diff --git a/crypto-v1-bc/src/main/java/net/aholbrook/paseto/crypto/v1/bc/BouncyCastleV1CryptoProvider.java b/crypto-v1-bc/src/main/java/net/aholbrook/paseto/crypto/v1/bc/BouncyCastleV1CryptoProvider.java index c9fe75b..a3581f8 100644 --- a/crypto-v1-bc/src/main/java/net/aholbrook/paseto/crypto/v1/bc/BouncyCastleV1CryptoProvider.java +++ b/crypto-v1-bc/src/main/java/net/aholbrook/paseto/crypto/v1/bc/BouncyCastleV1CryptoProvider.java @@ -1,6 +1,6 @@ package net.aholbrook.paseto.crypto.v1.bc; -import net.aholbrook.paseto.crypto.KeyPair; +import net.aholbrook.paseto.crypto.Pair; import net.aholbrook.paseto.crypto.exception.CryptoProviderException; import net.aholbrook.paseto.crypto.v1.V1CryptoProvider; import org.bouncycastle.asn1.DERNull; @@ -163,7 +163,7 @@ public boolean rsaVerify(byte[] m, byte[] sig, byte[] publicKey) { } @Override - public KeyPair rsaGenerate() { + public Pair rsaGenerate() { RSAKeyPairGenerator keyGen = new RSAKeyPairGenerator(); keyGen.init(new RSAKeyGenerationParameters(E, rng, RSA_KEY_SIZE, PrimeCertaintyCalculator.getDefaultCertainty(RSA_KEY_SIZE))); @@ -180,6 +180,6 @@ public KeyPair rsaGenerate() { priv.getPublicExponent(), priv.getExponent(), priv.getP(), priv.getQ(), priv.getDP(), priv.getDQ(), priv.getQInv())); - return new KeyPair(privateKey, publicKey); + return new Pair<>(privateKey, publicKey); } } diff --git a/crypto-v1-bc/src/test/java/net/aholbrook/paseto/crypto/v1/bc/BouncyCastleV1CryptoProviderTests.java b/crypto-v1-bc/src/test/java/net/aholbrook/paseto/crypto/v1/bc/BouncyCastleV1CryptoProviderTests.java index cc447b5..4d8ba7b 100644 --- a/crypto-v1-bc/src/test/java/net/aholbrook/paseto/crypto/v1/bc/BouncyCastleV1CryptoProviderTests.java +++ b/crypto-v1-bc/src/test/java/net/aholbrook/paseto/crypto/v1/bc/BouncyCastleV1CryptoProviderTests.java @@ -1,6 +1,6 @@ package net.aholbrook.paseto.crypto.v1.bc; -import net.aholbrook.paseto.crypto.KeyPair; +import net.aholbrook.paseto.crypto.Pair; import net.aholbrook.paseto.crypto.exception.CryptoProviderException; import net.aholbrook.paseto.crypto.v1.V1CryptoLoader; import org.bouncycastle.crypto.BufferedBlockCipher; @@ -24,7 +24,7 @@ public class BouncyCastleV1CryptoProviderTests { private byte[] iv = new byte[8]; // TODO hardcode a result for keypair. - private KeyPair keyPair = new BouncyCastleV1CryptoProvider().rsaGenerate(); + private Pair keyPair = new BouncyCastleV1CryptoProvider().rsaGenerate(); public void withAse256CtrCipherMocks(Consumer test) { BouncyCastleV1CryptoProvider provider = Mockito.spy(BouncyCastleV1CryptoProvider.class); @@ -62,8 +62,8 @@ public void withPssSha384Mocks(Consumer test) { BouncyCastleV1CryptoProvider provider = Mockito.spy(BouncyCastleV1CryptoProvider.class); PSSSigner pssSigner = Mockito.mock(PSSSigner.class); - Mockito.when(provider.pssSha384(true, keyPair.getSecretKey())).thenReturn(pssSigner); - Mockito.when(provider.pssSha384(false, keyPair.getPublicKey())).thenReturn(pssSigner); + Mockito.when(provider.pssSha384(true, keyPair.a)).thenReturn(pssSigner); + Mockito.when(provider.pssSha384(false, keyPair.b)).thenReturn(pssSigner); try { Mockito.when(pssSigner.generateSignature()) @@ -79,7 +79,7 @@ public void withPssSha384Mocks(Consumer test) { @DisplayName("rsaSign correctly handles a CryptoException if thrown.") public void rsaSign_CryptoProviderException() { withPssSha384Mocks((provider) -> { - Assertions.assertThrows(CryptoProviderException.class, () -> provider.rsaSign(m, keyPair.getSecretKey())); + Assertions.assertThrows(CryptoProviderException.class, () -> provider.rsaSign(m, keyPair.a)); }); } diff --git a/crypto-v1/src/main/java/net/aholbrook/paseto/crypto/v1/V1CryptoProvider.java b/crypto-v1/src/main/java/net/aholbrook/paseto/crypto/v1/V1CryptoProvider.java index 5cc4007..ce7fd2e 100644 --- a/crypto-v1/src/main/java/net/aholbrook/paseto/crypto/v1/V1CryptoProvider.java +++ b/crypto-v1/src/main/java/net/aholbrook/paseto/crypto/v1/V1CryptoProvider.java @@ -1,6 +1,6 @@ package net.aholbrook.paseto.crypto.v1; -import net.aholbrook.paseto.crypto.KeyPair; +import net.aholbrook.paseto.crypto.Pair; import net.aholbrook.paseto.crypto.NonceGenerator; import net.aholbrook.paseto.crypto.exception.ByteArrayLengthException; @@ -45,7 +45,7 @@ public byte[] generateNonce() { abstract public boolean rsaVerify(byte[] m, byte[] sig, byte[] publicKey); - abstract public KeyPair rsaGenerate(); + abstract public Pair rsaGenerate(); // Validation protected final void validateHkdfExtractAndExpand(byte[] salt, byte[] inputKeyingMaterial, byte[] info) { diff --git a/crypto-v2-bc/src/main/java/net/aholbrook/paseto/crypto/v2/bc/BouncyCastleV2CryptoProvider.java b/crypto-v2-bc/src/main/java/net/aholbrook/paseto/crypto/v2/bc/BouncyCastleV2CryptoProvider.java index c6d8e79..a95440c 100644 --- a/crypto-v2-bc/src/main/java/net/aholbrook/paseto/crypto/v2/bc/BouncyCastleV2CryptoProvider.java +++ b/crypto-v2-bc/src/main/java/net/aholbrook/paseto/crypto/v2/bc/BouncyCastleV2CryptoProvider.java @@ -1,6 +1,6 @@ package net.aholbrook.paseto.crypto.v2.bc; -import net.aholbrook.paseto.crypto.KeyPair; +import net.aholbrook.paseto.crypto.Pair; import net.aholbrook.paseto.crypto.v2.V2CryptoProvider; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; @@ -77,7 +77,7 @@ public byte[] ed25519SkToPk(byte[] sk) { } @Override - public KeyPair ed25519Generate() { + public Pair ed25519Generate() { int skLen = ed25519SignSecretKeyBytes() - ed25519SignPublicKeyBytes(); byte[] sk = new byte[ed25519SignSecretKeyBytes()]; byte[] pk = new byte[ed25519SignPublicKeyBytes()]; @@ -89,6 +89,6 @@ public KeyPair ed25519Generate() { System.arraycopy(pkParams.getEncoded(), 0, sk, skLen, pk.length); System.arraycopy(sk, skLen, pk, 0, pk.length); - return new KeyPair(sk, pk); + return new Pair<>(sk, pk); } } diff --git a/crypto-v2-libsodium/src/main/java/net/aholbrook/paseto/crypto/v2/libsodium/LibSodiumV2CryptoProvider.java b/crypto-v2-libsodium/src/main/java/net/aholbrook/paseto/crypto/v2/libsodium/LibSodiumV2CryptoProvider.java index a5f77bc..088ac6b 100644 --- a/crypto-v2-libsodium/src/main/java/net/aholbrook/paseto/crypto/v2/libsodium/LibSodiumV2CryptoProvider.java +++ b/crypto-v2-libsodium/src/main/java/net/aholbrook/paseto/crypto/v2/libsodium/LibSodiumV2CryptoProvider.java @@ -1,7 +1,7 @@ package net.aholbrook.paseto.crypto.v2.libsodium; import com.goterl.lazysodium.SodiumJava; -import net.aholbrook.paseto.crypto.KeyPair; +import net.aholbrook.paseto.crypto.Pair; import net.aholbrook.paseto.crypto.v2.V2CryptoProvider; public class LibSodiumV2CryptoProvider extends V2CryptoProvider { @@ -68,10 +68,10 @@ public byte[] ed25519SkToPk(byte[] sk) { } @Override - public KeyPair ed25519Generate() { + public Pair ed25519Generate() { byte[] sk = new byte[ed25519SignSecretKeyBytes()]; byte[] pk = new byte[ed25519SignPublicKeyBytes()]; sodium.crypto_sign_keypair(pk, sk); - return new KeyPair(sk, pk); + return new Pair<>(sk, pk); } } diff --git a/crypto-v2/src/main/java/net/aholbrook/paseto/crypto/v2/V2CryptoProvider.java b/crypto-v2/src/main/java/net/aholbrook/paseto/crypto/v2/V2CryptoProvider.java index 31a05b6..dab13ba 100644 --- a/crypto-v2/src/main/java/net/aholbrook/paseto/crypto/v2/V2CryptoProvider.java +++ b/crypto-v2/src/main/java/net/aholbrook/paseto/crypto/v2/V2CryptoProvider.java @@ -1,7 +1,7 @@ package net.aholbrook.paseto.crypto.v2; -import net.aholbrook.paseto.crypto.KeyPair; import net.aholbrook.paseto.crypto.NonceGenerator; +import net.aholbrook.paseto.crypto.Pair; import net.aholbrook.paseto.crypto.exception.ByteArrayLengthException; import net.aholbrook.paseto.crypto.exception.ByteArrayRangeException; @@ -36,7 +36,7 @@ public abstract class V2CryptoProvider implements NonceGenerator { abstract public byte[] ed25519SkToPk(byte[] sk); - abstract public KeyPair ed25519Generate(); + abstract public Pair ed25519Generate(); // Nonce public NonceGenerator getNonceGenerator() { diff --git a/crypto/src/main/java/net/aholbrook/paseto/crypto/KeyPair.java b/crypto/src/main/java/net/aholbrook/paseto/crypto/KeyPair.java deleted file mode 100644 index 16f7e80..0000000 --- a/crypto/src/main/java/net/aholbrook/paseto/crypto/KeyPair.java +++ /dev/null @@ -1,37 +0,0 @@ -package net.aholbrook.paseto.crypto; - -import java.util.Arrays; - -public class KeyPair { - private final byte[] secretKey, publicKey; - - public KeyPair(byte[] secretKey, byte[] publicKey) { - this.secretKey = secretKey; - this.publicKey = publicKey; - } - - public byte[] getSecretKey() { - return secretKey; - } - - public byte[] getPublicKey() { - return publicKey; - } - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - KeyPair keyPair = (KeyPair) o; - return Arrays.equals(secretKey, keyPair.secretKey) && - Arrays.equals(publicKey, keyPair.publicKey); - } - - @Override - public int hashCode() { - - int result = Arrays.hashCode(secretKey); - result = 31 * result + Arrays.hashCode(publicKey); - return result; - } -} diff --git a/crypto/src/main/java/net/aholbrook/paseto/crypto/Pair.java b/crypto/src/main/java/net/aholbrook/paseto/crypto/Pair.java new file mode 100644 index 0000000..1b76ada --- /dev/null +++ b/crypto/src/main/java/net/aholbrook/paseto/crypto/Pair.java @@ -0,0 +1,27 @@ +package net.aholbrook.paseto.crypto; + +import java.util.Objects; + +public class Pair { + public final A a; + public final B b; + + public Pair(A a, B b) { + this.a = a; + this.b = b; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + Pair pair = (Pair) o; + return a.equals(pair.a) && + b.equals(pair.b); + } + + @Override + public int hashCode() { + return Objects.hash(a, b); + } +} diff --git a/paseto-core/src/main/java/net/aholbrook/paseto/Paseto.java b/paseto-core/src/main/java/net/aholbrook/paseto/Paseto.java index f4f6c60..b8f1dec 100644 --- a/paseto-core/src/main/java/net/aholbrook/paseto/Paseto.java +++ b/paseto-core/src/main/java/net/aholbrook/paseto/Paseto.java @@ -2,12 +2,15 @@ import net.aholbrook.paseto.base64.jvm8.Base64Loader; import net.aholbrook.paseto.base64.jvm8.Base64Provider; -import net.aholbrook.paseto.crypto.KeyPair; +import net.aholbrook.paseto.keys.KeyPair; import net.aholbrook.paseto.crypto.NonceGenerator; import net.aholbrook.paseto.encoding.EncodingLoader; import net.aholbrook.paseto.encoding.EncodingProvider; import net.aholbrook.paseto.exception.InvalidFooterException; import net.aholbrook.paseto.exception.InvalidHeaderException; +import net.aholbrook.paseto.keys.AsymmetricPublicKey; +import net.aholbrook.paseto.keys.AsymmetricSecretKey; +import net.aholbrook.paseto.keys.SymmetricKey; import net.aholbrook.paseto.util.StringUtils; import java.nio.charset.Charset; @@ -28,70 +31,70 @@ public Paseto(Base64Provider base64Provider, EncodingProvider encodingProvider, this.nonceGenerator = nonceGenerator; } - public abstract String encrypt(Object payload, byte[] key, String footer); + public abstract String encrypt(Object payload, SymmetricKey key, String footer); - public abstract <_Payload> _Payload decrypt(String token, byte[] key, String footer, Class<_Payload> payloadClass); + public abstract <_Payload> _Payload decrypt(String token, SymmetricKey key, String footer, Class<_Payload> payloadClass); - public abstract String sign(Object payload, byte[] key, String footer); + public abstract String sign(Object payload, AsymmetricSecretKey sk, String footer); - public abstract <_Payload> _Payload verify(String token, byte[] pk, String footer, Class<_Payload> payloadClass); + public abstract <_Payload> _Payload verify(String token, AsymmetricPublicKey pk, String footer, Class<_Payload> payloadClass); public abstract KeyPair generateKeyPair(); - public String encrypt(Object payload, byte[] key) { + public String encrypt(Object payload, SymmetricKey key) { return encrypt(payload, key, null); } - public String encrypt(Object payload, byte[] key, Object footer) { + public String encrypt(Object payload, SymmetricKey key, Object footer) { return encrypt(payload, key, (String) ((footer instanceof String) ? footer : encodingProvider.encode(footer))); } - public <_Payload> _Payload decrypt(String token, byte[] key, Class<_Payload> payloadClass) { + public <_Payload> _Payload decrypt(String token, SymmetricKey key, Class<_Payload> payloadClass) { return decrypt(token, key, null, payloadClass); } - public <_Payload> _Payload decrypt(String token, byte[] key, Object footer, Class<_Payload> payloadClass) { + public <_Payload> _Payload decrypt(String token, SymmetricKey key, Object footer, Class<_Payload> payloadClass) { return decrypt(token, key, (String) ((footer instanceof String) ? footer : encodingProvider.encode(footer)), payloadClass); } - public String sign(Object payload, byte[] sk) { + public String sign(Object payload, AsymmetricSecretKey sk) { return sign(payload, sk, null); } - public String sign(Object payload, byte[] sk, Object footer) { + public String sign(Object payload, AsymmetricSecretKey sk, Object footer) { return sign(payload, sk, (String) ((footer instanceof String) ? footer : encodingProvider.encode(footer))); } - public <_Payload> _Payload verify(String