def test_new_key_data(self):
key_template = self.new_jwt_hmac_key_template(common_pb2.SHA256, 32)
key_data = tink_pb2.KeyData()
key_data.ParseFromString(self.key_manager.new_key_data(key_template))
self.assertEqual(key_data.type_url, self.key_manager.key_type())
key = jwt_hmac_pb2.JwtHmacKey()
key.ParseFromString(key_data.value)
self.assertEqual(key.version, 0)
self.assertEqual(key.hash_type, common_pb2.SHA256)
self.assertLen(key.key_value, 32)
def _fixed_key_data() -> tink_pb2.KeyData:
# test example in https://tools.ietf.org/html/rfc7515#appendix-A.1.1
key_encoded = (b'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_'
b'T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow')
padded_key_encoded = key_encoded + b'=' * (-len(key_encoded) % 4)
key_value = base64.urlsafe_b64decode(padded_key_encoded)
jwt_hmac_key = jwt_hmac_pb2.JwtHmacKey(
version=0, algorithm=jwt_hmac_pb2.HS256, key_value=key_value)
return tink_pb2.KeyData(
type_url='type.googleapis.com/google.crypto.tink.JwtHmacKey',
key_material_type=tink_pb2.KeyData.SYMMETRIC,
value=jwt_hmac_key.SerializeToString())
def create_fixed_jwt_hmac() -> jwt.JwtMac:
# test example in https://tools.ietf.org/html/rfc7515#appendix-A.1.1
key_encoded = (b'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_'
b'T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow')
padded_key_encoded = key_encoded + b'=' * (-len(key_encoded) % 4)
key_value = base64.urlsafe_b64decode(padded_key_encoded)
jwt_hmac_key = jwt_hmac_pb2.JwtHmacKey(version=0,
hash_type=common_pb2.SHA256,
key_value=key_value)
key_data = tink_pb2.KeyData(
type_url='type.googleapis.com/google.crypto.tink.JwtHmacKey',
key_material_type=tink_pb2.KeyData.SYMMETRIC,
value=jwt_hmac_key.SerializeToString())
key_manager = _jwt_hmac_key_manager.MacCcToPyJwtMacKeyManager()
return key_manager.primitive(key_data)
def _keyset() -> bytes:
jwt_hmac_key = jwt_hmac_pb2.JwtHmacKey(
version=0,
algorithm=jwt_hmac_pb2.HS256,
key_value=base64.urlsafe_b64decode(KEY_VALUE))
keyset = tink_pb2.Keyset()
key = keyset.key.add()
key.key_data.type_url = ('type.googleapis.com/google.crypto.tink.JwtHmacKey')
key.key_data.value = jwt_hmac_key.SerializeToString()
key.key_data.key_material_type = tink_pb2.KeyData.SYMMETRIC
key.status = tink_pb2.ENABLED
key.key_id = 123
key.output_prefix_type = tink_pb2.RAW
keyset.primary_key_id = 123
return keyset.SerializeToString()