new IOException("unexpected alg value: " + getStringItem(jsonKey, "alg"));
        }
        manager.add(KeyHandle.createFromKey(new ProtoKey(keyData, com.google.crypto.tink.KeyTemplate.OutputPrefixType.RAW), KeyAccess.publicAccess()));
    }
    KeysetInfo info = manager.getKeysetHandle().getKeysetInfo();
    if (info.getKeyInfoCount() <= 0) {
        throw new IOException("empty keyset");
    }
    manager.setPrimary(info.getKeyInfo(0).getKeyId());
    return manager.getKeysetHandle();
}

Example 9 with ProtoKey

use of com.google.crypto.tink.tinkkey.internal.ProtoKey in project tink by google.

the class KeysetManager method add.

/**
 * Adds the input {@link KeyHandle} to the existing keyset. The KeyStatusType and key ID of the
 * {@link KeyHandle} are used as-is in the keyset.
 *
 * @throws UnsupportedOperationException if the {@link KeyHandle} contains a {@link TinkKey} which
 *     is not a {@link ProtoKey}.
 * @throws GeneralSecurityException if the {@link KeyHandle}'s key ID collides with another key ID
 *     in the keyset.
 */
public synchronized KeysetManager add(KeyHandle keyHandle) throws GeneralSecurityException {
    ProtoKey pkey;
    try {
        pkey = (ProtoKey) keyHandle.getKey(SecretKeyAccess.insecureSecretAccess());
    } catch (ClassCastException e) {
        throw new UnsupportedOperationException("KeyHandles which contain TinkKeys that are not ProtoKeys are not yet supported.", e);
    }
    if (keyIdExists(keyHandle.getId())) {
        throw new GeneralSecurityException("Trying to add a key with an ID already contained in the keyset.");
    }
    keysetBuilder.addKey(Keyset.Key.newBuilder().setKeyData(pkey.getProtoKey()).setKeyId(keyHandle.getId()).setStatus(KeyStatusTypeProtoConverter.toProto(keyHandle.getStatus())).setOutputPrefixType(KeyTemplate.toProto(pkey.getOutputPrefixType())).build());
    return this;
}

Example 10 with ProtoKey

use of com.google.crypto.tink.tinkkey.internal.ProtoKey in project tink by google.

the class KeyHandleTest method generateNew_generatesDifferentKeys.

@Test
public void generateNew_generatesDifferentKeys() throws Exception {
    KeyTemplate template = KeyTemplates.get("AES128_EAX");
    Set<String> keys = new TreeSet<>();
    int numKeys = 2;
    for (int j = 0; j < numKeys; j++) {
        KeyHandle handle = KeyHandle.generateNew(template);
        ProtoKey protoKey = (ProtoKey) handle.getKey(SecretKeyAccess.insecureSecretAccess());
        KeyData keyData = protoKey.getProtoKey();
        AesEaxKey aesEaxKey = AesEaxKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
        keys.add(aesEaxKey.getKeyValue().toStringUtf8());
    }
    assertThat(keys).hasSize(numKeys);
}