def test_generate_compute_verify_mac(self):
keyset_servicer = services.KeysetServicer()
jwt_servicer = jwt_service.JwtServicer()
template = jwt.jwt_hs256_template().SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
keyset = gen_response.keyset
comp_request = testing_api_pb2.JwtSignRequest(keyset=keyset)
comp_request.raw_jwt.issuer.value = 'issuer'
comp_request.raw_jwt.subject.value = 'subject'
comp_request.raw_jwt.custom_claims['myclaim'].bool_value = True
comp_request.raw_jwt.expiration.seconds = 1334
comp_request.raw_jwt.expiration.nanos = 123000000
comp_response = jwt_servicer.ComputeMacAndEncode(comp_request, self._ctx)
self.assertEqual(comp_response.WhichOneof('result'), 'signed_compact_jwt')
signed_compact_jwt = comp_response.signed_compact_jwt
verify_request = testing_api_pb2.JwtVerifyRequest(
keyset=keyset, signed_compact_jwt=signed_compact_jwt)
verify_request.validator.expected_issuer.value = 'issuer'
verify_request.validator.expected_subject.value = 'subject'
verify_request.validator.now.seconds = 1234
verify_response = jwt_servicer.VerifyMacAndDecode(verify_request, self._ctx)
self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt')
self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer')
self.assertEqual(verify_response.verified_jwt.subject.value, 'subject')
self.assertEqual(verify_response.verified_jwt.expiration.seconds, 1334)
self.assertEqual(verify_response.verified_jwt.expiration.nanos, 0)
def test_generate_compute_verify_mac_without_expiration(self):
keyset_servicer = services.KeysetServicer()
jwt_servicer = jwt_service.JwtServicer()
template = jwt.jwt_hs256_template().SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
keyset = gen_response.keyset
comp_request = testing_api_pb2.JwtSignRequest(keyset=keyset)
comp_request.raw_jwt.issuer.value = 'issuer'
comp_response = jwt_servicer.ComputeMacAndEncode(
comp_request, self._ctx)
self.assertEqual(comp_response.WhichOneof('result'),
'signed_compact_jwt')
signed_compact_jwt = comp_response.signed_compact_jwt
verify_request = testing_api_pb2.JwtVerifyRequest(
keyset=keyset, signed_compact_jwt=signed_compact_jwt)
verify_request.validator.expected_issuer.value = 'issuer'
verify_request.validator.allow_missing_expiration = True
verify_response = jwt_servicer.VerifyMacAndDecode(
verify_request, self._ctx)
print(verify_response.err)
self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt')
self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer')
def test_generate_encrypt_decrypt_deterministically(self):
keyset_servicer = services.KeysetServicer()
daead_servicer = services.DeterministicAeadServicer()
template_proto = daead.deterministic_aead_key_templates.AES256_SIV
template = template_proto.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
keyset = gen_response.keyset
plaintext = b'The quick brown fox jumps over the lazy dog'
associated_data = b'associated_data'
enc_request = testing_api_pb2.DeterministicAeadEncryptRequest(
keyset=keyset,
plaintext=plaintext,
associated_data=associated_data)
enc_response = daead_servicer.EncryptDeterministically(
enc_request, self._ctx)
self.assertEqual(enc_response.WhichOneof('result'), 'ciphertext')
enc_response2 = daead_servicer.EncryptDeterministically(
enc_request, self._ctx)
self.assertEqual(enc_response2.WhichOneof('result'), 'ciphertext')
self.assertEqual(enc_response2.ciphertext, enc_response.ciphertext)
ciphertext = enc_response.ciphertext
dec_request = testing_api_pb2.DeterministicAeadDecryptRequest(
keyset=keyset,
ciphertext=ciphertext,
associated_data=associated_data)
dec_response = daead_servicer.DecryptDeterministically(
dec_request, self._ctx)
self.assertEqual(dec_response.WhichOneof('result'), 'plaintext')
self.assertEqual(dec_response.plaintext, plaintext)
def test_compute_prf(self):
keyset_servicer = services.KeysetServicer()
prf_set_servicer = services.PrfSetServicer()
template = prf.prf_key_templates.HMAC_SHA256.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
keyset = gen_response.keyset
key_ids_request = testing_api_pb2.PrfSetKeyIdsRequest(keyset=keyset)
