Merge pull request #6667 from freddyaott/master
[BAEL-2767] Guide to Google Tink
This commit is contained in:
commit
d958ee9e03
|
@ -32,6 +32,12 @@
|
||||||
<version>${scribejava.version}</version>
|
<version>${scribejava.version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.google.crypto.tink</groupId>
|
||||||
|
<artifactId>tink</artifactId>
|
||||||
|
<version>${tink.version}</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>junit</groupId>
|
<groupId>junit</groupId>
|
||||||
<artifactId>junit</artifactId>
|
<artifactId>junit</artifactId>
|
||||||
|
@ -55,6 +61,7 @@
|
||||||
<scribejava.version>5.6.0</scribejava.version>
|
<scribejava.version>5.6.0</scribejava.version>
|
||||||
<spring-security-oauth2.version>2.3.3.RELEASE</spring-security-oauth2.version>
|
<spring-security-oauth2.version>2.3.3.RELEASE</spring-security-oauth2.version>
|
||||||
<passay.version>1.3.1</passay.version>
|
<passay.version>1.3.1</passay.version>
|
||||||
|
<tink.version>1.2.2</tink.version>
|
||||||
<cryptacular.version>1.2.2</cryptacular.version>
|
<cryptacular.version>1.2.2</cryptacular.version>
|
||||||
</properties>
|
</properties>
|
||||||
</project>
|
</project>
|
||||||
|
|
|
@ -0,0 +1,101 @@
|
||||||
|
package com.baeldung.tink;
|
||||||
|
|
||||||
|
import com.google.crypto.tink.*;
|
||||||
|
import com.google.crypto.tink.aead.AeadConfig;
|
||||||
|
import com.google.crypto.tink.aead.AeadFactory;
|
||||||
|
import com.google.crypto.tink.aead.AeadKeyTemplates;
|
||||||
|
import com.google.crypto.tink.config.TinkConfig;
|
||||||
|
import com.google.crypto.tink.hybrid.HybridDecryptFactory;
|
||||||
|
import com.google.crypto.tink.hybrid.HybridEncryptFactory;
|
||||||
|
import com.google.crypto.tink.hybrid.HybridKeyTemplates;
|
||||||
|
import com.google.crypto.tink.mac.MacFactory;
|
||||||
|
import com.google.crypto.tink.mac.MacKeyTemplates;
|
||||||
|
import com.google.crypto.tink.signature.PublicKeySignFactory;
|
||||||
|
import com.google.crypto.tink.signature.PublicKeyVerifyFactory;
|
||||||
|
import com.google.crypto.tink.signature.SignatureKeyTemplates;
|
||||||
|
import org.junit.Assert;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
|
import java.security.GeneralSecurityException;
|
||||||
|
|
||||||
|
public class TinkUnitTest {
|
||||||
|
|
||||||
|
private static final String PLAINTEXT = "BAELDUNG";
|
||||||
|
private static final String DATA = "TINK";
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void givenPlaintext_whenEncryptWithAead_thenPlaintextIsEncrypted() throws GeneralSecurityException {
|
||||||
|
|
||||||
|
AeadConfig.register();
|
||||||
|
|
||||||
|
KeysetHandle keysetHandle = KeysetHandle.generateNew(
|
||||||
|
AeadKeyTemplates.AES256_GCM);
|
||||||
|
|
||||||
|
Aead aead = AeadFactory.getPrimitive(keysetHandle);
|
||||||
|
|
||||||
|
byte[] ciphertext = aead.encrypt(PLAINTEXT.getBytes(),
|
||||||
|
DATA.getBytes());
|
||||||
|
|
||||||
|
Assert.assertNotEquals(PLAINTEXT, new String(ciphertext));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void givenData_whenComputeMAC_thenVerifyMAC() throws GeneralSecurityException {
|
||||||
|
|
||||||
|
TinkConfig.register();
|
||||||
|
|
||||||
|
KeysetHandle keysetHandle = KeysetHandle.generateNew(
|
||||||
|
MacKeyTemplates.HMAC_SHA256_128BITTAG);
|
||||||
|
|
||||||
|
Mac mac = MacFactory.getPrimitive(keysetHandle);
|
||||||
|
|
||||||
|
byte[] tag = mac.computeMac(DATA.getBytes());
|
||||||
|
|
||||||
|
mac.verifyMac(tag, DATA.getBytes());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void givenData_whenSignData_thenVerifySignature() throws GeneralSecurityException {
|
||||||
|
|
||||||
|
TinkConfig.register();
|
||||||
|
|
||||||
|
KeysetHandle privateKeysetHandle = KeysetHandle.generateNew(
|
||||||
|
SignatureKeyTemplates.ECDSA_P256);
|
||||||
|
|
||||||
|
PublicKeySign signer = PublicKeySignFactory.getPrimitive(privateKeysetHandle);
|
||||||
|
|
||||||
|
byte[] signature = signer.sign(DATA.getBytes());
|
||||||
|
|
||||||
|
KeysetHandle publicKeysetHandle =
|
||||||
|
privateKeysetHandle.getPublicKeysetHandle();
|
||||||
|
|
||||||
|
PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(publicKeysetHandle);
|
||||||
|
|
||||||
|
verifier.verify(signature, DATA.getBytes());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void givenPlaintext_whenEncryptWithHybridEncryption_thenVerifyDecryptedIsEqual() throws GeneralSecurityException {
|
||||||
|
|
||||||
|
TinkConfig.register();
|
||||||
|
|
||||||
|
KeysetHandle privateKeysetHandle = KeysetHandle.generateNew(
|
||||||
|
HybridKeyTemplates.ECIES_P256_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256);
|
||||||
|
|
||||||
|
KeysetHandle publicKeysetHandle = privateKeysetHandle.getPublicKeysetHandle();
|
||||||
|
|
||||||
|
HybridEncrypt hybridEncrypt = HybridEncryptFactory.getPrimitive(publicKeysetHandle);
|
||||||
|
|
||||||
|
HybridDecrypt hybridDecrypt = HybridDecryptFactory.getPrimitive(privateKeysetHandle);
|
||||||
|
|
||||||
|
String contextInfo = "Tink";
|
||||||
|
|
||||||
|
byte[] ciphertext = hybridEncrypt.encrypt(PLAINTEXT.getBytes(), contextInfo.getBytes());
|
||||||
|
|
||||||
|
byte[] plaintextDecrypted = hybridDecrypt.decrypt(ciphertext, contextInfo.getBytes());
|
||||||
|
|
||||||
|
Assert.assertEquals(PLAINTEXT,new String(plaintextDecrypted));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue