def test_generate_compute_verify_signature(self):
keyset_servicer = services.KeysetServicer()
jwt_servicer = jwt_service.JwtServicer()
template = jwt.jwt_es256_template().SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
private_keyset = gen_response.keyset
comp_request = testing_api_pb2.JwtSignRequest(keyset=private_keyset)
comp_request.raw_jwt.issuer.value = 'issuer'
comp_request.raw_jwt.subject.value = 'subject'
comp_request.raw_jwt.custom_claims['myclaim'].bool_value = True
comp_response = jwt_servicer.PublicKeySignAndEncode(comp_request, self._ctx)
self.assertEqual(comp_response.WhichOneof('result'), 'signed_compact_jwt')
signed_compact_jwt = comp_response.signed_compact_jwt
pub_request = testing_api_pb2.KeysetPublicRequest(
private_keyset=private_keyset)
pub_response = keyset_servicer.Public(pub_request, self._ctx)
self.assertEqual(pub_response.WhichOneof('result'), 'public_keyset')
public_keyset = pub_response.public_keyset
verify_request = testing_api_pb2.JwtVerifyRequest(
keyset=public_keyset, signed_compact_jwt=signed_compact_jwt)
verify_request.validator.expected_issuer.value = 'issuer'
verify_request.validator.expected_subject.value = 'subject'
verify_request.validator.allow_missing_expiration = True
verify_response = jwt_servicer.PublicKeyVerifyAndDecode(
verify_request, self._ctx)
self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt')
self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer')
def test_sign_verify_fail(self):
keyset_servicer = services.KeysetServicer()
signature_servicer = services.SignatureServicer()
template = signature.signature_key_templates.ECDSA_P256.SerializeToString(
)
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
self.assertEmpty(gen_response.err)
private_keyset = gen_response.keyset
pub_request = testing_api_pb2.KeysetPublicRequest(
private_keyset=private_keyset)
pub_response = keyset_servicer.Public(pub_request, self._ctx)
self.assertEqual(pub_response.WhichOneof('result'), 'public_keyset')
public_keyset = pub_response.public_keyset
invalid_request = testing_api_pb2.SignatureVerifyRequest(
public_keyset=public_keyset,
signature=b'invalid signature',
data=b'The quick brown fox jumps over the lazy dog')
invalid_response = signature_servicer.Verify(invalid_request,
self._ctx)
self.assertNotEmpty(invalid_response.err)
def test_generate_hybrid_encrypt_decrypt(self):
keyset_servicer = services.KeysetServicer()
hybrid_servicer = services.HybridServicer()
tp = hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM
template = tp.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEmpty(gen_response.err)
private_keyset = gen_response.keyset
pub_request = testing_api_pb2.KeysetPublicRequest(
private_keyset=private_keyset)
pub_response = keyset_servicer.Public(pub_request, self._ctx)
self.assertEqual(pub_response.WhichOneof('result'), 'public_keyset')
public_keyset = pub_response.public_keyset
plaintext = b'The quick brown fox jumps over the lazy dog'
context_info = b'context_info'
enc_request = testing_api_pb2.HybridEncryptRequest(
public_keyset=public_keyset,
plaintext=plaintext,
context_info=context_info)
enc_response = hybrid_servicer.Encrypt(enc_request, self._ctx)
self.assertEqual(enc_response.WhichOneof('result'), 'ciphertext')
ciphertext = enc_response.ciphertext
dec_request = testing_api_pb2.HybridDecryptRequest(
private_keyset=private_keyset,
ciphertext=ciphertext,
context_info=context_info)
dec_response = hybrid_servicer.Decrypt(dec_request, self._ctx)
self.assertEqual(dec_response.WhichOneof('result'), 'plaintext')
self.assertEqual(dec_response.plaintext, plaintext)
def public_keyset(stub: testing_api_pb2_grpc.KeysetStub,
private_keyset: bytes) -> bytes:
request = testing_api_pb2.KeysetPublicRequest(private_keyset=private_keyset)
response = stub.Public(request)
if response.err:
raise tink.TinkError(response.err)
return response.public_keyset
def public_keyset_handle(
stub: testing_api_pb2_grpc.KeysetStub,
private_keyset_handle: tink.KeysetHandle) -> tink.KeysetHandle:
request = testing_api_pb2.KeysetPublicRequest(
private_keyset=_keyset(private_keyset_handle))
response = stub.Public(request)
if response.err:
raise tink.TinkError(response.err)
return cleartext_keyset_handle.read(
tink.BinaryKeysetReader(response.public_keyset))