key_ids_response = prf_set_servicer.KeyIds(key_ids_request, self._ctx)
self.assertEqual(key_ids_response.WhichOneof('result'), 'output')
self.assertLen(key_ids_response.output.key_id, 1)
self.assertEqual(key_ids_response.output.key_id[0],
key_ids_response.output.primary_key_id)
output_length = 31
compute_request = testing_api_pb2.PrfSetComputeRequest(
keyset=keyset,
key_id=key_ids_response.output.primary_key_id,
input_data=b'input_data',
output_length=output_length)
compute_response = prf_set_servicer.Compute(compute_request, self._ctx)
self.assertEqual(compute_response.WhichOneof('result'), 'output')
self.assertLen(compute_response.output, output_length)
def test_generate_keyset_write_read_encrypted(self):
keyset_servicer = services.KeysetServicer()
template = aead.aead_key_templates.AES128_GCM.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
master_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(master_response.WhichOneof('result'), 'keyset')
master_keyset = master_response.keyset
keyset_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(keyset_response.WhichOneof('result'), 'keyset')
keyset = keyset_response.keyset
write_encrypted_request = testing_api_pb2.KeysetWriteEncryptedRequest(
keyset=keyset, master_keyset=master_keyset)
write_encrypted_response = keyset_servicer.WriteEncrypted(
write_encrypted_request, self._ctx)
self.assertEqual(write_encrypted_response.WhichOneof('result'),
'encrypted_keyset')
encrypted_keyset = write_encrypted_response.encrypted_keyset
read_encrypted_request = testing_api_pb2.KeysetReadEncryptedRequest(
encrypted_keyset=encrypted_keyset, master_keyset=master_keyset)
read_encrypted_response = keyset_servicer.ReadEncrypted(
read_encrypted_request, self._ctx)
self.assertEqual(read_encrypted_response.WhichOneof('result'),
'keyset')
self.assertEqual(read_encrypted_response.keyset, keyset)
def test_generate_streaming_encrypt_decrypt(self):
keyset_servicer = services.KeysetServicer()
streaming_aead_servicer = services.StreamingAeadServicer()
templates = streaming_aead.streaming_aead_key_templates
template = templates.AES128_CTR_HMAC_SHA256_4KB.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
keyset = gen_response.keyset
plaintext = b'The quick brown fox jumps over the lazy dog'
associated_data = b'associated_data'
enc_request = testing_api_pb2.StreamingAeadEncryptRequest(
keyset=keyset,
plaintext=plaintext,
associated_data=associated_data)
enc_response = streaming_aead_servicer.Encrypt(enc_request, self._ctx)
self.assertEqual(enc_response.WhichOneof('result'), 'ciphertext')
ciphertext = enc_response.ciphertext
dec_request = testing_api_pb2.StreamingAeadDecryptRequest(
keyset=keyset,
ciphertext=ciphertext,
associated_data=associated_data)
dec_response = streaming_aead_servicer.Decrypt(dec_request, self._ctx)
self.assertEqual(dec_response.WhichOneof('result'), 'plaintext')
self.assertEqual(dec_response.plaintext, plaintext)
def test_generate_compute_verify_signature(self):
keyset_servicer = services.KeysetServicer()
jwt_servicer = jwt_service.JwtServicer()
template = jwt.jwt_es256_template().SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
private_keyset = gen_response.keyset
comp_request = testing_api_pb2.JwtSignRequest(keyset=private_keyset)
comp_request.raw_jwt.issuer.value = 'issuer'
comp_request.raw_jwt.subject.value = 'subject'
comp_request.raw_jwt.custom_claims['myclaim'].bool_value = True
comp_response = jwt_servicer.PublicKeySignAndEncode(comp_request, self._ctx)
self.assertEqual(comp_response.WhichOneof('result'), 'signed_compact_jwt')
signed_compact_jwt = comp_response.signed_compact_jwt
pub_request = testing_api_pb2.KeysetPublicRequest(
private_keyset=private_keyset)
pub_response = keyset_servicer.Public(pub_request, self._ctx)
self.assertEqual(pub_response.WhichOneof('result'), 'public_keyset')
public_keyset = pub_response.public_keyset
verify_request = testing_api_pb2.JwtVerifyRequest(
keyset=public_keyset, signed_compact_jwt=signed_compact_jwt)
verify_request.validator.expected_issuer.value = 'issuer'
verify_request.validator.expected_subject.value = 'subject'
