• Home
• com.google.crypto.tink
• tink-android
• 1.11.0
• source code
• JwtPublicKeySignWrapper.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.google.crypto.tink.jwt.JwtPublicKeySignWrapper Maven / Gradle / Ivy

// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////

package com.google.crypto.tink.jwt;

import com.google.crypto.tink.PrimitiveSet;
import com.google.crypto.tink.PrimitiveWrapper;
import com.google.crypto.tink.Registry;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.errorprone.annotations.Immutable;
import java.security.GeneralSecurityException;
import java.util.List;
import java.util.Optional;

/**
 * The implementation of {@code PrimitiveWrapper}.
 *
 * 
The returned primitive works with a keyset (rather than a single key). To sign a message, it
 * uses the primary key in the keyset, and prepends to the signature a certain prefix associated
 * with the primary key.
 */
class JwtPublicKeySignWrapper
    implements PrimitiveWrapper {

  private static final JwtPublicKeySignWrapper WRAPPER = new JwtPublicKeySignWrapper();

  private static void validate(PrimitiveSet primitiveSet)
      throws GeneralSecurityException {
    if (primitiveSet.getPrimary() == null) {
      throw new GeneralSecurityException("Primitive set has no primary.");
    }
    for (List> entries : primitiveSet.getAll()) {
      for (PrimitiveSet.Entry entry : entries) {
        if ((entry.getOutputPrefixType() != OutputPrefixType.RAW)
            && (entry.getOutputPrefixType() != OutputPrefixType.TINK)) {
          throw new GeneralSecurityException("unsupported OutputPrefixType");
        }
      }
    }
  }

  @Immutable
  private static class WrappedJwtPublicKeySign implements JwtPublicKeySign {

    @SuppressWarnings("Immutable")
    private final PrimitiveSet primitives;

    public WrappedJwtPublicKeySign(final PrimitiveSet primitives) {
      this.primitives = primitives;
    }

    @Override
    public String signAndEncode(RawJwt token) throws GeneralSecurityException {
      PrimitiveSet.Entry entry = primitives.getPrimary();
      Optional kid = JwtFormat.getKid(entry.getKeyId(), entry.getOutputPrefixType());
      return primitives.getPrimary().getPrimitive().signAndEncodeWithKid(token, kid);
    }
  }

  JwtPublicKeySignWrapper() {}

  @Override
  public JwtPublicKeySign wrap(final PrimitiveSet primitives)
      throws GeneralSecurityException {
    validate(primitives);
    return new WrappedJwtPublicKeySign(primitives);
  }

  @Override
  public Class getPrimitiveClass() {
    return JwtPublicKeySign.class;
  }

  @Override
  public Class getInputPrimitiveClass() {
    return JwtPublicKeySignInternal.class;
  }

  /**
   * Register the wrapper within the registry.
   *
   * 
This is required for calls to {@link Keyset.getPrimitive} with a {@link JwtPublicKeySign}
   * argument.
   */
  public static void register() throws GeneralSecurityException {
    Registry.registerPrimitiveWrapper(WRAPPER);
  }
}