def test_generate_compute_verify_signature(self): keyset_servicer = services.KeysetServicer() jwt_servicer = jwt_service.JwtServicer() template = jwt.jwt_es256_template().SerializeToString() gen_request = testing_api_pb2.KeysetGenerateRequest(template=template) gen_response = keyset_servicer.Generate(gen_request, self._ctx) self.assertEqual(gen_response.WhichOneof('result'), 'keyset') private_keyset = gen_response.keyset comp_request = testing_api_pb2.JwtSignRequest(keyset=private_keyset) comp_request.raw_jwt.issuer.value = 'issuer' comp_request.raw_jwt.subject.value = 'subject' comp_request.raw_jwt.custom_claims['myclaim'].bool_value = True comp_response = jwt_servicer.PublicKeySignAndEncode(comp_request, self._ctx) self.assertEqual(comp_response.WhichOneof('result'), 'signed_compact_jwt') signed_compact_jwt = comp_response.signed_compact_jwt pub_request = testing_api_pb2.KeysetPublicRequest( private_keyset=private_keyset) pub_response = keyset_servicer.Public(pub_request, self._ctx) self.assertEqual(pub_response.WhichOneof('result'), 'public_keyset') public_keyset = pub_response.public_keyset verify_request = testing_api_pb2.JwtVerifyRequest( keyset=public_keyset, signed_compact_jwt=signed_compact_jwt) verify_request.validator.expected_issuer.value = 'issuer' verify_request.validator.expected_subject.value = 'subject' verify_request.validator.allow_missing_expiration = True verify_response = jwt_servicer.PublicKeyVerifyAndDecode( verify_request, self._ctx) self.assertEqual(verify_response.WhichOneof('result'), 'verified_jwt') self.assertEqual(verify_response.verified_jwt.issuer.value, 'issuer')
def test_sign_verify_fail(self): keyset_servicer = services.KeysetServicer() signature_servicer = services.SignatureServicer() template = signature.signature_key_templates.ECDSA_P256.SerializeToString( ) gen_request = testing_api_pb2.KeysetGenerateRequest(template=template) gen_response = keyset_servicer.Generate(gen_request, self._ctx) self.assertEqual(gen_response.WhichOneof('result'), 'keyset') self.assertEmpty(gen_response.err) private_keyset = gen_response.keyset pub_request = testing_api_pb2.KeysetPublicRequest( private_keyset=private_keyset) pub_response = keyset_servicer.Public(pub_request, self._ctx) self.assertEqual(pub_response.WhichOneof('result'), 'public_keyset') public_keyset = pub_response.public_keyset invalid_request = testing_api_pb2.SignatureVerifyRequest( public_keyset=public_keyset, signature=b'invalid signature', data=b'The quick brown fox jumps over the lazy dog') invalid_response = signature_servicer.Verify(invalid_request, self._ctx) self.assertNotEmpty(invalid_response.err)
def test_generate_hybrid_encrypt_decrypt(self): keyset_servicer = services.KeysetServicer() hybrid_servicer = services.HybridServicer() tp = hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM template = tp.SerializeToString() gen_request = testing_api_pb2.KeysetGenerateRequest(template=template) gen_response = keyset_servicer.Generate(gen_request, self._ctx) self.assertEmpty(gen_response.err) private_keyset = gen_response.keyset pub_request = testing_api_pb2.KeysetPublicRequest( private_keyset=private_keyset) pub_response = keyset_servicer.Public(pub_request, self._ctx) self.assertEqual(pub_response.WhichOneof('result'), 'public_keyset') public_keyset = pub_response.public_keyset plaintext = b'The quick brown fox jumps over the lazy dog' context_info = b'context_info' enc_request = testing_api_pb2.HybridEncryptRequest( public_keyset=public_keyset, plaintext=plaintext, context_info=context_info) enc_response = hybrid_servicer.Encrypt(enc_request, self._ctx) self.assertEqual(enc_response.WhichOneof('result'), 'ciphertext') ciphertext = enc_response.ciphertext dec_request = testing_api_pb2.HybridDecryptRequest( private_keyset=private_keyset, ciphertext=ciphertext, context_info=context_info) dec_response = hybrid_servicer.Decrypt(dec_request, self._ctx) self.assertEqual(dec_response.WhichOneof('result'), 'plaintext') self.assertEqual(dec_response.plaintext, plaintext)
def public_keyset(stub: testing_api_pb2_grpc.KeysetStub, private_keyset: bytes) -> bytes: request = testing_api_pb2.KeysetPublicRequest(private_keyset=private_keyset) response = stub.Public(request) if response.err: raise tink.TinkError(response.err) return response.public_keyset
def public_keyset_handle( stub: testing_api_pb2_grpc.KeysetStub, private_keyset_handle: tink.KeysetHandle) -> tink.KeysetHandle: request = testing_api_pb2.KeysetPublicRequest( private_keyset=_keyset(private_keyset_handle)) response = stub.Public(request) if response.err: raise tink.TinkError(response.err) return cleartext_keyset_handle.read( tink.BinaryKeysetReader(response.public_keyset))