verify_request.validator.allow_missing_expiration = True
verify_response = jwt_servicer.PublicKeyVerifyAndDecode(
verify_request, self._ctx)
self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt')
self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer')
def test_sign_verify_fail(self):
keyset_servicer = services.KeysetServicer()
signature_servicer = services.SignatureServicer()
template = signature.signature_key_templates.ECDSA_P256.SerializeToString(
)
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
self.assertEmpty(gen_response.err)
private_keyset = gen_response.keyset
pub_request = testing_api_pb2.KeysetPublicRequest(
private_keyset=private_keyset)
pub_response = keyset_servicer.Public(pub_request, self._ctx)
self.assertEqual(pub_response.WhichOneof('result'), 'public_keyset')
public_keyset = pub_response.public_keyset
invalid_request = testing_api_pb2.SignatureVerifyRequest(
public_keyset=public_keyset,
signature=b'invalid signature',
data=b'The quick brown fox jumps over the lazy dog')
invalid_response = signature_servicer.Verify(invalid_request,
self._ctx)
self.assertNotEmpty(invalid_response.err)
def test_generate_hybrid_encrypt_decrypt(self):
keyset_servicer = services.KeysetServicer()
hybrid_servicer = services.HybridServicer()
tp = hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM
template = tp.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEmpty(gen_response.err)
private_keyset = gen_response.keyset
pub_request = testing_api_pb2.KeysetPublicRequest(
private_keyset=private_keyset)
pub_response = keyset_servicer.Public(pub_request, self._ctx)
self.assertEqual(pub_response.WhichOneof('result'), 'public_keyset')
public_keyset = pub_response.public_keyset
plaintext = b'The quick brown fox jumps over the lazy dog'
context_info = b'context_info'
enc_request = testing_api_pb2.HybridEncryptRequest(
public_keyset=public_keyset,
plaintext=plaintext,
context_info=context_info)
enc_response = hybrid_servicer.Encrypt(enc_request, self._ctx)
self.assertEqual(enc_response.WhichOneof('result'), 'ciphertext')
ciphertext = enc_response.ciphertext
dec_request = testing_api_pb2.HybridDecryptRequest(
private_keyset=private_keyset,
ciphertext=ciphertext,
context_info=context_info)
dec_response = hybrid_servicer.Decrypt(dec_request, self._ctx)
self.assertEqual(dec_response.WhichOneof('result'), 'plaintext')
self.assertEqual(dec_response.plaintext, plaintext)
def new_keyset(stub: testing_api_pb2_grpc.KeysetStub,
key_template: tink_pb2.KeyTemplate) -> bytes:
gen_request = testing_api_pb2.KeysetGenerateRequest(
template=key_template.SerializeToString())
gen_response = stub.Generate(gen_request)
if gen_response.err:
raise tink.TinkError(gen_response.err)
return gen_response.keyset
def new_keyset_handle(stub: testing_api_pb2_grpc.KeysetStub,
key_template: tink_pb2.KeyTemplate) -> tink.KeysetHandle:
gen_request = testing_api_pb2.KeysetGenerateRequest(
template=key_template.SerializeToString())
gen_response = stub.Generate(gen_request)
if gen_response.err:
raise tink.TinkError(gen_response.err)
return cleartext_keyset_handle.read(
tink.BinaryKeysetReader(gen_response.keyset))
def test_keyset_write_encrypted_fails_when_keyset_is_invalid(self):
keyset_servicer = services.KeysetServicer()
template = aead.aead_key_templates.AES128_GCM.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
master_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(master_response.WhichOneof('result'), 'keyset')
master_keyset = master_response.keyset
write_encrypted_request = testing_api_pb2.KeysetWriteEncryptedRequest(
keyset=b'invalid', master_keyset=master_keyset)
write_encrypted_response = keyset_servicer.WriteEncrypted(
write_encrypted_request, self._ctx)
self.assertEqual(write_encrypted_response.WhichOneof('result'), 'err')
def test_generate_compute_verify_mac_fail(self):
keyset_servicer = services.KeysetServicer()
mac_servicer = services.MacServicer()
template = mac.mac_key_templates.HMAC_SHA256_128BITTAG.SerializeToString(
)
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
keyset = gen_response.keyset
verify_request = testing_api_pb2.VerifyMacRequest(
keyset=keyset, mac_value=b'invalid mac_value', data=b'data')
verify_response = mac_servicer.VerifyMac(verify_request, self._ctx)
self.assertNotEmpty(verify_response.err)
def test_keyset_read_encrypted_fails_when_encrypted_keyset_is_invalid(
self):
keyset_servicer = services.KeysetServicer()
template = aead.aead_key_templates.AES128_GCM.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
master_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(master_response.WhichOneof('result'), 'keyset')
master_keyset = master_response.keyset
read_encrypted_request = testing_api_pb2.KeysetReadEncryptedRequest(
encrypted_keyset=b'invalid',
master_keyset=master_keyset,
keyset_reader_type=testing_api_pb2.KEYSET_READER_BINARY)
read_encrypted_response = keyset_servicer.ReadEncrypted(
read_encrypted_request, self._ctx)
self.assertEqual(read_encrypted_response.WhichOneof('result'), 'err')
def test_generate_keyset_write_read_encrypted_with_associated_data(self):
keyset_servicer = services.KeysetServicer()
template = aead.aead_key_templates.AES128_GCM.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
master_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(master_response.WhichOneof('result'), 'keyset')
master_keyset = master_response.keyset
keyset_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(keyset_response.WhichOneof('result'), 'keyset')
keyset = keyset_response.keyset
associated_data = b'associated_data'
write_encrypted_request = testing_api_pb2.KeysetWriteEncryptedRequest(
keyset=keyset,
master_keyset=master_keyset,
associated_data=testing_api_pb2.BytesValue(value=associated_data),
keyset_writer_type=testing_api_pb2.KEYSET_WRITER_BINARY)
write_encrypted_response = keyset_servicer.WriteEncrypted(
write_encrypted_request, self._ctx)
self.assertEqual(write_encrypted_response.WhichOneof('result'),
'encrypted_keyset')
encrypted_keyset = write_encrypted_response.encrypted_keyset
read_encrypted_request = testing_api_pb2.KeysetReadEncryptedRequest(
encrypted_keyset=encrypted_keyset,
master_keyset=master_keyset,
associated_data=testing_api_pb2.BytesValue(value=associated_data),
keyset_reader_type=testing_api_pb2.KEYSET_READER_BINARY)
read_encrypted_response = keyset_servicer.ReadEncrypted(
read_encrypted_request, self._ctx)
self.assertEqual(read_encrypted_response.WhichOneof('result'),
'keyset')
self.assertEqual(read_encrypted_response.keyset, keyset)
# Using the wrong associated_data fails
read_encrypted_request = testing_api_pb2.KeysetReadEncryptedRequest(
encrypted_keyset=encrypted_keyset,
master_keyset=master_keyset,
associated_data=testing_api_pb2.BytesValue(value=b'wrong ad'),
keyset_reader_type=testing_api_pb2.KEYSET_READER_BINARY)
read_encrypted_response = keyset_servicer.ReadEncrypted(
read_encrypted_request, self._ctx)
self.assertEqual(read_encrypted_response.WhichOneof('result'), 'err')
def test_generate_decrypt_fail(self):
keyset_servicer = services.KeysetServicer()
aead_servicer = services.AeadServicer()
template = aead.aead_key_templates.AES128_GCM.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
keyset = gen_response.keyset
ciphertext = b'some invalid ciphertext'
associated_data = b'associated_data'
dec_request = testing_api_pb2.AeadDecryptRequest(
keyset=keyset, ciphertext=ciphertext, associated_data=associated_data)
dec_response = aead_servicer.Decrypt(dec_request, self._ctx)
self.assertEqual(dec_response.WhichOneof('result'), 'err')
logging.info('Error in response: %s', dec_response.err)
self.assertNotEmpty(dec_response.err)
def test_generate_compute_verify_mac(self):
keyset_servicer = services.KeysetServicer()
mac_servicer = services.MacServicer()
template = mac.mac_key_templates.HMAC_SHA256_128BITTAG.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
keyset = gen_response.keyset
data = b'The quick brown fox jumps over the lazy dog'
comp_request = testing_api_pb2.ComputeMacRequest(keyset=keyset, data=data)
comp_response = mac_servicer.ComputeMac(comp_request, self._ctx)
self.assertEqual(comp_response.WhichOneof('result'), 'mac_value')