token, byte[] pk, Class<_Payload> payloadClass) { + public <_Payload> _Payload verify(String token, AsymmetricPublicKey pk, Class<_Payload> payloadClass) { return verify(token, pk, null, payloadClass); } - public <_Payload> _Payload verify(String token, byte[] pk, Object footer, Class<_Payload> payloadClass) { + public <_Payload> _Payload verify(String token, AsymmetricPublicKey pk, Object footer, Class<_Payload> payloadClass) { return verify(token, pk, (String) ((footer instanceof String) ? footer : encodingProvider.encode(footer)), payloadClass); } - public <_Payload> TokenWithFooter<_Payload, String> decryptWithFooter(String token, byte[] key, + public <_Payload> TokenWithFooter<_Payload, String> decryptWithFooter(String token, SymmetricKey key, Class<_Payload> payloadClass) { _Payload payload = decrypt(token, key, payloadClass); String footer = extractFooter(token); return new TokenWithFooter<>(payload, footer); } - public <_Payload, _Footer> TokenWithFooter<_Payload, _Footer> decryptWithFooter(String token, byte[] key, + public <_Payload, _Footer> TokenWithFooter<_Payload, _Footer> decryptWithFooter(String token, SymmetricKey key, Class<_Payload> payloadClass, Class<_Footer> footerClass) { _Payload payload = decrypt(token, key, payloadClass); _Footer footer = extractFooter(token, footerClass); return new TokenWithFooter<>(payload, footer); } - public <_Payload> TokenWithFooter<_Payload, String> verifyWithFooter(String token, byte[] pk, + public <_Payload> TokenWithFooter<_Payload, String> verifyWithFooter(String token, AsymmetricPublicKey pk, Class<_Payload> payloadClass) { _Payload payload = verify(token, pk, payloadClass); String footer = extractFooter(token); return new TokenWithFooter<>(payload, footer); } - public <_Payload, _Footer> TokenWithFooter<_Payload, _Footer> verifyWithFooter(String token, byte[] pk, + public <_Payload, _Footer> TokenWithFooter<_Payload, _Footer> verifyWithFooter(String token, AsymmetricPublicKey pk, Class<_Payload> payloadClass, Class<_Footer> footerClass) { _Payload payload = verify(token, pk, payloadClass); _Footer footer = extractFooter(token, footerClass); diff --git a/paseto-core/src/main/java/net/aholbrook/paseto/PasetoV1.java b/paseto-core/src/main/java/net/aholbrook/paseto/PasetoV1.java index a2d306a..72a9e67 100644 --- a/paseto-core/src/main/java/net/aholbrook/paseto/PasetoV1.java +++ b/paseto-core/src/main/java/net/aholbrook/paseto/PasetoV1.java @@ -1,13 +1,17 @@ package net.aholbrook.paseto; import net.aholbrook.paseto.base64.jvm8.Base64Provider; -import net.aholbrook.paseto.crypto.KeyPair; +import net.aholbrook.paseto.crypto.Pair; +import net.aholbrook.paseto.keys.KeyPair; import net.aholbrook.paseto.crypto.NonceGenerator; import net.aholbrook.paseto.crypto.v1.V1CryptoLoader; import net.aholbrook.paseto.crypto.v1.V1CryptoProvider; import net.aholbrook.paseto.encoding.EncodingProvider; import net.aholbrook.paseto.exception.PasetoParseException; import net.aholbrook.paseto.exception.SignatureVerificationException; +import net.aholbrook.paseto.keys.AsymmetricPublicKey; +import net.aholbrook.paseto.keys.AsymmetricSecretKey; +import net.aholbrook.paseto.keys.SymmetricKey; import net.aholbrook.paseto.util.ByteArrayUtils; import net.aholbrook.paseto.util.PaeUtil; import net.aholbrook.paseto.util.StringUtils; @@ -29,7 +33,10 @@ private PasetoV1(Base64Provider base64Provider, EncodingProvider encodingProvide } @Override - public String encrypt(Object payload, byte[] key, String footer) { + public String encrypt(Object payload, SymmetricKey key, String footer) { + // Verify key version. + key.verifyKey(Version.V1); + footer = StringUtils.ntes(footer); // convert null to "" byte[] payloadBytes = StringUtils.getBytesUtf8(encodingProvider.encode(payload)); byte[] footerBytes = StringUtils.getBytesUtf8(footer); @@ -46,8 +53,8 @@ public String encrypt(Object payload, byte[] key, String footer) { System.arraycopy(n, salt.length, nonce, 0, nonce.length); // Create ek/ak for AEAD - byte[] ek = cryptoProvider.hkdfExtractAndExpand(salt, key, HKDF_INFO_EK); - byte[] ak = cryptoProvider.hkdfExtractAndExpand(salt, key, HKDF_INFO_AK); + byte[] ek = cryptoProvider.hkdfExtractAndExpand(salt, key.getMaterial(), HKDF_INFO_EK); + byte[] ak = cryptoProvider.hkdfExtractAndExpand(salt, key.getMaterial(), HKDF_INFO_AK); byte[] c = cryptoProvider.aes256CtrEncrypt(payloadBytes, ek, nonce); byte[] preAuth = PaeUtil.pae(StringUtils.getBytesUtf8(HEADER_LOCAL), n, c, footerBytes); @@ -67,7 +74,10 @@ public String encrypt(Object payload, byte[] key, String footer) { } @Override - public <_Payload> _Payload decrypt(String token, byte[] key, String footer, Class<_Payload> payloadClass) { + public <_Payload> _Payload decrypt(String token, SymmetricKey key, String footer, Class<_Payload> payloadClass) { + // Verify key version. + key.verifyKey(Version.V1); + // Split token into sections String[] sections = split(token); if (sections == null) { @@ -101,8 +111,8 @@ public <_Payload> _Payload decrypt(String token, byte[] key, String footer, Clas System.arraycopy(n, salt.length, nonce, 0, nonce.length); // Create ek/ak for AEAD - byte[] ek = cryptoProvider.hkdfExtractAndExpand(salt, key, HKDF_INFO_EK); - byte[] ak = cryptoProvider.hkdfExtractAndExpand(salt, key, HKDF_INFO_AK); + byte[] ek = cryptoProvider.hkdfExtractAndExpand(salt, key.getMaterial(), HKDF_INFO_EK); + byte[] ak = cryptoProvider.hkdfExtractAndExpand(salt, key.getMaterial(), HKDF_INFO_AK); byte[] preAuth = PaeUtil.pae(StringUtils.getBytesUtf8(HEADER_LOCAL), n, c, StringUtils.getBytesUtf8(decodedFooter)); @@ -118,13 +128,16 @@ public <_Payload> _Payload decrypt(String token, byte[] key, String footer, Clas } @Override - public String sign(Object payload, byte[] pk, String footer) { + public String sign(Object payload, AsymmetricSecretKey pk, String footer) { + // Verify key version. + pk.verifyKey(Version.V1); + footer = StringUtils.ntes(footer); // convert null to "" byte[] payloadBytes = StringUtils.getBytesUtf8(encodingProvider.encode(payload)); byte[] footerBytes = StringUtils.getBytesUtf8(footer); byte[] m2 = PaeUtil.pae(StringUtils.getBytesUtf8(HEADER_PUBLIC), payloadBytes, footerBytes); - byte[] sig = cryptoProvider.rsaSign(m2, pk); + byte[] sig = cryptoProvider.rsaSign(m2, pk.getMaterial()); byte[] msig = new byte[sig.length + payloadBytes.length]; System.arraycopy(payloadBytes, 0, msig, 0, payloadBytes.length); @@ -139,7 +152,10 @@ public String sign(Object payload, byte[] pk, String footer) { } @Override - public <_Payload> _Payload verify(String token, byte[] pk, String footer, Class<_Payload> payloadClass) { + public <_Payload> _Payload verify(String token, AsymmetricPublicKey pk, String footer, Class<_Payload> payloadClass) { + // Verify key version. + pk.verifyKey(Version.V1); + // Split token into sections String[] sections = split(token); if (sections == null) { @@ -165,7 +181,7 @@ public <_Payload> _Payload verify(String token, byte[] pk, String footer, Class< System.arraycopy(msig, 0, m, 0, m.length); byte[] m2 = PaeUtil.pae(StringUtils.getBytesUtf8(HEADER_PUBLIC), m, StringUtils.getBytesUtf8(decodedFooter)); - if (!cryptoProvider.rsaVerify(m2, s, pk)) { + if (!cryptoProvider.rsaVerify(m2, s, pk.getMaterial())) { throw new SignatureVerificationException(token); } @@ -175,7 +191,11 @@ public <_Payload> _Payload verify(String token, byte[] pk, String footer, Class< @Override public KeyPair generateKeyPair() { - return cryptoProvider.rsaGenerate(); + Pair rawKey = cryptoProvider.rsaGenerate(); + return new KeyPair( + new AsymmetricSecretKey(rawKey.a, Version.V1), + new AsymmetricPublicKey(rawKey.b, Version.V1) + ); } public static class Builder extends Paseto.Builder { diff --git a/paseto-core/src/main/java/net/aholbrook/paseto/PasetoV2.java b/paseto-core/src/main/java/net/aholbrook/paseto/PasetoV2.java index c3f444e..247ed31 100644 --- a/paseto-core/src/main/java/net/aholbrook/paseto/PasetoV2.java +++ b/paseto-core/src/main/java/net/aholbrook/paseto/PasetoV2.java @@ -1,7 +1,8 @@ package net.aholbrook.paseto; import net.aholbrook.paseto.base64.jvm8.Base64Provider; -import net.aholbrook.paseto.crypto.KeyPair; +import net.aholbrook.paseto.crypto.Pair; +import net.aholbrook.paseto.keys.KeyPair; import net.aholbrook.paseto.crypto.NonceGenerator; import net.aholbrook.paseto.crypto.v2.V2CryptoLoader; import net.aholbrook.paseto.crypto.v2.V2CryptoProvider; @@ -9,6 +10,9 @@ import net.aholbrook.paseto.exception.DecryptionException; import net.aholbrook.paseto.exception.PasetoParseException; import net.aholbrook.paseto.exception.SignatureVerificationException; +import net.aholbrook.paseto.keys.AsymmetricPublicKey; +import net.aholbrook.paseto.keys.AsymmetricSecretKey; +import net.aholbrook.paseto.keys.SymmetricKey; import net.aholbrook.paseto.util.PaeUtil; import net.aholbrook.paseto.util.StringUtils; @@ -26,7 +30,10 @@ private PasetoV2(Base64Provider base64Provider, EncodingProvider encodingProvide } @Override - public String encrypt(Object payload, byte[] key, String footer) { + public String encrypt(Object payload, SymmetricKey key, String footer) { + // Verify key version. + key.verifyKey(Version.V2); + footer = StringUtils.ntes(footer); // convert null to "" byte[] payloadBytes = StringUtils.getBytesUtf8(encodingProvider.encode(payload)); byte[] footerBytes = StringUtils.getBytesUtf8(footer); @@ -38,7 +45,7 @@ public String encrypt(Object payload, byte[] key, String footer) { byte[] preAuth = PaeUtil.pae(StringUtils.getBytesUtf8(HEADER_LOCAL), n, footerBytes); byte[] c = new byte[payloadBytes.length + cryptoProvider.xChaCha20Poly1305IetfAbytes()]; - cryptoProvider.aeadXChaCha20Poly1305IetfEncrypt(c, payloadBytes, preAuth, n, key); + cryptoProvider.aeadXChaCha20Poly1305IetfEncrypt(c, payloadBytes, preAuth, n, key.getMaterial()); byte[] nc = new byte[n.length + c.length]; System.arraycopy(n, 0, nc, 0, n.length); @@ -53,7 +60,10 @@ public String encrypt(Object payload, byte[] key, String footer) { } @Override - public <_Payload> _Payload decrypt(String token, byte[] key, String footer, Class<_Payload> payloadClass) { + public <_Payload> _Payload decrypt(String token, SymmetricKey key, String footer, Class<_Payload> payloadClass) { + // Verify key version. + key.verifyKey(Version.V2); + // Split token into sections String[] sections = split(token); if (sections == null) { @@ -80,7 +90,7 @@ public <_Payload> _Payload decrypt(String token, byte[] key, String footer, Clas byte[] preAuth = PaeUtil.pae(StringUtils.getBytesUtf8(HEADER_LOCAL), n, StringUtils.getBytesUtf8(decodedFooter)); byte[] p = new byte[c.length - cryptoProvider.xChaCha20Poly1305IetfAbytes()]; - if (!cryptoProvider.aeadXChaCha20Poly1305IetfDecrypt(p, c, preAuth, n, key)) { + if (!cryptoProvider.aeadXChaCha20Poly1305IetfDecrypt(p, c, preAuth, n, key.getMaterial())) { throw new DecryptionException(token); } @@ -89,14 +99,17 @@ public <_Payload> _Payload decrypt(String token, byte[] key, String footer, Clas } @Override - public String sign(Object payload, byte[] sk, String footer) { + public String sign(Object payload, AsymmetricSecretKey sk, String footer) { + // Verify key version. + sk.verifyKey(Version.V2); + footer = StringUtils.ntes(footer); // convert null to "" byte[] payloadBytes = StringUtils.getBytesUtf8(encodingProvider.encode(payload)); byte[] footerBytes = StringUtils.getBytesUtf8(footer); byte[] m2 = PaeUtil.pae(StringUtils.getBytesUtf8(HEADER_PUBLIC), payloadBytes, footerBytes); byte[] sig = new byte[cryptoProvider.ed25519SignBytes()]; - cryptoProvider.ed25519Sign(sig, m2, sk); + cryptoProvider.ed25519Sign(sig, m2, sk.getMaterial()); byte[] msig = new byte[payloadBytes.length + sig.length]; System.arraycopy(payloadBytes, 0, msig, 0, payloadBytes.length); @@ -111,7 +124,10 @@ public String sign(Object payload, byte[] sk, String footer) { } @Override - public <_Payload> _Payload verify(String token, byte[] pk, String footer, Class<_Payload> payloadClass) { + public <_Payload> _Payload verify(String token, AsymmetricPublicKey pk, String footer, Class<_Payload> payloadClass) { + // Verify key version. + pk.verifyKey(Version.V2); + // Split token into sections String[] sections = split(token); if (sections == null) { @@ -137,7 +153,7 @@ public <_Payload> _Payload verify(String token, byte[] pk, String footer, Class< System.arraycopy(msig, 0, m, 0, m.length); byte[] m2 = PaeUtil.pae(StringUtils.getBytesUtf8(HEADER_PUBLIC), m, StringUtils.getBytesUtf8(decodedFooter)); - if (!cryptoProvider.ed25519Verify(s, m2, pk)) { + if (!cryptoProvider.ed25519Verify(s, m2, pk.getMaterial())) { throw new SignatureVerificationException(token); } @@ -147,7 +163,11 @@ public <_Payload> _Payload verify(String token, byte[] pk, String footer, Class< @Override public KeyPair generateKeyPair() { - return cryptoProvider.ed25519Generate(); + Pair rawKey = cryptoProvider.ed25519Generate(); + return new KeyPair( + new AsymmetricSecretKey(rawKey.a, Version.V2), + new AsymmetricPublicKey(rawKey.b, Version.V2) + ); } public static class Builder extends Paseto.Builder { diff --git a/paseto-core/src/main/java/net/aholbrook/paseto/Version.java b/paseto-core/src/main/java/net/aholbrook/paseto/Version.java new file mode 100644 index 0000000..ed7b303 --- /dev/null +++ b/paseto-core/src/main/java/net/aholbrook/paseto/Version.java @@ -0,0 +1,6 @@ +package net.aholbrook.paseto; + +public enum Version { + V1, + V2, +} diff --git a/paseto-core/src/main/java/net/aholbrook/paseto/exception/KeyVersionException.java b/paseto-core/src/main/java/net/aholbrook/paseto/exception/KeyVersionException.java new file mode 100644 index 0000000..4a9d790 --- /dev/null +++ b/paseto-core/src/main/java/net/aholbrook/paseto/exception/KeyVersionException.java @@ -0,0 +1,27 @@ +package net.aholbrook.paseto.exception; + +import net.aholbrook.paseto.Version; + +public class KeyVersionException extends PasetoException { + private final Version expected; + private final Version actual; + + public KeyVersionException(Version expected, Version actual) { + super(message(expected, actual)); + + this.expected = expected; + this.actual = actual; + } + + public Version getExpected() { + return expected; + } + + public Version getActual() { + return actual; + } + + private static String message(Version expected, Version actual) { + return "Got wrong Key version: " + actual + " given, expected: " + expected + "."; + } +} diff --git a/paseto-core/src/main/java/net/aholbrook/paseto/keys/AsymmetricPublicKey.java b/paseto-core/src/main/java/net/aholbrook/paseto/keys/AsymmetricPublicKey.java new file mode 100644 index 0000000..fd83532 --- /dev/null +++ b/paseto-core/src/main/java/net/aholbrook/paseto/keys/AsymmetricPublicKey.java @@ -0,0 +1,9 @@ +package net.aholbrook.paseto.keys; + +import net.aholbrook.paseto.Version; + +public final class AsymmetricPublicKey extends Key { + public AsymmetricPublicKey(byte[] material, Version version) { + super(material, version); + } +} diff --git a/paseto-core/src/main/java/net/aholbrook/paseto/keys/AsymmetricSecretKey.java b/paseto-core/src/main/java/net/aholbrook/paseto/keys/AsymmetricSecretKey.java new file mode 100644 index 0000000..7f3381b --- /dev/null +++ b/paseto-core/src/main/java/net/aholbrook/paseto/keys/AsymmetricSecretKey.java @@ -0,0 +1,9 @@ +package net.aholbrook.paseto.keys; + +import net.aholbrook.paseto.Version; + +public final class AsymmetricSecretKey extends Key { + public AsymmetricSecretKey(byte[] material, Version version) { + super(material, version); + } +} diff --git a/paseto-core/src/main/java/net/aholbrook/paseto/keys/Key.java b/paseto-core/src/main/java/net/aholbrook/paseto/keys/Key.java new file mode 100644 index 0000000..573bb08 --- /dev/null +++ b/paseto-core/src/main/java/net/aholbrook/paseto/keys/Key.java @@ -0,0 +1,45 @@ +package net.aholbrook.paseto.keys; + +import net.aholbrook.paseto.Version; +import net.aholbrook.paseto.exception.KeyVersionException; + +import java.util.Arrays; +import java.util.Objects; + +public abstract class Key { + protected final byte[] material; + protected final Version version; + + protected Key(byte[] material, Version version) { + if (material == null) { throw new NullPointerException("Null key material."); } + if (version == null) { throw new NullPointerException("Null key version."); } + + this.material = material; + this.version = version; + } + + public final void verifyKey(Version version) { + if (version == null) { throw new NullPointerException("version is required."); } + if (this.version != version) { throw new KeyVersionException(version, this.version); } + } + + public final byte[] getMaterial() { + return material; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + Key key = (Key) o; + return Arrays.equals(material, key.material) && + version == key.version; + } + + @Override + public int hashCode() { + int result = Objects.hash(version); + result = 31 * result + Arrays.hashCode(material); + return result; + } +} diff --git a/paseto-core/src/main/java/net/aholbrook/paseto/keys/KeyPair.java b/paseto-core/src/main/java/net/aholbrook/paseto/keys/KeyPair.java new file mode 100644 index 0000000..482a189 --- /dev/null +++ b/paseto-core/src/main/java/net/aholbrook/paseto/keys/KeyPair.java @@ -0,0 +1,35 @@ +package net.aholbrook.paseto.keys; + +public class KeyPair { + private final AsymmetricSecretKey secretKey; + private final AsymmetricPublicKey publicKey; + + public KeyPair(AsymmetricSecretKey secretKey, AsymmetricPublicKey publicKey) { + this.secretKey = secretKey; + this.publicKey = publicKey; + } + + public AsymmetricSecretKey getSecretKey() { + return secretKey; + } + + public AsymmetricPublicKey getPublicKey() { + return publicKey; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + KeyPair keyPair = (KeyPair) o; + return secretKey.equals(keyPair.secretKey) && + publicKey.equals(keyPair.publicKey); + } + + @Override + public int hashCode() { + int result = secretKey.hashCode(); + result = 31 * result + publicKey.hashCode(); + return result; + } +} diff --git a/paseto-core/src/main/java/net/aholbrook/paseto/keys/SymmetricKey.java b/paseto-core/src/main/java/net/aholbrook/paseto/keys/SymmetricKey.java new file mode 100644 index 0000000..744cf53 --- /dev/null +++ b/paseto-core/src/main/java/net/aholbrook/paseto/keys/SymmetricKey.java @@ -0,0 +1,9 @@ +package net.aholbrook.paseto.keys; + +import net.aholbrook.paseto.Version; + +public final class SymmetricKey extends Key { + public SymmetricKey(byte[] material, Version version) { + super(material, version); + } +} diff --git a/paseto-core/src/main/java/net/aholbrook/paseto/service/LocalTokenService.java b/paseto-core/src/main/java/net/aholbrook/paseto/service/LocalTokenService.java index 8918f49..95c28f1 100644 --- a/paseto-core/src/main/java/net/aholbrook/paseto/service/LocalTokenService.java +++ b/paseto-core/src/main/java/net/aholbrook/paseto/service/LocalTokenService.java @@ -6,6 +6,7 @@ import net.aholbrook.paseto.TokenWithFooter; import net.aholbrook.paseto.claims.Claim; import net.aholbrook.paseto.claims.Claims; +import net.aholbrook.paseto.keys.SymmetricKey; import net.aholbrook.paseto.time.Duration; public class LocalTokenService<_TokenType extends Token> extends TokenService<_TokenType> { @@ -20,25 +21,25 @@ private LocalTokenService(Paseto paseto, KeyProvider keyProvider, Claim[] claims @Override public String encode(_TokenType token) { validateToken(token); - return paseto.encrypt(token, keyProvider.getSecretKey()); + return paseto.encrypt(token, keyProvider.getKey()); } @Override public <_FooterType> String encode(_TokenType token, _FooterType footer) { validateToken(token); - return paseto.encrypt(token, keyProvider.getSecretKey(), footer); + return paseto.encrypt(token, keyProvider.getKey(), footer); } @Override public _TokenType decode(String token) { - _TokenType result = paseto.decrypt(token, keyProvider.getSecretKey(), tokenClass); + _TokenType result = paseto.decrypt(token, keyProvider.getKey(), tokenClass); Claims.verify(result, claims); return result; } @Override public <_FooterType> _TokenType decode(String token, _FooterType footer) { - _TokenType result = paseto.decrypt(token, keyProvider.getSecretKey(), footer, tokenClass); + _TokenType result = paseto.decrypt(token, keyProvider.getKey(), footer, tokenClass); Claims.verify(result, claims); return result; } @@ -46,7 +47,7 @@ public <_FooterType> _TokenType decode(String token, _FooterType footer) { @Override public <_FooterType> TokenWithFooter<_TokenType, _FooterType> decodeWithFooter(String token, Class<_FooterType> footerClass) { TokenWithFooter<_TokenType, _FooterType> result - = paseto.decryptWithFooter(token, keyProvider.getSecretKey(), tokenClass, footerClass); + = paseto.decryptWithFooter(token, keyProvider.getKey(), tokenClass, footerClass); Claims.verify(result.getToken(), claims); return result; } @@ -62,7 +63,7 @@ public <_FooterType> _FooterType getFooter(String token, Class<_FooterType> foot } public interface KeyProvider { - byte[] getSecretKey(); + SymmetricKey getKey(); } public static class Builder<_TokenType extends Token> { diff --git a/paseto-core/src/main/java/net/aholbrook/paseto/service/PublicTokenService.java b/paseto-core/src/main/java/net/aholbrook/paseto/service/PublicTokenService.java index 5f82533..4978912 100644 --- a/paseto-core/src/main/java/net/aholbrook/paseto/service/PublicTokenService.java +++ b/paseto-core/src/main/java/net/aholbrook/paseto/service/PublicTokenService.java @@ -6,6 +6,8 @@ import net.aholbrook.paseto.TokenWithFooter; import net.aholbrook.paseto.claims.Claim; import net.aholbrook.paseto.claims.Claims; +import net.aholbrook.paseto.keys.AsymmetricPublicKey; +import net.aholbrook.paseto.keys.AsymmetricSecretKey; import net.aholbrook.paseto.time.Duration; @@ -62,9 +64,9 @@ public <_FooterType> _FooterType getFooter(String token, Class<_FooterType> foot } public interface KeyProvider { - byte[] getSecretKey(); + AsymmetricSecretKey getSecretKey(); - byte[] getPublicKey(); + AsymmetricPublicKey getPublicKey(); } public static class Builder<_TokenType extends Token> { diff --git a/paseto-core/src/main/java/net/aholbrook/paseto/util/Pkcs12.java b/paseto-core/src/main/java/net/aholbrook/paseto/util/Pkcs12.java index ea5dcb9..f759455 100644 --- a/paseto-core/src/main/java/net/aholbrook/paseto/util/Pkcs12.java +++ b/paseto-core/src/main/java/net/aholbrook/paseto/util/Pkcs12.java @@ -1,6 +1,9 @@ package net.aholbrook.paseto.util; -import net.aholbrook.paseto.crypto.KeyPair; +import net.aholbrook.paseto.Version; +import net.aholbrook.paseto.keys.AsymmetricPublicKey; +import net.aholbrook.paseto.keys.AsymmetricSecretKey; +import net.aholbrook.paseto.keys.KeyPair; import net.aholbrook.paseto.exception.Pkcs12LoadException; import java.io.FileInputStream; @@ -34,7 +37,10 @@ public static KeyPair load(String keystoreFile, String keystorePass, String alia if (cert == null) { throw new Pkcs12LoadException(Pkcs12LoadException.Reason.PUBLIC_KEY_NOT_FOUND); } PublicKey publicKey = cert.getPublicKey(); - return new KeyPair(privateKey.getEncoded(), publicKey.getEncoded()); + return new KeyPair( + new AsymmetricSecretKey(privateKey.getEncoded(), Version.V1), + new AsymmetricPublicKey(publicKey.getEncoded(), Version.V1) + ); } catch (FileNotFoundException e) { throw new Pkcs12LoadException(e); } catch (CertificateException e) { diff --git a/paseto-core/src/test/java/net/aholbrook/paseto/KeyPairTest.java b/paseto-core/src/test/java/net/aholbrook/paseto/KeyPairTest.java index ea9a37c..71d3132 100644 --- a/paseto-core/src/test/java/net/aholbrook/paseto/KeyPairTest.java +++ b/paseto-core/src/test/java/net/aholbrook/paseto/KeyPairTest.java @@ -1,6 +1,6 @@ package net.aholbrook.paseto; -import net.aholbrook.paseto.crypto.KeyPair; +import net.aholbrook.paseto.keys.KeyPair; import net.aholbrook.paseto.data.RfcTestVectors; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.DisplayName; @@ -11,8 +11,8 @@ public class KeyPairTest { @Test @DisplayName("Equals returns true when two key pairs are equal.") public void keyPair_equals() { - KeyPair kp1 = new KeyPair(RfcTestVectors.RFC_TEST_RSA_PRIVATE_KEY, RfcTestVectors.RFC_TEST_RSA_PUBLIC_KEY); - KeyPair kp2 = new KeyPair(RfcTestVectors.RFC_TEST_RSA_PRIVATE_KEY, RfcTestVectors.RFC_TEST_RSA_PUBLIC_KEY); + KeyPair kp1 = new KeyPair(RfcTestVectors.RFC_TEST_V1_SK, RfcTestVectors.RFC_TEST_V1_PK); + KeyPair kp2 = new KeyPair(RfcTestVectors.RFC_TEST_V1_SK, RfcTestVectors.RFC_TEST_V1_PK); Assertions.assertEquals(kp1, kp1); Assertions.assertEquals(kp1, kp2); Assertions.assertEquals(kp1.hashCode(), kp2.hashCode()); @@ -21,9 +21,9 @@ public void keyPair_equals() { @Test @DisplayName("Equals returns false when two key pairs are different.") public void keyPair_notEquals() { - KeyPair kp1 = new KeyPair(RfcTestVectors.RFC_TEST_RSA_PRIVATE_KEY, RfcTestVectors.RFC_TEST_RSA_PUBLIC_KEY); - KeyPair kp2 = new KeyPair(RfcTestVectors.RFC_TEST_SK, RfcTestVectors.RFC_TEST_PK); - KeyPair kp3 = new KeyPair(RfcTestVectors.RFC_TEST_RSA_PRIVATE_KEY, RfcTestVectors.RFC_TEST_PK); + KeyPair kp1 = new KeyPair(RfcTestVectors.RFC_TEST_V1_SK, RfcTestVectors.RFC_TEST_V1_PK); + KeyPair kp2 = new KeyPair(RfcTestVectors.RFC_TEST_V2_SK, RfcTestVectors.RFC_TEST_V2_PK); + KeyPair kp3 = new KeyPair(RfcTestVectors.RFC_TEST_V1_SK, RfcTestVectors.RFC_TEST_V2_PK); Assertions.assertNotEquals(kp1, new Object()); Assertions.assertEquals(false, kp1.equals(null)); Assertions.assertEquals(false, kp1.equals(1)); diff --git a/paseto-core/src/test/java/net/aholbrook/paseto/PasetoTest.java b/paseto-core/src/test/java/net/aholbrook/paseto/PasetoTest.java index 2758f98..cdf5cae 100644 --- a/paseto-core/src/test/java/net/aholbrook/paseto/PasetoTest.java +++ b/paseto-core/src/test/java/net/aholbrook/paseto/PasetoTest.java @@ -9,31 +9,29 @@ public abstract class PasetoTest { protected <_TokenType, _Footer> void encryptTestVector(Paseto.Builder builder, TestVector<_TokenType, _Footer> tv) { - // A: key, B: nonce - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); Assertions.assertNotNull(paseto, "paseto V1 instance"); String token; if (tv.getFooter() != null) { - token = paseto.encrypt(tv.getPayload(), tv.getA(), tv.getFooter()); + token = paseto.encrypt(tv.getPayload(), tv.getLocalKey(), tv.getFooter()); } else { - token = paseto.encrypt(tv.getPayload(), tv.getA()); + token = paseto.encrypt(tv.getPayload(), tv.getLocalKey()); } Assertions.assertEquals(tv.getToken(), token, "Generated token does not match test vector."); } protected <_TokenType, _Footer> void decryptTestVector(Paseto.Builder builder, TestVector<_TokenType, _Footer> tv) { - // A: key, B: nonce - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); Assertions.assertNotNull(paseto, "paseto V1 instance"); _TokenType payload; if (tv.getFooter() != null) { - payload = paseto.decrypt(tv.getToken(), tv.getA(), tv.getFooter(), + payload = paseto.decrypt(tv.getToken(), tv.getLocalKey(), tv.getFooter(), tv.getPayloadClass()); } else { - payload = paseto.decrypt(tv.getToken(), tv.getA(), tv.getPayloadClass()); + payload = paseto.decrypt(tv.getToken(), tv.getLocalKey(), tv.getPayloadClass()); } Assertions.assertEquals(tv.getPayload(), payload, "Decrypted payload does not match test vector."); @@ -41,16 +39,15 @@ protected <_TokenType, _Footer> void decryptTestVector(Paseto.Builder builder, T protected <_TokenType, _Footer> void signTestVector(Paseto.Builder builder, TestVector<_TokenType, _Footer> tv, boolean assertSigned) { - // A: sk, B: pk Paseto paseto = builder.build(); Assertions.assertNotNull(paseto, "paseto V1 instance"); String token; if (tv.getFooter() != null) { - token = paseto.sign(tv.getPayload(), tv.getA(), + token = paseto.sign(tv.getPayload(), tv.getSecretKey(), tv.getFooter()); } else { - token = paseto.sign(tv.getPayload(), tv.getA()); + token = paseto.sign(tv.getPayload(), tv.getSecretKey()); } if (assertSigned) { @@ -60,24 +57,23 @@ protected <_TokenType, _Footer> void signTestVector(Paseto.Builder builder, Test // Now verify the signature (we can't use the token in the test vector as the signature will change each time. _TokenType decoded; if (tv.getFooter() != null) { - decoded = paseto.verify(token, tv.getB(), tv.getFooter(), tv.getPayloadClass()); + decoded = paseto.verify(token, tv.getPublicKey(), tv.getFooter(), tv.getPayloadClass()); } else { - decoded = paseto.verify(token, tv.getB(), tv.getPayloadClass()); + decoded = paseto.verify(token, tv.getPublicKey(), tv.getPayloadClass()); } Assertions.assertEquals(tv.getPayload(), decoded, "Decoded payload does not match test vector."); } protected <_TokenType, _Footer> void verifyTestVector(Paseto.Builder builder, TestVector<_TokenType, _Footer> tv) { - // A: sk, B: pk Paseto paseto = builder.build(); Assertions.assertNotNull(paseto, "paseto V1 instance"); _TokenType payload; if (tv.getFooter() != null) { - payload = paseto.verify(tv.getToken(), tv.getB(), tv.getFooter(), tv.getPayloadClass()); + payload = paseto.verify(tv.getToken(), tv.getPublicKey(), tv.getFooter(), tv.getPayloadClass()); } else { - payload = paseto.verify(tv.getToken(), tv.getB(), tv.getPayloadClass()); + payload = paseto.verify(tv.getToken(), tv.getPublicKey(), tv.getPayloadClass()); } Assertions.assertEquals(tv.getPayload(), payload, "Verified payload does not match test vector."); diff --git a/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV1ServiceTest.java b/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV1ServiceTest.java index b671989..165ff76 100644 --- a/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV1ServiceTest.java +++ b/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV1ServiceTest.java @@ -7,6 +7,8 @@ import net.aholbrook.paseto.data.TestVector; import net.aholbrook.paseto.data.TokenTestVectors; import net.aholbrook.paseto.exception.claims.MissingClaimException; +import net.aholbrook.paseto.keys.AsymmetricPublicKey; +import net.aholbrook.paseto.keys.AsymmetricSecretKey; import net.aholbrook.paseto.service.KeyId; import net.aholbrook.paseto.service.LocalTokenService; import net.aholbrook.paseto.service.PublicTokenService; @@ -22,40 +24,40 @@ public class PasetoV1ServiceTest extends PasetoServiceTest { @Override protected LocalTokenService.KeyProvider rfcLocalKeyProvider() { - return () -> RfcTestVectors.RFC_TEST_KEY; + return () -> RfcTestVectors.RFC_TEST_V1_KEY; } @Override protected PublicTokenService.KeyProvider rfcPublicKeyProvider() { return new PublicTokenService.KeyProvider() { @Override - public byte[] getSecretKey() { - return RfcTestVectors.RFC_TEST_RSA_PRIVATE_KEY; + public AsymmetricSecretKey getSecretKey() { + return RfcTestVectors.RFC_TEST_V1_SK; } @Override - public byte[] getPublicKey() { - return RfcTestVectors.RFC_TEST_RSA_PUBLIC_KEY; + public AsymmetricPublicKey getPublicKey() { + return RfcTestVectors.RFC_TEST_V1_PK; } }; } @Override protected LocalTokenService.KeyProvider tokenLocalKeyProvider() { - return () -> TokenTestVectors.TEST_KEY; + return () -> TokenTestVectors.TEST_V1_KEY; } @Override protected PublicTokenService.KeyProvider tokenPublicKeyProvider() { return new PublicTokenService.KeyProvider() { @Override - public byte[] getSecretKey() { - return TokenTestVectors.TEST_RSA_PRIVATE_KEY; + public AsymmetricSecretKey getSecretKey() { + return TokenTestVectors.TEST_V1_SK; } @Override - public byte[] getPublicKey() { - return TokenTestVectors.TEST_RSA_PUBLIC_KEY; + public AsymmetricPublicKey getPublicKey() { + return TokenTestVectors.TEST_V1_PK; } }; } @@ -101,42 +103,42 @@ public void v1Service_publicServiceBuilderOverride(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1Service_rfcVectorE1(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V1_E_1; - encodeTestVector(rfcLocalService(builder, tv.getB()), tv); + encodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1Service_rfcVectorE2(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V1_E_2; - encodeTestVector(rfcLocalService(builder, tv.getB()), tv); + encodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1Service_rfcVectorE3(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V1_E_3; - encodeTestVector(rfcLocalService(builder, tv.getB()), tv); + encodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1Service_rfcVectorE4(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V1_E_4; - encodeTestVector(rfcLocalService(builder, tv.getB()), tv); + encodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1Service_rfcVectorE5(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V1_E_5; - encodeTestVector(rfcLocalService(builder, tv.getB()), tv); + encodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1Service_rfcVectorE6(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V1_E_6; - encodeTestVector(rfcLocalService(builder, tv.getB()), tv); + encodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } // Decryption tests @@ -144,42 +146,42 @@ public void v1Service_rfcVectorE6(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1Service_rfcVectorE1Decrypt(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V1_E_1; - decodeTestVector(rfcLocalService(builder, tv.getB()), tv); + decodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1Service_rfcVectorE2Decrypt(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V1_E_2; - decodeTestVector(rfcLocalService(builder, tv.getB()), tv); + decodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1Service_rfcVectorE3Decrypt(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V1_E_3; - decodeTestVector(rfcLocalService(builder, tv.getB()), tv); + decodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1Service_rfcVectorE4Decrypt(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V1_E_4; - decodeTestVector(rfcLocalService(builder, tv.getB()), tv); + decodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1Service_rfcVectorE5Decrypt(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V1_E_5; - decodeTestVector(rfcLocalService(builder, tv.getB()), tv); + decodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1Service_rfcVectorE6Decrypt(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V1_E_6; - decodeTestVector(rfcLocalService(builder, tv.getB()), tv); + decodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } // Sign tests @@ -216,7 +218,7 @@ public void v1Service_rfcVectorS2Verify(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1Service_local_decodeWithFooter(Paseto.Builder builder) { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL_WITH_FOOTER; - TokenService service = tokenLocalService(builder, tv.getB()); + TokenService service = tokenLocalService(builder, tv.getNonce()); TokenWithFooter result = service.decodeWithFooter(tv.getToken(), KeyId.class); Assertions.assertEquals(tv.getPayload(), result.getToken()); @@ -238,7 +240,7 @@ public void v1Service_public_decodeWithFooter(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1Service_local_extractFooter(Paseto.Builder builder) { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL_WITH_FOOTER; - TokenService service = tokenLocalService(builder, tv.getB()); + TokenService service = tokenLocalService(builder, tv.getNonce()); KeyId result = service.getFooter(tv.getToken(), KeyId.class); Assertions.assertEquals(tv.getFooter(), result); diff --git a/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV1Test.java b/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV1Test.java index da8adb6..5b7fc33 100644 --- a/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV1Test.java +++ b/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV1Test.java @@ -2,7 +2,8 @@ import net.aholbrook.paseto.base64.jvm8.Base64Provider; import net.aholbrook.paseto.base64.jvm8.jvm8.Jvm8Base64Provider; -import net.aholbrook.paseto.crypto.KeyPair; +import net.aholbrook.paseto.keys.AsymmetricPublicKey; +import net.aholbrook.paseto.keys.KeyPair; import net.aholbrook.paseto.crypto.TestNonceGenerator; import net.aholbrook.paseto.crypto.v1.V1CryptoProvider; import net.aholbrook.paseto.crypto.v1.bc.BouncyCastleV1CryptoProvider; @@ -15,6 +16,7 @@ import net.aholbrook.paseto.exception.PasetoParseException; import net.aholbrook.paseto.exception.PasetoStringException; import net.aholbrook.paseto.exception.SignatureVerificationException; +import net.aholbrook.paseto.keys.SymmetricKey; import net.aholbrook.paseto.service.KeyId; import net.aholbrook.paseto.service.Token; import net.aholbrook.paseto.utils.AssertUtils; @@ -400,9 +402,9 @@ public void v1_token1_extractMissingFooter(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1_token1_localDecryptWithFooter(Paseto.Builder builder) { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); - TokenWithFooter result = paseto.decryptWithFooter(tv.getToken(), tv.getA(), tv.getPayloadClass(), + TokenWithFooter result = paseto.decryptWithFooter(tv.getToken(), tv.getLocalKey(), tv.getPayloadClass(), KeyId.class); Assertions.assertEquals(tv.getFooter(), result.getFooter(), "extracted footer != footer"); } @@ -411,9 +413,9 @@ public void v1_token1_localDecryptWithFooter(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1_token1_localDecryptWithFooterString(Paseto.Builder builder) { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); - TokenWithFooter result = paseto.decryptWithFooter(tv.getToken(), tv.getA(), tv.getPayloadClass()); + TokenWithFooter result = paseto.decryptWithFooter(tv.getToken(), tv.getLocalKey(), tv.getPayloadClass()); KeyId footer = builder.encodingProvider.decode(result.getFooter(), KeyId.class); Assertions.assertEquals(tv.getFooter(), footer, "extracted footer != footer"); } @@ -422,9 +424,9 @@ public void v1_token1_localDecryptWithFooterString(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1_token1_publicVerifyWithFooter(Paseto.Builder builder) { TestVector tv = TokenTestVectors.TV_1_V1_PUBLIC_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); - TokenWithFooter result = paseto.verifyWithFooter(tv.getToken(), tv.getB(), tv.getPayloadClass(), + TokenWithFooter result = paseto.verifyWithFooter(tv.getToken(), tv.getPublicKey(), tv.getPayloadClass(), KeyId.class); Assertions.assertEquals(tv.getFooter(), result.getFooter(), "extracted footer != footer"); } @@ -433,9 +435,9 @@ public void v1_token1_publicVerifyWithFooter(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1_token1_publicVerifyWithFooterString(Paseto.Builder builder) { TestVector tv = TokenTestVectors.TV_1_V1_PUBLIC_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); - TokenWithFooter result = paseto.verifyWithFooter(tv.getToken(), tv.getB(), tv.getPayloadClass()); + TokenWithFooter result = paseto.verifyWithFooter(tv.getToken(), tv.getPublicKey(), tv.getPayloadClass()); KeyId footer = builder.encodingProvider.decode(result.getFooter(), KeyId.class); Assertions.assertEquals(tv.getFooter(), footer, "extracted footer != footer"); } @@ -447,14 +449,14 @@ public void v1_token1_publicVerifyWithFooterString(Paseto.Builder builder) { public void v1_token1_modifyPayload(Paseto.Builder builder) { Assertions.assertThrows(SignatureVerificationException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); // encrypt and modify - String token = paseto.encrypt(tv.getPayload(), tv.getA()); + String token = paseto.encrypt(tv.getPayload(), tv.getLocalKey()); token = modify(token, new int[]{20, 15, 20}); // attempt to decrypt - paseto.decrypt(token, tv.getA(), tv.getPayloadClass()); + paseto.decrypt(token, tv.getLocalKey(), tv.getPayloadClass()); }); } @@ -464,14 +466,14 @@ public void v1_token1_modifyPayload(Paseto.Builder builder) { public void v1_token1_modifyFooter(Paseto.Builder builder) { Assertions.assertThrows(SignatureVerificationException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); // encrypt and modify - String token = paseto.encrypt(tv.getPayload(), tv.getA()); + String token = paseto.encrypt(tv.getPayload(), tv.getLocalKey()); token = modify(token, new int[]{token.length() - 1, token.length() - 4, token.length() - 6}); // attempt to decrypt - paseto.decrypt(token, tv.getA(), tv.getPayloadClass()); + paseto.decrypt(token, tv.getLocalKey(), tv.getPayloadClass()); }); } @@ -481,10 +483,10 @@ public void v1_token1_modifyFooter(Paseto.Builder builder) { public void v1_token1_decryptWrongKey(Paseto.Builder builder) { Assertions.assertThrows(SignatureVerificationException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); // attempt to decrypt - paseto.decrypt(tv.getToken(), RfcTestVectors.RFC_TEST_KEY, tv.getPayloadClass()); + paseto.decrypt(tv.getToken(), RfcTestVectors.RFC_TEST_V1_KEY, tv.getPayloadClass()); }); } @@ -494,34 +496,34 @@ public void v1_token1_decryptWrongKey(Paseto.Builder builder) { public void v1_token1_verifyWrongKey(Paseto.Builder builder) { Assertions.assertThrows(SignatureVerificationException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_PUBLIC; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); // attempt to decrypt - paseto.verify(tv.getToken(), RfcTestVectors.RFC_TEST_RSA_PUBLIC_KEY, tv.getPayloadClass()); + paseto.verify(tv.getToken(), RfcTestVectors.RFC_TEST_V1_PK, tv.getPayloadClass()); }); } - // Attempt to decrypt A V2 local token with as V1 local token, should fail with a InvalidHeaderException. + // Attempt to decrypt A V2 local token as a V1 local token, should fail with a InvalidHeaderException. @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1_token1_v2LocalAsV1Local(Paseto.Builder builder) { Assertions.assertThrows(InvalidHeaderException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); - paseto.decrypt(tv.getToken(), tv.getA(), tv.getPayloadClass()); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); + paseto.decrypt(tv.getToken(), TokenTestVectors.TEST_V1_KEY, tv.getPayloadClass()); }); } - // Attempt to decrypt A V2 local token with as V1 public token, should fail with a InvalidHeaderException. + // Attempt to decrypt A V2 local token as a V1 public token, should fail with a InvalidHeaderException. @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1_token1_v2LocalAsV1Public(Paseto.Builder builder) { Assertions.assertThrows(InvalidHeaderException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); - paseto.verify(tv.getToken(), tv.getA(), tv.getPayloadClass()); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); + paseto.verify(tv.getToken(), TokenTestVectors.TEST_V1_PK, tv.getPayloadClass()); }); } @@ -532,8 +534,8 @@ public void v1_token1_v2PublicAsV1Local(Paseto.Builder builder) { Assertions.assertThrows(InvalidHeaderException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_PUBLIC_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); - paseto.decrypt(tv.getToken(), tv.getA(), tv.getPayloadClass()); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); + paseto.decrypt(tv.getToken(), TokenTestVectors.TEST_V1_KEY, tv.getPayloadClass()); }); } @@ -544,8 +546,8 @@ public void v1_token1_v2PublicAsV1Public(Paseto.Builder builder) { Assertions.assertThrows(InvalidHeaderException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_PUBLIC_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); - paseto.verify(tv.getToken(), tv.getA(), tv.getPayloadClass()); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); + paseto.verify(tv.getToken(), TokenTestVectors.TEST_V1_PK, tv.getPayloadClass()); }); } @@ -556,8 +558,8 @@ public void v1_token1_publicAsLocal(Paseto.Builder builder) { Assertions.assertThrows(InvalidHeaderException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_PUBLIC_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); - paseto.decrypt(tv.getToken(), tv.getA(), tv.getPayloadClass()); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); + paseto.decrypt(tv.getToken(), TokenTestVectors.TEST_V1_KEY, tv.getPayloadClass()); }); } @@ -568,8 +570,8 @@ public void v1_token1_localAsPublic(Paseto.Builder builder) { Assertions.assertThrows(InvalidHeaderException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); - paseto.verify(tv.getToken(), tv.getA(), tv.getPayloadClass()); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); + paseto.verify(tv.getToken(), TokenTestVectors.TEST_V1_PK, tv.getPayloadClass()); }); } @@ -580,8 +582,8 @@ public void v1_token1_localMissingFooter(Paseto.Builder builder) { Assertions.assertThrows(InvalidFooterException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); - paseto.decrypt(tv.getToken(), tv.getA(), "not-the-footer", tv.getPayloadClass()); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); + paseto.decrypt(tv.getToken(), tv.getLocalKey(), "not-the-footer", tv.getPayloadClass()); }); } @@ -592,8 +594,8 @@ public void v1_token1_publicMissingFooter(Paseto.Builder builder) { Assertions.assertThrows(InvalidFooterException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_PUBLIC; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); - paseto.verify(tv.getToken(), tv.getA(), "not-the-footer", tv.getPayloadClass()); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); + paseto.verify(tv.getToken(), tv.getPublicKey(), "not-the-footer", tv.getPayloadClass()); }); } @@ -604,8 +606,8 @@ public void v1_token1_localWrongFooter(Paseto.Builder builder) { Assertions.assertThrows(InvalidFooterException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); - paseto.decrypt(tv.getToken(), tv.getA(), "not-the-footer", tv.getPayloadClass()); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); + paseto.decrypt(tv.getToken(), tv.getLocalKey(), "not-the-footer", tv.getPayloadClass()); }); } @@ -616,8 +618,8 @@ public void v1_token1_publicWrongFooter(Paseto.Builder builder) { Assertions.assertThrows(InvalidFooterException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_PUBLIC_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); - paseto.verify(tv.getToken(), tv.getA(), "not-the-footer", tv.getPayloadClass()); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); + paseto.verify(tv.getToken(), tv.getPublicKey(), "not-the-footer", tv.getPayloadClass()); }); } @@ -627,8 +629,8 @@ public void v1_token1_publicWrongFooter(Paseto.Builder builder) { public void v1_badInput(Paseto.Builder builder) { Assertions.assertThrows(PasetoStringException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); - paseto.decrypt("junk", tv.getA(), tv.getPayloadClass()); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); + paseto.decrypt("junk", tv.getLocalKey(), tv.getPayloadClass()); }); } @@ -637,8 +639,8 @@ public void v1_badInput(Paseto.Builder builder) { public void v1_badTokenDecrypt(Paseto.Builder builder) { Assertions.assertThrows(PasetoStringException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); - paseto.decrypt("v1.local.", tv.getA(), tv.getPayloadClass()); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); + paseto.decrypt("v1.local.", tv.getLocalKey(), tv.getPayloadClass()); }); } @@ -646,9 +648,9 @@ public void v1_badTokenDecrypt(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") public void v1_badTokenVerify(Paseto.Builder builder) { Assertions.assertThrows(PasetoStringException.class, () -> { - TestVector tv = TokenTestVectors.TV_1_V1_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); - paseto.verify("v1.local.", tv.getA(), tv.getPayloadClass()); + TestVector tv = TokenTestVectors.TV_1_V1_PUBLIC; + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); + paseto.verify("v1.local.", tv.getPublicKey(), tv.getPayloadClass()); }); } @@ -657,8 +659,8 @@ public void v1_badTokenVerify(Paseto.Builder builder) { public void v1_shortTokenLocal(Paseto.Builder builder) { Assertions.assertThrows(PasetoStringException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); - paseto.decrypt("v1.local.c29tZXRoaW5n", tv.getA(), tv.getPayloadClass()); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); + paseto.decrypt("v1.local.c29tZXRoaW5n", tv.getLocalKey(), tv.getPayloadClass()); }); } @@ -667,8 +669,8 @@ public void v1_shortTokenLocal(Paseto.Builder builder) { public void v1_shortTokenPublic(Paseto.Builder builder) { Assertions.assertThrows(PasetoStringException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_PUBLIC; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); - paseto.verify("v1.public.c29tZXRoaW5n", tv.getA(), tv.getPayloadClass()); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); + paseto.verify("v1.public.c29tZXRoaW5n", tv.getPublicKey(), tv.getPayloadClass()); }); } @@ -679,18 +681,18 @@ public void v1_shortTokenPublic(Paseto.Builder builder) { public void v1_token1_localNonce(Paseto.Builder builder) { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL_WITH_FOOTER; Paseto paseto = builder.build(); - String token1 = paseto.encrypt(tv.getPayload(), tv.getA(), tv.getFooter()); - String token2 = paseto.encrypt(tv.getPayload(), tv.getA(), tv.getFooter()); + String token1 = paseto.encrypt(tv.getPayload(), tv.getLocalKey(), tv.getFooter()); + String token2 = paseto.encrypt(tv.getPayload(), tv.getLocalKey(), tv.getFooter()); Assertions.assertNotEquals(token1, token2, "nonce failed, 2 tokens have same contents"); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV1Builders") - public void v1_token1_publicNonce(Paseto.Builder builder) { + public void v1_token1_publicNonce(Paseto.Builder builder) { // TODO naming, nonce not used but results should still differ TestVector tv = TokenTestVectors.TV_1_V1_PUBLIC_WITH_FOOTER; Paseto paseto = builder.build(); - String token1 = paseto.encrypt(tv.getPayload(), tv.getA(), tv.getFooter()); - String token2 = paseto.encrypt(tv.getPayload(), tv.getA(), tv.getFooter()); + String token1 = paseto.sign(tv.getPayload(), tv.getSecretKey(), tv.getFooter()); + String token2 = paseto.sign(tv.getPayload(), tv.getSecretKey(), tv.getFooter()); Assertions.assertNotEquals(token1, token2, "nonce failed, 2 tokens have same contents"); } @@ -715,7 +717,7 @@ public void v1_local_parseException_missingSections(Paseto.Builder builder) { Paseto paseto = builder.build(); AssertUtils.assertPasetoParseException(() -> - paseto.decrypt("", RfcTestVectors.RFC_TEST_KEY, RfcToken.class), + paseto.decrypt("", RfcTestVectors.RFC_TEST_V1_KEY, RfcToken.class), "", PasetoParseException.Reason.MISSING_SECTIONS, 0); }); } @@ -727,7 +729,7 @@ public void v1_public_parseException_missingSections(Paseto.Builder builder) { Paseto paseto = builder.build(); AssertUtils.assertPasetoParseException(() -> - paseto.verify("", RfcTestVectors.RFC_TEST_RSA_PUBLIC_KEY, RfcToken.class), + paseto.verify("", RfcTestVectors.RFC_TEST_V1_PK, RfcToken.class), "", PasetoParseException.Reason.MISSING_SECTIONS, 0); }); } @@ -739,7 +741,7 @@ public void v1_local_parseException_payloadLength(Paseto.Builder builder) { Paseto paseto = builder.build(); AssertUtils.assertPasetoParseException(() -> - paseto.decrypt("v1.local.aa", RfcTestVectors.RFC_TEST_KEY, RfcToken.class), + paseto.decrypt("v1.local.aa", RfcTestVectors.RFC_TEST_V1_KEY, RfcToken.class), "v1.local.aa", PasetoParseException.Reason.PAYLOAD_LENGTH, 81); }); } @@ -751,7 +753,7 @@ public void v1_public_parseException_payloadLength(Paseto.Builder builder) { Paseto paseto = builder.build(); AssertUtils.assertPasetoParseException(() -> - paseto.verify("v1.public.aa", RfcTestVectors.RFC_TEST_RSA_PUBLIC_KEY, RfcToken.class), + paseto.verify("v1.public.aa", RfcTestVectors.RFC_TEST_V1_PK, RfcToken.class), "v1.public.aa", PasetoParseException.Reason.PAYLOAD_LENGTH, 257); }); } diff --git a/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV2ServiceTest.java b/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV2ServiceTest.java index 80c862c..fe0f64c 100644 --- a/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV2ServiceTest.java +++ b/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV2ServiceTest.java @@ -7,6 +7,8 @@ import net.aholbrook.paseto.data.TestVector; import net.aholbrook.paseto.data.TokenTestVectors; import net.aholbrook.paseto.exception.claims.MissingClaimException; +import net.aholbrook.paseto.keys.AsymmetricPublicKey; +import net.aholbrook.paseto.keys.AsymmetricSecretKey; import net.aholbrook.paseto.service.KeyId; import net.aholbrook.paseto.service.LocalTokenService; import net.aholbrook.paseto.service.PublicTokenService; @@ -23,40 +25,40 @@ public class PasetoV2ServiceTest extends PasetoServiceTest { @Override protected LocalTokenService.KeyProvider rfcLocalKeyProvider() { - return () -> RfcTestVectors.RFC_TEST_KEY; + return () -> RfcTestVectors.RFC_TEST_V2_KEY; } @Override protected PublicTokenService.KeyProvider rfcPublicKeyProvider() { return new PublicTokenService.KeyProvider() { @Override - public byte[] getSecretKey() { - return RfcTestVectors.RFC_TEST_SK; + public AsymmetricSecretKey getSecretKey() { + return RfcTestVectors.RFC_TEST_V2_SK; } @Override - public byte[] getPublicKey() { - return RfcTestVectors.RFC_TEST_PK; + public AsymmetricPublicKey getPublicKey() { + return RfcTestVectors.RFC_TEST_V2_PK; } }; } @Override protected LocalTokenService.KeyProvider tokenLocalKeyProvider() { - return () -> TokenTestVectors.TEST_KEY; + return () -> TokenTestVectors.TEST_V2_KEY; } @Override protected PublicTokenService.KeyProvider tokenPublicKeyProvider() { return new PublicTokenService.KeyProvider() { @Override - public byte[] getSecretKey() { - return TokenTestVectors.TEST_SK; + public AsymmetricSecretKey getSecretKey() { + return TokenTestVectors.TEST_V2_SK; } @Override - public byte[] getPublicKey() { - return TokenTestVectors.TEST_PK; + public AsymmetricPublicKey getPublicKey() { + return TokenTestVectors.TEST_V2_PK; } }; } @@ -102,42 +104,42 @@ public void v2Service_publicServiceBuilderOverride(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2Service_rfcVectorE1(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V2_E_1; - encodeTestVector(rfcLocalService(builder, tv.getB()), tv); + encodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2Service_rfcVectorE2(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V2_E_2; - encodeTestVector(rfcLocalService(builder, tv.getB()), tv); + encodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2Service_rfcVectorE3(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V2_E_3; - encodeTestVector(rfcLocalService(builder, tv.getB()), tv); + encodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2Service_rfcVectorE4(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V2_E_4; - encodeTestVector(rfcLocalService(builder, tv.getB()), tv); + encodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2Service_rfcVectorE5(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V2_E_5; - encodeTestVector(rfcLocalService(builder, tv.getB()), tv); + encodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2Service_rfcVectorE6(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V2_E_6; - encodeTestVector(rfcLocalService(builder, tv.getB()), tv); + encodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } // Decryption tests @@ -145,42 +147,42 @@ public void v2Service_rfcVectorE6(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2Service_rfcVectorE1Decrypt(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V2_E_1; - decodeTestVector(rfcLocalService(builder, tv.getB()), tv); + decodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2Service_rfcVectorE2Decrypt(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V2_E_2; - decodeTestVector(rfcLocalService(builder, tv.getB()), tv); + decodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2Service_rfcVectorE3Decrypt(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V2_E_3; - decodeTestVector(rfcLocalService(builder, tv.getB()), tv); + decodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2Service_rfcVectorE4Decrypt(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V2_E_4; - decodeTestVector(rfcLocalService(builder, tv.getB()), tv); + decodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2Service_rfcVectorE5Decrypt(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V2_E_5; - decodeTestVector(rfcLocalService(builder, tv.getB()), tv); + decodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } @ParameterizedTest(name = "{displayName} with {0}") @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2Service_rfcVectorE6Decrypt(Paseto.Builder builder) { TestVector tv = RfcTestVectors.RFC_TEST_VECTOR_V2_E_6; - decodeTestVector(rfcLocalService(builder, tv.getB()), tv); + decodeTestVector(rfcLocalService(builder, tv.getNonce()), tv); } // Sign tests @@ -217,7 +219,7 @@ public void v2Service_rfcVectorS2Verify(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2Service_local_decodeWithFooter(Paseto.Builder builder) { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL_WITH_FOOTER; - TokenService service = tokenLocalService(builder, tv.getB()); + TokenService service = tokenLocalService(builder, tv.getNonce()); TokenWithFooter result = service.decodeWithFooter(tv.getToken(), KeyId.class); Assertions.assertEquals(tv.getPayload(), result.getToken()); @@ -239,7 +241,7 @@ public void v2Service_public_decodeWithFooter(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2Service_local_extractFooter(Paseto.Builder builder) { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL_WITH_FOOTER; - TokenService service = tokenLocalService(builder, tv.getB()); + TokenService service = tokenLocalService(builder, tv.getNonce()); KeyId result = service.getFooter(tv.getToken(), KeyId.class); Assertions.assertEquals(tv.getFooter(), result); @@ -249,7 +251,7 @@ public void v2Service_local_extractFooter(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2Service_local_extractFooter_asString(Paseto.Builder builder) { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL_WITH_FOOTER; - TokenService service = tokenLocalService(builder, tv.getB()); + TokenService service = tokenLocalService(builder, tv.getNonce()); String result = service.getFooter(tv.getToken()); Assertions.assertEquals("{\"kid\":\"key-1\"}", result); diff --git a/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV2Test.java b/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV2Test.java index 03de396..0ee7025 100644 --- a/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV2Test.java +++ b/paseto-core/src/test/java/net/aholbrook/paseto/PasetoV2Test.java @@ -2,7 +2,7 @@ import net.aholbrook.paseto.base64.jvm8.Base64Provider; import net.aholbrook.paseto.base64.jvm8.jvm8.Jvm8Base64Provider; -import net.aholbrook.paseto.crypto.KeyPair; +import net.aholbrook.paseto.keys.KeyPair; import net.aholbrook.paseto.crypto.TestNonceGenerator; import net.aholbrook.paseto.crypto.v2.V2CryptoProvider; import net.aholbrook.paseto.crypto.v2.bc.BouncyCastleV2CryptoProvider; @@ -17,6 +17,7 @@ import net.aholbrook.paseto.exception.PasetoParseException; import net.aholbrook.paseto.exception.PasetoStringException; import net.aholbrook.paseto.exception.SignatureVerificationException; +import net.aholbrook.paseto.keys.AsymmetricPublicKey; import net.aholbrook.paseto.service.KeyId; import net.aholbrook.paseto.service.Token; import net.aholbrook.paseto.utils.AssertUtils; @@ -385,9 +386,9 @@ public void v2_token1_extractMissingFooter(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2_token1_localDecryptWithFooter(Paseto.Builder builder) { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); - TokenWithFooter result = paseto.decryptWithFooter(tv.getToken(), tv.getA(), tv.getPayloadClass(), + TokenWithFooter result = paseto.decryptWithFooter(tv.getToken(), tv.getLocalKey(), tv.getPayloadClass(), KeyId.class); Assertions.assertEquals(tv.getFooter(), result.getFooter(), "extracted footer != footer"); } @@ -396,9 +397,9 @@ public void v2_token1_localDecryptWithFooter(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2_token1_localDecryptWithFooterString(Paseto.Builder builder) { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); - TokenWithFooter result = paseto.decryptWithFooter(tv.getToken(), tv.getA(), tv.getPayloadClass()); + TokenWithFooter result = paseto.decryptWithFooter(tv.getToken(), tv.getLocalKey(), tv.getPayloadClass()); KeyId footer = builder.encodingProvider.decode(result.getFooter(), KeyId.class); Assertions.assertEquals(tv.getFooter(), footer, "extracted footer != footer"); } @@ -407,9 +408,9 @@ public void v2_token1_localDecryptWithFooterString(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v1_token1_publicVerifyWithFooter(Paseto.Builder builder) { TestVector tv = TokenTestVectors.TV_1_V2_PUBLIC_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); - TokenWithFooter result = paseto.verifyWithFooter(tv.getToken(), tv.getB(), tv.getPayloadClass(), + TokenWithFooter result = paseto.verifyWithFooter(tv.getToken(), tv.getPublicKey(), tv.getPayloadClass(), KeyId.class); Assertions.assertEquals(tv.getFooter(), result.getFooter(), "extracted footer != footer"); } @@ -418,9 +419,9 @@ public void v1_token1_publicVerifyWithFooter(Paseto.Builder builder) { @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") public void v2_token1_publicVerifyWithFooterString(Paseto.Builder builder) { TestVector tv = TokenTestVectors.TV_1_V2_PUBLIC_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); - TokenWithFooter result = paseto.verifyWithFooter(tv.getToken(), tv.getB(), tv.getPayloadClass()); + TokenWithFooter result = paseto.verifyWithFooter(tv.getToken(), tv.getPublicKey(), tv.getPayloadClass()); KeyId footer = builder.encodingProvider.decode(result.getFooter(), KeyId.class); Assertions.assertEquals(tv.getFooter(), footer, "extracted footer != footer"); } @@ -432,14 +433,14 @@ public void v2_token1_publicVerifyWithFooterString(Paseto.Builder builder) { public void v2_token1_modifyPayload(Paseto.Builder builder) { Assertions.assertThrows(DecryptionException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); // encrypt and modify - String token = paseto.encrypt(tv.getPayload(), tv.getA()); + String token = paseto.encrypt(tv.getPayload(), tv.getLocalKey()); token = modify(token, new int[]{20, 15, 20}); // attempt to decrypt - paseto.decrypt(token, tv.getA(), tv.getPayloadClass()); + paseto.decrypt(token, tv.getLocalKey(), tv.getPayloadClass()); }); } @@ -449,14 +450,14 @@ public void v2_token1_modifyPayload(Paseto.Builder builder) { public void v2_token1_modifyFooter(Paseto.Builder builder) { Assertions.assertThrows(DecryptionException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); // encrypt and modify - String token = paseto.encrypt(tv.getPayload(), tv.getA()); + String token = paseto.encrypt(tv.getPayload(), tv.getLocalKey()); token = modify(token, new int[]{token.length() - 1, token.length() - 4, token.length() - 6}); // attempt to decrypt - paseto.decrypt(token, tv.getA(), tv.getPayloadClass()); + paseto.decrypt(token, tv.getLocalKey(), tv.getPayloadClass()); }); } @@ -466,10 +467,10 @@ public void v2_token1_modifyFooter(Paseto.Builder builder) { public void v2_token1_decryptWrongKey(Paseto.Builder builder) { Assertions.assertThrows(DecryptionException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); // attempt to decrypt - paseto.decrypt(tv.getToken(), RfcTestVectors.RFC_TEST_KEY, tv.getPayloadClass()); + paseto.decrypt(tv.getToken(), RfcTestVectors.RFC_TEST_V2_KEY, tv.getPayloadClass()); }); } @@ -479,10 +480,11 @@ public void v2_token1_decryptWrongKey(Paseto.Builder builder) { public void v2_token1_verifyWrongKey(Paseto.Builder builder) { Assertions.assertThrows(SignatureVerificationException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_PUBLIC; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); // attempt to decrypt - paseto.verify(tv.getToken(), RfcTestVectors.RFC_TEST_PK, tv.getPayloadClass()); + paseto.verify(tv.getToken(), new AsymmetricPublicKey(RfcTestVectors.RFC_TEST_PK, Version.V2), + tv.getPayloadClass()); }); } @@ -492,9 +494,9 @@ public void v2_token1_verifyWrongKey(Paseto.Builder builder) { public void v2_token1_v1LocalAsV2Local(Paseto.Builder builder) { Assertions.assertThrows(InvalidHeaderException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); AssertUtils.assertInvalidHeaderException(() -> - paseto.decrypt(tv.getToken(), tv.getA(), tv.getPayloadClass()), + paseto.decrypt(tv.getToken(), TokenTestVectors.TEST_V2_KEY, tv.getPayloadClass()), PasetoV1.HEADER_LOCAL, PasetoV2.HEADER_LOCAL); }); } @@ -505,9 +507,9 @@ public void v2_token1_v1LocalAsV2Local(Paseto.Builder builder) { public void v2_token1_v1LocalAsV2Public(Paseto.Builder builder) { Assertions.assertThrows(InvalidHeaderException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_LOCAL_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); AssertUtils.assertInvalidHeaderException(() -> - paseto.verify(tv.getToken(), tv.getA(), tv.getPayloadClass()), + paseto.verify(tv.getToken(), TokenTestVectors.TEST_V2_PK, tv.getPayloadClass()), PasetoV1.HEADER_LOCAL, PasetoV2.HEADER_PUBLIC); }); } @@ -518,9 +520,9 @@ public void v2_token1_v1LocalAsV2Public(Paseto.Builder builder) { public void v2_token1_v1PublicAsV2Local(Paseto.Builder builder) { Assertions.assertThrows(InvalidHeaderException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_PUBLIC_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); AssertUtils.assertInvalidHeaderException(() -> - paseto.decrypt(tv.getToken(), tv.getA(), tv.getPayloadClass()), + paseto.decrypt(tv.getToken(), TokenTestVectors.TEST_V2_KEY, tv.getPayloadClass()), PasetoV1.HEADER_PUBLIC, PasetoV2.HEADER_LOCAL); }); } @@ -531,9 +533,9 @@ public void