def main(argv): del argv # Unused. # Initialise Tink try: jwt.register_jwt_signature() except tink.TinkError as e: logging.exception('Error initialising Tink: %s', e) return 1 # Read the keyset into a KeysetHandle with open(FLAGS.keyset_path, 'rt') as keyset_file: try: text = keyset_file.read() keyset_handle = cleartext_keyset_handle.read( tink.JsonKeysetReader(text)) except tink.TinkError as e: logging.exception('Error reading keyset: %s', e) return 1 # Export Public Keyset as JWK set public_jwk_set = jwt.jwk_set_from_public_keyset_handle( keyset_handle.public_keyset_handle()) with open(FLAGS.public_jwk_set_path, 'wt') as public_jwk_set_file: public_jwk_set_file.write(public_jwk_set) logging.info('The public JWK set has been written to %s', FLAGS.public_jwk_set_path)
def main(argv): del argv # Unused. # Initialise Tink try: jwt.register_jwt_signature() except tink.TinkError as e: logging.exception('Error initialising Tink: %s', e) return 1 # Read the keyset into a KeysetHandle with open(_PUBLIC_KEYSET_PATH.value, 'rt') as keyset_file: try: text = keyset_file.read() public_keyset_handle = tink.read_no_secret_keyset_handle( tink.JsonKeysetReader(text)) except tink.TinkError as e: logging.exception('Error reading keyset: %s', e) return 1 # Export Public Keyset as JWK set public_jwk_set = jwt.jwk_set_from_public_keyset_handle( public_keyset_handle) with open(_PUBLIC_JWK_SET_PATH.value, 'wt') as public_jwk_set_file: public_jwk_set_file.write(public_jwk_set) logging.info('The public JWK set has been written to %s', _PUBLIC_JWK_SET_PATH.value)
def test_convert_jwk_set_to_public_keyset_handle_and_back(self, jwk_set): keyset_handle = jwt.jwk_set_to_public_keyset_handle(jwk_set) output_jwk_set = jwt.jwk_set_from_public_keyset_handle(keyset_handle) self.assertEqual(output_jwk_set, jwk_set) # check that all keys are raw. for key in keyset_handle._keyset.key: self.assertEqual(key.output_prefix_type, tink_pb2.RAW) # test deprecated to/from keyset_handle functions. self.assertEqual( jwt.jwk_set_from_keyset_handle(jwt.jwk_set_to_keyset_handle(jwk_set)), jwk_set)
def ToJwkSet( self, request: testing_api_pb2.JwtToJwkSetRequest, context: grpc.ServicerContext ) -> testing_api_pb2.JwtToJwkSetResponse: """Converts a Tink Keyset with JWT keys into a JWK set.""" try: keyset_handle = cleartext_keyset_handle.read( tink.BinaryKeysetReader(request.keyset)) jwk_set = jwt.jwk_set_from_public_keyset_handle(keyset_handle) return testing_api_pb2.JwtToJwkSetResponse(jwk_set=jwk_set) except tink.TinkError as e: return testing_api_pb2.JwtToJwkSetResponse(err=str(e))
def test_rsa_ssa_pss_with_unknown_property_keyset_handle_success(self): jwk_set = PS256_JWK_SET.replace(',"use":"sig"', ',"use":"sig","unknown":1234') keyset_handle = jwt.jwk_set_to_public_keyset_handle(jwk_set) output_jwk_set = jwt.jwk_set_from_public_keyset_handle(keyset_handle) self.assertEqual(output_jwk_set, PS256_JWK_SET)
def test_rsa_ssa_pss_without_use_and_key_ops_to_keyset_handle_success(self): jwk_set = PS256_JWK_SET.replace(',"use":"sig"', '').replace(',"key_ops":["verify"]', '') keyset_handle = jwt.jwk_set_to_public_keyset_handle(jwk_set) output_jwk_set = jwt.jwk_set_from_public_keyset_handle(keyset_handle) self.assertEqual(output_jwk_set, PS256_JWK_SET)
def test_from_private_keyset_fails(self): reader = tink.JsonKeysetReader(PRIVATEKEY_KEYSET) keyset_handle = cleartext_keyset_handle.read(reader) with self.assertRaises(tink.TinkError): jwt.jwk_set_from_public_keyset_handle(keyset_handle)
def test_from_crunchy_ecdsa_keyset_fails(self, keyset): crunchy_keyset = keyset.replace('RAW', 'CRUNCHY') reader = tink.JsonKeysetReader(crunchy_keyset) keyset_handle = cleartext_keyset_handle.read(reader) with self.assertRaises(tink.TinkError): jwt.jwk_set_from_public_keyset_handle(keyset_handle)
def test_primary_key_id_missing_success(self): keyset = ES256_KEYSET.replace('"primaryKeyId":282600252,', '') reader = tink.JsonKeysetReader(keyset) keyset_handle = cleartext_keyset_handle.read(reader) jwk_set = jwt.jwk_set_from_public_keyset_handle(keyset_handle) self.assertEqual(jwk_set, ES256_JWK_SET)
def test_es_conserves_empty_kid(self): jwk_set_with_empty_kid = ES256_JWK_SET_KID.replace('"ENgjPA"', '""') keyset_handle = jwt.jwk_set_to_public_keyset_handle(jwk_set_with_empty_kid) output_jwk_set = jwt.jwk_set_from_public_keyset_handle(keyset_handle) self.assertEqual(output_jwk_set, jwk_set_with_empty_kid)
def test_convert_from_jwt_key(self, tink_keyset, expected_jwk_set): reader = tink.JsonKeysetReader(tink_keyset) keyset_handle = cleartext_keyset_handle.read(reader) jwk_set = jwt.jwk_set_from_public_keyset_handle(keyset_handle) self.assertEqual(jwk_set, expected_jwk_set)