mac_value = comp_response.mac_value
verify_request = testing_api_pb2.VerifyMacRequest(
keyset=keyset, mac_value=mac_value, data=data)
verify_response = mac_servicer.VerifyMac(verify_request, self._ctx)
self.assertEmpty(verify_response.err)
def test_generate_hybrid_encrypt_decrypt_fail(self):
keyset_servicer = services.KeysetServicer()
hybrid_servicer = services.HybridServicer()
tp = hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM
template = tp.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
private_keyset = gen_response.keyset
dec_request = testing_api_pb2.HybridDecryptRequest(
private_keyset=private_keyset,
ciphertext=b'invalid ciphertext',
context_info=b'context_info')
dec_response = hybrid_servicer.Decrypt(dec_request, self._ctx)
self.assertEqual(dec_response.WhichOneof('result'), 'err')
self.assertNotEmpty(dec_response.err)
def test_generate_to_from_json(self):
keyset_servicer = services.KeysetServicer()
template = aead.aead_key_templates.AES128_GCM.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
keyset = gen_response.keyset
tojson_request = testing_api_pb2.KeysetToJsonRequest(keyset=keyset)
tojson_response = keyset_servicer.ToJson(tojson_request, self._ctx)
self.assertEqual(tojson_response.WhichOneof('result'), 'json_keyset')
json_keyset = tojson_response.json_keyset
fromjson_request = testing_api_pb2.KeysetFromJsonRequest(
json_keyset=json_keyset)
fromjson_response = keyset_servicer.FromJson(fromjson_request, self._ctx)
self.assertEqual(fromjson_response.WhichOneof('result'), 'keyset')
self.assertEqual(fromjson_response.keyset, keyset)
def test_generate_streaming_decrypt_fail(self):
keyset_servicer = services.KeysetServicer()
streaming_aead_servicer = services.StreamingAeadServicer()
templates = streaming_aead.streaming_aead_key_templates
template = templates.AES128_CTR_HMAC_SHA256_4KB.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
keyset = gen_response.keyset
ciphertext = b'some invalid ciphertext'
associated_data = b'associated_data'
dec_request = testing_api_pb2.StreamingAeadDecryptRequest(
keyset=keyset,
ciphertext=ciphertext,
associated_data=associated_data)
dec_response = streaming_aead_servicer.Decrypt(dec_request, self._ctx)
self.assertEqual(dec_response.WhichOneof('result'), 'err')
self.assertNotEmpty(dec_response.err)
def test_generate_decrypt_deterministically_fail(self):
keyset_servicer = services.KeysetServicer()
daead_servicer = services.DeterministicAeadServicer()
template_proto = daead.deterministic_aead_key_templates.AES256_SIV
template = template_proto.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
keyset = gen_response.keyset
ciphertext = b'some invalid ciphertext'
associated_data = b'associated_data'
dec_request = testing_api_pb2.DeterministicAeadDecryptRequest(
keyset=keyset,
ciphertext=ciphertext,
associated_data=associated_data)
dec_response = daead_servicer.DecryptDeterministically(
dec_request, self._ctx)
self.assertEqual(dec_response.WhichOneof('result'), 'err')
self.assertNotEmpty(dec_response.err)
def test_compute_prf_fail(self):
keyset_servicer = services.KeysetServicer()
prf_set_servicer = services.PrfSetServicer()
template = prf.prf_key_templates.HMAC_SHA256.SerializeToString()
gen_request = testing_api_pb2.KeysetGenerateRequest(template=template)
gen_response = keyset_servicer.Generate(gen_request, self._ctx)
self.assertEqual(gen_response.WhichOneof('result'), 'keyset')
keyset = gen_response.keyset
key_ids_request = testing_api_pb2.PrfSetKeyIdsRequest(keyset=keyset)
key_ids_response = prf_set_servicer.KeyIds(key_ids_request, self._ctx)
self.assertEqual(key_ids_response.WhichOneof('result'), 'output')
primary_key_id = key_ids_response.output.primary_key_id
invalid_output_length = 123456
invalid_compute_request = testing_api_pb2.PrfSetComputeRequest(
keyset=keyset,
key_id=primary_key_id,
input_data=b'input_data',
output_length=invalid_output_length)
invalid_compute_response = prf_set_servicer.Compute(
invalid_compute_request, self._ctx)
self.assertEqual(invalid_compute_response.WhichOneof('result'), 'err')
self.assertNotEmpty(invalid_compute_response.err)