v2_token1_v1PublicAsV2Local(Paseto.Builder builder) { public void v2_token1_v1PublicAsV2Public(Paseto.Builder builder) { Assertions.assertThrows(InvalidHeaderException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V1_PUBLIC_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); AssertUtils.assertInvalidHeaderException(() -> - paseto.verify(tv.getToken(), tv.getA(), tv.getPayloadClass()), + paseto.verify(tv.getToken(), TokenTestVectors.TEST_V2_PK, tv.getPayloadClass()), PasetoV1.HEADER_PUBLIC, PasetoV2.HEADER_PUBLIC); }); } @@ -544,9 +546,9 @@ public void v2_token1_v1PublicAsV2Public(Paseto.Builder builder) { public void v2_token1_publicAsLocal(Paseto.Builder builder) { Assertions.assertThrows(InvalidHeaderException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_PUBLIC_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); AssertUtils.assertInvalidHeaderException(() -> - paseto.decrypt(tv.getToken(), tv.getA(), tv.getPayloadClass()), + paseto.decrypt(tv.getToken(), TokenTestVectors.TEST_V2_KEY, tv.getPayloadClass()), PasetoV2.HEADER_PUBLIC, PasetoV2.HEADER_LOCAL); }); } @@ -557,9 +559,9 @@ public void v2_token1_publicAsLocal(Paseto.Builder builder) { public void v2_token1_localAsPublic(Paseto.Builder builder) { Assertions.assertThrows(InvalidHeaderException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); AssertUtils.assertInvalidHeaderException(() -> - paseto.verify(tv.getToken(), tv.getA(), tv.getPayloadClass()), + paseto.verify(tv.getToken(), TokenTestVectors.TEST_V2_PK, tv.getPayloadClass()), PasetoV2.HEADER_LOCAL, PasetoV2.HEADER_PUBLIC); }); } @@ -570,9 +572,9 @@ public void v2_token1_localAsPublic(Paseto.Builder builder) { public void v2_token1_localMissingFooter(Paseto.Builder builder) { Assertions.assertThrows(InvalidFooterException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); AssertUtils.assertInvalidFooterException(() -> - paseto.decrypt(tv.getToken(), tv.getA(), "not-the-footer", tv.getPayloadClass()), + paseto.decrypt(tv.getToken(), tv.getLocalKey(), "not-the-footer", tv.getPayloadClass()), "", "not-the-footer"); }); } @@ -583,9 +585,9 @@ public void v2_token1_localMissingFooter(Paseto.Builder builder) { public void v2_token1_publicMissingFooter(Paseto.Builder builder) { Assertions.assertThrows(InvalidFooterException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_PUBLIC; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); AssertUtils.assertInvalidFooterException(() -> - paseto.verify(tv.getToken(), tv.getA(), "not-the-footer", tv.getPayloadClass()), + paseto.verify(tv.getToken(), tv.getPublicKey(), "not-the-footer", tv.getPayloadClass()), "", "not-the-footer"); }); } @@ -596,10 +598,10 @@ public void v2_token1_publicMissingFooter(Paseto.Builder builder) { public void v2_token1_localWrongFooter(Paseto.Builder builder) { Assertions.assertThrows(InvalidFooterException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); String given = builder.encodingProvider.encode(tv.getFooter()); AssertUtils.assertInvalidFooterException(() -> - paseto.decrypt(tv.getToken(), tv.getA(), "not-the-footer", tv.getPayloadClass()), + paseto.decrypt(tv.getToken(), tv.getLocalKey(), "not-the-footer", tv.getPayloadClass()), given, "not-the-footer"); }); } @@ -610,10 +612,10 @@ public void v2_token1_localWrongFooter(Paseto.Builder builder) { public void v2_token1_publicWrongFooter(Paseto.Builder builder) { Assertions.assertThrows(InvalidFooterException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_PUBLIC_WITH_FOOTER; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); String given = builder.encodingProvider.encode(tv.getFooter()); AssertUtils.assertInvalidFooterException(() -> - paseto.verify(tv.getToken(), tv.getA(), "not-the-footer", tv.getPayloadClass()), + paseto.verify(tv.getToken(), tv.getPublicKey(), "not-the-footer", tv.getPayloadClass()), given, "not-the-footer"); }); } @@ -624,9 +626,9 @@ public void v2_token1_publicWrongFooter(Paseto.Builder builder) { public void v2_badInput(Paseto.Builder builder) { Assertions.assertThrows(PasetoStringException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); AssertUtils.assertPasetoStringException(() -> - paseto.decrypt("junk", tv.getA(), tv.getPayloadClass()), + paseto.decrypt("junk", tv.getLocalKey(), tv.getPayloadClass()), "junk"); }); } @@ -636,9 +638,9 @@ public void v2_badInput(Paseto.Builder builder) { public void v2_badTokenDecrypt(Paseto.Builder builder) { Assertions.assertThrows(PasetoStringException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); AssertUtils.assertPasetoStringException(() -> - paseto.decrypt("v2.local.", tv.getA(), tv.getPayloadClass()), + paseto.decrypt("v2.local.", tv.getLocalKey(), tv.getPayloadClass()), "v2.local."); }); } @@ -648,9 +650,9 @@ public void v2_badTokenDecrypt(Paseto.Builder builder) { public void v2_badTokenVerify(Paseto.Builder builder) { Assertions.assertThrows(PasetoStringException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); AssertUtils.assertPasetoStringException(() -> - paseto.verify("v2.local.", tv.getA(), tv.getPayloadClass()), + paseto.verify("v2.local.", TokenTestVectors.TEST_V2_PK, tv.getPayloadClass()), "v2.local."); }); } @@ -660,9 +662,9 @@ public void v2_badTokenVerify(Paseto.Builder builder) { public void v2_shortTokenLocal(Paseto.Builder builder) { Assertions.assertThrows(PasetoStringException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); AssertUtils.assertPasetoStringException(() -> - paseto.decrypt("v2.local.c29tZXRoaW5n", tv.getA(), tv.getPayloadClass()), + paseto.decrypt("v2.local.c29tZXRoaW5n", tv.getLocalKey(), tv.getPayloadClass()), "v2.local.c29tZXRoaW5n"); }); } @@ -672,9 +674,9 @@ public void v2_shortTokenLocal(Paseto.Builder builder) { public void v2_shortTokenPublic(Paseto.Builder builder) { Assertions.assertThrows(PasetoStringException.class, () -> { TestVector tv = TokenTestVectors.TV_1_V2_PUBLIC; - Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getB())).build(); + Paseto paseto = builder.withNonceGenerator(new TestNonceGenerator(tv.getNonce())).build(); AssertUtils.assertPasetoStringException(() -> - paseto.verify("v2.public.c29tZXRoaW5n", tv.getA(), tv.getPayloadClass()), + paseto.verify("v2.public.c29tZXRoaW5n", tv.getPublicKey(), tv.getPayloadClass()), "v2.public.c29tZXRoaW5n"); }); } @@ -686,18 +688,8 @@ public void v2_shortTokenPublic(Paseto.Builder builder) { public void v2_token1_localNonce(Paseto.Builder builder) { TestVector tv = TokenTestVectors.TV_1_V2_LOCAL_WITH_FOOTER; Paseto paseto = builder.build(); - String token1 = paseto.encrypt(tv.getPayload(), tv.getA(), tv.getFooter()); - String token2 = paseto.encrypt(tv.getPayload(), tv.getA(), tv.getFooter()); - Assertions.assertNotEquals(token1, token2, "nonce failed, 2 tokens have same contents"); - } - - @ParameterizedTest(name = "{displayName} with {0}") - @MethodSource("net.aholbrook.paseto.Sources#pasetoV2Builders") - public void v2_token1_publicNonce(Paseto.Builder builder) { - TestVector tv = TokenTestVectors.TV_1_V2_PUBLIC_WITH_FOOTER; - Paseto paseto = builder.build(); - String token1 = paseto.encrypt(tv.getPayload(), tv.getA(), tv.getFooter()); - String token2 = paseto.encrypt(tv.getPayload(), tv.getA(), tv.getFooter()); + String token1 = paseto.encrypt(tv.getPayload(), tv.getLocalKey(), tv.getFooter()); + String token2 = paseto.encrypt(tv.getPayload(), tv.getLocalKey(), tv.getFooter()); Assertions.assertNotEquals(token1, token2, "nonce failed, 2 tokens have same contents"); } @@ -722,7 +714,7 @@ public void v2_local_parseException_missingSections(Paseto.Builder builder) { Paseto paseto = builder.build(); AssertUtils.assertPasetoParseException(() -> - paseto.decrypt("", RfcTestVectors.RFC_TEST_KEY, RfcToken.class), + paseto.decrypt("", RfcTestVectors.RFC_TEST_V2_KEY, RfcToken.class), "", PasetoParseException.Reason.MISSING_SECTIONS, 0); }); } @@ -734,7 +726,7 @@ public void v2_public_parseException_missingSections(Paseto.Builder builder) { Paseto paseto = builder.build(); AssertUtils.assertPasetoParseException(() -> - paseto.verify("", RfcTestVectors.RFC_TEST_PK, RfcToken.class), + paseto.verify("", RfcTestVectors.RFC_TEST_V2_PK, RfcToken.class), "", PasetoParseException.Reason.MISSING_SECTIONS, 0); }); } @@ -746,7 +738,7 @@ public void v2_local_parseException_payloadLength(Paseto.Builder builder) { Paseto paseto = builder.build(); AssertUtils.assertPasetoParseException(() -> - paseto.decrypt("v2.local.aa", RfcTestVectors.RFC_TEST_KEY, RfcToken.class), + paseto.decrypt("v2.local.aa", RfcTestVectors.RFC_TEST_V2_KEY, RfcToken.class), "v2.local.aa", PasetoParseException.Reason.PAYLOAD_LENGTH, 25); }); } @@ -758,7 +750,7 @@ public void v2_public_parseException_payloadLength(Paseto.Builder builder) { Paseto paseto = builder.build(); AssertUtils.assertPasetoParseException(() -> - paseto.verify("v2.public.aa", RfcTestVectors.RFC_TEST_PK, RfcToken.class), + paseto.verify("v2.public.aa", RfcTestVectors.RFC_TEST_V2_PK, RfcToken.class), "v2.public.aa", PasetoParseException.Reason.PAYLOAD_LENGTH, 65); }); } diff --git a/paseto-core/src/test/java/net/aholbrook/paseto/V1CryptoProviderTest.java b/paseto-core/src/test/java/net/aholbrook/paseto/V1CryptoProviderTest.java index ca70275..f0bf8a7 100644 --- a/paseto-core/src/test/java/net/aholbrook/paseto/V1CryptoProviderTest.java +++ b/paseto-core/src/test/java/net/aholbrook/paseto/V1CryptoProviderTest.java @@ -1,6 +1,7 @@ package net.aholbrook.paseto; -import net.aholbrook.paseto.crypto.KeyPair; +import net.aholbrook.paseto.crypto.Pair; +import net.aholbrook.paseto.keys.KeyPair; import net.aholbrook.paseto.crypto.exception.ByteArrayLengthException; import net.aholbrook.paseto.crypto.exception.CryptoProviderException; import net.aholbrook.paseto.crypto.v1.V1CryptoProvider; @@ -337,9 +338,9 @@ public void crypto_v1_rsaVerify_invalidPublicKey(V1CryptoProvider v1CryptoProvid @MethodSource("net.aholbrook.paseto.Sources#v1CryptoProviders") public void crypto_v1_generateKeyPair(V1CryptoProvider v1CryptoProvider) { byte[] message = StringUtils.getBytesUtf8("test message"); - KeyPair keyPair = v1CryptoProvider.rsaGenerate(); - byte[] sig = v1CryptoProvider.rsaSign(message, keyPair.getSecretKey()); - v1CryptoProvider.rsaVerify(message, sig, keyPair.getPublicKey()); + Pair keyPair = v1CryptoProvider.rsaGenerate(); + byte[] sig = v1CryptoProvider.rsaSign(message, keyPair.a); + v1CryptoProvider.rsaVerify(message, sig, keyPair.b); } // https://www.ietf.org/rfc/rfc4868.txt diff --git a/paseto-core/src/test/java/net/aholbrook/paseto/data/RfcTestVectors.java b/paseto-core/src/test/java/net/aholbrook/paseto/data/RfcTestVectors.java index 4eaef27..521b539 100644 --- a/paseto-core/src/test/java/net/aholbrook/paseto/data/RfcTestVectors.java +++ b/paseto-core/src/test/java/net/aholbrook/paseto/data/RfcTestVectors.java @@ -1,20 +1,24 @@ package net.aholbrook.paseto.data; +import net.aholbrook.paseto.Version; +import net.aholbrook.paseto.keys.AsymmetricPublicKey; +import net.aholbrook.paseto.keys.AsymmetricSecretKey; +import net.aholbrook.paseto.keys.SymmetricKey; import net.aholbrook.paseto.service.KeyId; import net.aholbrook.paseto.utils.Hex; public class RfcTestVectors { - public static byte[] RFC_TEST_KEY = Hex.decode("707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e" + public static final byte[] RFC_TEST_KEY = Hex.decode("707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e" + "8f"); - public static byte[] RFC_TEST_NONCE_1 = Hex.decode("000000000000000000000000000000000000000000000000"); - public static byte[] RFC_TEST_NONCE_V1 = Hex.decode("26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8db" + public static final byte[] RFC_TEST_NONCE_1 = Hex.decode("000000000000000000000000000000000000000000000000"); + public static final byte[] RFC_TEST_NONCE_V1 = Hex.decode("26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8db" + "be7f7f2"); - public static byte[] RFC_TEST_NONCE_V2 = Hex.decode("45742c976d684ff84ebdc0de59809a97cda2f64c84fda19b"); - public static byte[] RFC_TEST_SK = Hex.decode("b4cbfb43df4ce210727d953e4a713307fa19bb7d9f85041438d9e11b942a377" + public static final byte[] RFC_TEST_NONCE_V2 = Hex.decode("45742c976d684ff84ebdc0de59809a97cda2f64c84fda19b"); + public static final byte[] RFC_TEST_SK = Hex.decode("b4cbfb43df4ce210727d953e4a713307fa19bb7d9f85041438d9e11b942a377" + "41eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a2"); - public static byte[] RFC_TEST_PK = Hex.decode("1eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a" + public static final byte[] RFC_TEST_PK = Hex.decode("1eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a" + "2"); - public static byte[] RFC_TEST_RSA_PRIVATE_KEY = Hex.decode( + public static final byte[] RFC_TEST_RSA_PRIVATE_KEY = Hex.decode( "308204BD020100300D06092A864886F70D0101010500048204A7308204A30201000282010100C9A4E04EDE77A61DE9E461E0C2" + "8196C33E6145F597490034F0D08EC1ED0512000B5A8B3D1828CD14277BDB79C21F106D375A9DEF831287FB8DF3C24F21" + "BC312A1783A78931A3860C379B6B3DA1747BD1BA063D4DD361E76A7C452D6FA098B6E060EFD26587D617F33CC8B05CBB" @@ -41,7 +45,7 @@ public class RfcTestVectors { + "514C9E9C31BF4A56EF6EC79FDC2E68EB3851B7AC0A7C26A5C3137F31940EECD85C2B40AB6A4997AE071BAC2C7645A68C" + "14C91299BA6FD89B381377A85576CD0D07CB22A5316C48B954A3F603A8EB5845ED41FD5C1E91E0745D96904EB886E001" + "6678E9D923F7F1CCF68BDD3F4232"); - public static byte[] RFC_TEST_RSA_PUBLIC_KEY = Hex.decode( + public static final byte[] RFC_TEST_RSA_PUBLIC_KEY = Hex.decode( "30820122300D06092A864886F70D01010105000382010F003082010A0282010100C9A4E04EDE77A61DE9E461E0C28196C33E61" + "45F597490034F0D08EC1ED0512000B5A8B3D1828CD14277BDB79C21F106D375A9DEF831287FB8DF3C24F21BC312A1783" + "A78931A3860C379B6B3DA1747BD1BA063D4DD361E76A7C452D6FA098B6E060EFD26587D617F33CC8B05CBB96353ADD19" @@ -50,107 +54,101 @@ public class RfcTestVectors { + "0B5FB5C3F156E8759CA7F246D64282F033C889D67BF016EABFD605CE401B3678B979204EB17541286EFC66C73CA30203" + "010001"); + public static final SymmetricKey RFC_TEST_V1_KEY = new SymmetricKey(RFC_TEST_KEY, Version.V1); + public static final AsymmetricSecretKey RFC_TEST_V1_SK = new AsymmetricSecretKey(RFC_TEST_RSA_PRIVATE_KEY, Version.V1); + public static final AsymmetricPublicKey RFC_TEST_V1_PK = new AsymmetricPublicKey(RFC_TEST_RSA_PUBLIC_KEY, Version.V1); + + public static final SymmetricKey RFC_TEST_V2_KEY = new SymmetricKey(RFC_TEST_KEY, Version.V2); + public static final AsymmetricSecretKey RFC_TEST_V2_SK = new AsymmetricSecretKey(RFC_TEST_SK, Version.V2); + public static final AsymmetricPublicKey RFC_TEST_V2_PK = new AsymmetricPublicKey(RFC_TEST_PK, Version.V2); + // A.1.1.1. Test Vector v1-E-1 - private static byte[] RFC_TEST_VECTOR_V1_E_1_KEY = RFC_TEST_KEY; - private static byte[] RFC_TEST_VECTOR_V1_E_1_NONCE = RFC_TEST_NONCE_1; - private static RfcToken RFC_TEST_VECTOR_V1_E_1_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V1_E_1_PAYLOAD = new RfcToken("this is a signed message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V1_E_1_FOOTER = null; - private static String RFC_TEST_VECTOR_V1_E_1_TOKEN + private static final KeyId RFC_TEST_VECTOR_V1_E_1_FOOTER = null; + private static final String RFC_TEST_VECTOR_V1_E_1_TOKEN = "v1.local.WzhIh1MpbqVNXNt7-HbWvL-JwAym3Tomad9Pc2nl7wK87vGraUV" + "vn2bs8BBNo7jbukCNrkVID0jCK2vr5bP18G78j1bOTbBcP9HZzqnraEdspcj" + "d_PvrxDEhj9cS2MG5fmxtvuoHRp3M24HvxTtql9z26KTfPWxJN5bAJaAM6go" + "s8fnfjJO8oKiqQMaiBP_Cqncmqw8"; - public static TestVector RFC_TEST_VECTOR_V1_E_1 - = new TestVector<>(RFC_TEST_VECTOR_V1_E_1_KEY, RFC_TEST_VECTOR_V1_E_1_NONCE, RFC_TEST_VECTOR_V1_E_1_PAYLOAD, + public static final TestVector RFC_TEST_VECTOR_V1_E_1 + = new TestVector<>(RFC_TEST_V1_KEY, RFC_TEST_NONCE_1, RFC_TEST_VECTOR_V1_E_1_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V1_E_1_FOOTER, RFC_TEST_VECTOR_V1_E_1_TOKEN); // A.1.1.2. Test Vector v1-E-2 - private static byte[] RFC_TEST_VECTOR_V1_E_2_KEY = RFC_TEST_KEY; - private static byte[] RFC_TEST_VECTOR_V1_E_2_NONCE = RFC_TEST_NONCE_1; - private static RfcToken RFC_TEST_VECTOR_V1_E_2_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V1_E_2_PAYLOAD = new RfcToken("this is a secret message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V1_E_2_FOOTER = null; - private static String RFC_TEST_VECTOR_V1_E_2_TOKEN + private static final KeyId RFC_TEST_VECTOR_V1_E_2_FOOTER = null; + private static final String RFC_TEST_VECTOR_V1_E_2_TOKEN = "v1.local.w_NOpjgte4bX-2i1JAiTQzHoGUVOgc2yqKqsnYGmaPaCu_KWUkR" + "GlCRnOvZZxeH4HTykY7AE_jkzSXAYBkQ1QnwvKS16uTXNfnmp8IRknY76I2m" + "3S5qsM8klxWQQKFDuQHl8xXV0MwAoeFh9X6vbwIqrLlof3s4PMjRDwKsxYzk" + "Mr1RvfDI8emoPoW83q4Q60_xpHaw"; - public static TestVector RFC_TEST_VECTOR_V1_E_2 - = new TestVector<>(RFC_TEST_VECTOR_V1_E_2_KEY, RFC_TEST_VECTOR_V1_E_2_NONCE, RFC_TEST_VECTOR_V1_E_2_PAYLOAD, + public static final TestVector RFC_TEST_VECTOR_V1_E_2 + = new TestVector<>(RFC_TEST_V1_KEY, RFC_TEST_NONCE_1, RFC_TEST_VECTOR_V1_E_2_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V1_E_2_FOOTER, RFC_TEST_VECTOR_V1_E_2_TOKEN); // A.1.1.3. Test Vector v1-E-3 - private static byte[] RFC_TEST_VECTOR_V1_E_3_KEY = RFC_TEST_KEY; - private static byte[] RFC_TEST_VECTOR_V1_E_3_NONCE = RFC_TEST_NONCE_V1; - private static RfcToken RFC_TEST_VECTOR_V1_E_3_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V1_E_3_PAYLOAD = new RfcToken("this is a signed message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V1_E_3_FOOTER = null; - private static String RFC_TEST_VECTOR_V1_E_3_TOKEN + private static final KeyId RFC_TEST_VECTOR_V1_E_3_FOOTER = null; + private static final String RFC_TEST_VECTOR_V1_E_3_TOKEN = "v1.local.4VyfcVcFAOAbB8yEM1j1Ob7Iez5VZJy5kHNsQxmlrAwKUbOtq9c" + "v39T2fC0MDWafX0nQJ4grFZzTdroMvU772RW-X1oTtoFBjsl_3YYHWnwgqzs" + "0aFc3ejjORmKP4KUM339W3syBYyjKIOeWnsFQB6Yef-1ov9rvqt7TmwONUHe" + "JUYk4IK_JEdUeo_uFRqAIgHsiGCg"; - public static TestVector RFC_TEST_VECTOR_V1_E_3 - = new TestVector<>(RFC_TEST_VECTOR_V1_E_3_KEY, RFC_TEST_VECTOR_V1_E_3_NONCE, RFC_TEST_VECTOR_V1_E_3_PAYLOAD, + public static final TestVector RFC_TEST_VECTOR_V1_E_3 + = new TestVector<>(RFC_TEST_V1_KEY, RFC_TEST_NONCE_V1, RFC_TEST_VECTOR_V1_E_3_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V1_E_3_FOOTER, RFC_TEST_VECTOR_V1_E_3_TOKEN); // A.1.1.4. Test Vector v1-E-4 - private static byte[] RFC_TEST_VECTOR_V1_E_4_KEY = RFC_TEST_KEY; - private static byte[] RFC_TEST_VECTOR_V1_E_4_NONCE = RFC_TEST_NONCE_V1; - private static RfcToken RFC_TEST_VECTOR_V1_E_4_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V1_E_4_PAYLOAD = new RfcToken("this is a secret message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V1_E_4_FOOTER = null; - private static String RFC_TEST_VECTOR_V1_E_4_TOKEN + private static final KeyId RFC_TEST_VECTOR_V1_E_4_FOOTER = null; + private static final String RFC_TEST_VECTOR_V1_E_4_TOKEN = "v1.local.IddlRQmpk6ojcD10z1EYdLexXvYiadtY0MrYQaRnq3dnqKIWcbb" + "pOcgXdMIkm3_3gksirTj81bvWrWkQwcUHilt-tQo7LZK8I6HCK1V78B9YeEq" + "GNeeWXOyWWHoJQIe0d5nTdvejdt2Srz_5Q0QG4oiz1gB_wmv4U5pifedaZbH" + "XUTWXchFEi0etJ4u6tqgxZSklcec"; - public static TestVector RFC_TEST_VECTOR_V1_E_4 - = new TestVector<>(RFC_TEST_VECTOR_V1_E_4_KEY, RFC_TEST_VECTOR_V1_E_4_NONCE, RFC_TEST_VECTOR_V1_E_4_PAYLOAD, + public static final TestVector RFC_TEST_VECTOR_V1_E_4 + = new TestVector<>(RFC_TEST_V1_KEY, RFC_TEST_NONCE_V1, RFC_TEST_VECTOR_V1_E_4_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V1_E_4_FOOTER, RFC_TEST_VECTOR_V1_E_4_TOKEN); // A.1.1.5. Test Vector v1-E-5 - private static byte[] RFC_TEST_VECTOR_V1_E_5_KEY = RFC_TEST_KEY; - private static byte[] RFC_TEST_VECTOR_V1_E_5_NONCE = RFC_TEST_NONCE_V1; - private static RfcToken RFC_TEST_VECTOR_V1_E_5_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V1_E_5_PAYLOAD = new RfcToken("this is a signed message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V1_E_5_FOOTER + private static final KeyId RFC_TEST_VECTOR_V1_E_5_FOOTER = new KeyId().setKeyId("UbkK8Y6iv4GZhFp6Tx3IWLWLfNXSEvJcdT3zdR65YZxo"); - private static String RFC_TEST_VECTOR_V1_E_5_TOKEN + private static final String RFC_TEST_VECTOR_V1_E_5_TOKEN = "v1.local.4VyfcVcFAOAbB8yEM1j1Ob7Iez5VZJy5kHNsQxmlrAwKUbOtq9c" + "v39T2fC0MDWafX0nQJ4grFZzTdroMvU772RW-X1oTtoFBjsl_3YYHWnwgqzs" + "0aFc3ejjORmKP4KUM339W3szA28OabR192eRqiyspQ6xPM35NMR-04-FhRJ" + "ZEWiF0W5oWjPVtGPjeVjm2DI4YtJg.eyJraWQiOiJVYmtLOFk2aXY0R1poRn" + "A2VHgzSVdMV0xmTlhTRXZKY2RUM3pkUjY1WVp4byJ9"; - public static TestVector RFC_TEST_VECTOR_V1_E_5 - = new TestVector<>(RFC_TEST_VECTOR_V1_E_5_KEY, RFC_TEST_VECTOR_V1_E_5_NONCE, RFC_TEST_VECTOR_V1_E_5_PAYLOAD, + public static final TestVector RFC_TEST_VECTOR_V1_E_5 + = new TestVector<>(RFC_TEST_V1_KEY, RFC_TEST_NONCE_V1, RFC_TEST_VECTOR_V1_E_5_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V1_E_5_FOOTER, RFC_TEST_VECTOR_V1_E_5_TOKEN); // A.1.1.6. Test Vector v1-E-6 - private static byte[] RFC_TEST_VECTOR_V1_E_6_KEY = RFC_TEST_KEY; - private static byte[] RFC_TEST_VECTOR_V1_E_6_NONCE = RFC_TEST_NONCE_V1; - private static RfcToken RFC_TEST_VECTOR_V1_E_6_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V1_E_6_PAYLOAD = new RfcToken("this is a secret message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V1_E_6_FOOTER + private static final KeyId RFC_TEST_VECTOR_V1_E_6_FOOTER = new KeyId().setKeyId("UbkK8Y6iv4GZhFp6Tx3IWLWLfNXSEvJcdT3zdR65YZxo"); - private static String RFC_TEST_VECTOR_V1_E_6_TOKEN + private static final String RFC_TEST_VECTOR_V1_E_6_TOKEN = "v1.local.IddlRQmpk6ojcD10z1EYdLexXvYiadtY0MrYQaRnq3dnqKIWcbb" + "pOcgXdMIkm3_3gksirTj81bvWrWkQwcUHilt-tQo7LZK8I6HCK1V78B9YeEq" + "GNeeWXOyWWHoJQIe0d5nTdvcT2vnER6NrJ7xIowvFba6J4qMlFhBnYSxHEq9" + "v9NlzcKsz1zscdjcAiXnEuCHyRSc.eyJraWQiOiJVYmtLOFk2aXY0R1poRnA" + "2VHgzSVdMV0xmTlhTRXZKY2RUM3pkUjY1WVp4byJ9"; - public static TestVector RFC_TEST_VECTOR_V1_E_6 - = new TestVector<>(RFC_TEST_VECTOR_V1_E_6_KEY, RFC_TEST_VECTOR_V1_E_6_NONCE, RFC_TEST_VECTOR_V1_E_6_PAYLOAD, + public static final TestVector RFC_TEST_VECTOR_V1_E_6 + = new TestVector<>(RFC_TEST_V1_KEY, RFC_TEST_NONCE_V1, RFC_TEST_VECTOR_V1_E_6_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V1_E_6_FOOTER, RFC_TEST_VECTOR_V1_E_6_TOKEN); // A.1.2.1. Test Vector v1-S-1 - private static byte[] RFC_TEST_VECTOR_V1_S_1_SK = RFC_TEST_RSA_PRIVATE_KEY; - private static byte[] RFC_TEST_VECTOR_V1_S_1_PK = RFC_TEST_RSA_PUBLIC_KEY; - private static RfcToken RFC_TEST_VECTOR_V1_S_1_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V1_S_1_PAYLOAD = new RfcToken("this is a signed message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V1_S_1_FOOTER = null; - private static String RFC_TEST_VECTOR_V1_S_1_TOKEN + private static final KeyId RFC_TEST_VECTOR_V1_S_1_FOOTER = null; + private static final String RFC_TEST_VECTOR_V1_S_1_TOKEN = "v1.public.eyJkYXRhIjoidGhpcyBpcyBhIHNpZ25lZCBtZXNzYWdlIiw" + "iZXhwIjoiMjAxOS0wMS0wMVQwMDowMDowMCswMDowMCJ9cIZKahKeGM5k" + "iAS_4D70Qbz9FIThZpxetJ6n6E6kXP_119SvQcnfCSfY_gG3D0Q2v7FEt" @@ -159,19 +157,17 @@ public class RfcTestVectors { + "Q6i85lOsTX8Kc6SQaG-3CgThrJJ6W9DC-YfQ3lZ4TJUoY3QNYdtEgAvp1" + "QuWWK6xmIb8BwvkBPej5t88QUb7NcvZ15VyNw3qemQGn2ITSdpdDgwMtp" + "flZOeYdtuxQr1DSGO2aQyZl7s0WYn1IjdQFx6VjSQ4yfw"; - public static TestVector RFC_TEST_VECTOR_V1_S_1 - = new TestVector<>(RFC_TEST_VECTOR_V1_S_1_SK, RFC_TEST_VECTOR_V1_S_1_PK, + public static final TestVector RFC_TEST_VECTOR_V1_S_1 + = new TestVector<>(RFC_TEST_V1_SK, RFC_TEST_V1_PK, RFC_TEST_VECTOR_V1_S_1_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V1_S_1_FOOTER, RFC_TEST_VECTOR_V1_S_1_TOKEN); // A.1.2.2. Test Vector v1-S-2 - private static byte[] RFC_TEST_VECTOR_V1_S_2_SK = RFC_TEST_RSA_PRIVATE_KEY; - private static byte[] RFC_TEST_VECTOR_V1_S_2_PK = RFC_TEST_RSA_PUBLIC_KEY; - private static RfcToken RFC_TEST_VECTOR_V1_S_2_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V1_S_2_PAYLOAD = new RfcToken("this is a signed message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V1_S_2_FOOTER + private static final KeyId RFC_TEST_VECTOR_V1_S_2_FOOTER = new KeyId().setKeyId("dYkISylxQeecEcHELfzF88UZrwbLolNiCdpzUHGw9Uqn"); - private static String RFC_TEST_VECTOR_V1_S_2_TOKEN + private static final String RFC_TEST_VECTOR_V1_S_2_TOKEN = "v1.public.eyJkYXRhIjoidGhpcyBpcyBhIHNpZ25lZCBtZXNzYWdlIiw" + "iZXhwIjoiMjAxOS0wMS0wMVQwMDowMDowMCswMDowMCJ9sBTIb0J_4mis" + "AuYc4-6P5iR1rQighzktpXhJ8gtrrp2MqSSDkbb8q5WZh3FhUYuW_rg2X" @@ -182,132 +178,116 @@ public class RfcTestVectors { + "0fN5oGv8Rl0dF11b3tRmsmbDoIokIM0Dba29x_T3YzOyg.eyJraWQiOiJ" + "kWWtJU3lseFFlZWNFY0hFTGZ6Rjg4VVpyd2JMb2xOaUNkcHpVSEd3OVVx" + "biJ9"; - public static TestVector RFC_TEST_VECTOR_V1_S_2 - = new TestVector<>(RFC_TEST_VECTOR_V1_S_2_SK, RFC_TEST_VECTOR_V1_S_2_PK, + public static final TestVector RFC_TEST_VECTOR_V1_S_2 + = new TestVector<>(RFC_TEST_V1_SK, RFC_TEST_V1_PK, RFC_TEST_VECTOR_V1_S_2_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V1_S_2_FOOTER, RFC_TEST_VECTOR_V1_S_2_TOKEN); // A.2.1.1. Test Vector v2-E-1 - private static byte[] RFC_TEST_VECTOR_V2_E_1_KEY = RFC_TEST_KEY; - private static byte[] RFC_TEST_VECTOR_V2_E_1_NONCE = RFC_TEST_NONCE_1; - private static RfcToken RFC_TEST_VECTOR_V2_E_1_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V2_E_1_PAYLOAD = new RfcToken("this is a signed message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V2_E_1_FOOTER = null; - private static String RFC_TEST_VECTOR_V2_E_1_TOKEN + private static final KeyId RFC_TEST_VECTOR_V2_E_1_FOOTER = null; + private static final String RFC_TEST_VECTOR_V2_E_1_TOKEN = "v2.local.97TTOvgwIxNGvV80XKiGZg_kD3tsXM_-qB4dZGHOeN1cTkgQ4Pn" + "W8888l802W8d9AvEGnoNBY3BnqHORy8a5cC8aKpbA0En8XELw2yDk2f1sVOD" + "yfnDbi6rEGMY3pSfCbLWMM2oHJxvlEl2XbQ"; public static TestVector RFC_TEST_VECTOR_V2_E_1 - = new TestVector<>(RFC_TEST_VECTOR_V2_E_1_KEY, RFC_TEST_VECTOR_V2_E_1_NONCE, RFC_TEST_VECTOR_V2_E_1_PAYLOAD, + = new TestVector<>(RFC_TEST_V2_KEY, RFC_TEST_NONCE_1, RFC_TEST_VECTOR_V2_E_1_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V2_E_1_FOOTER, RFC_TEST_VECTOR_V2_E_1_TOKEN); // A.2.1.2. Test Vector v2-E-2 - private static byte[] RFC_TEST_VECTOR_V2_E_2_KEY = RFC_TEST_KEY; - private static byte[] RFC_TEST_VECTOR_V2_E_2_NONCE = RFC_TEST_NONCE_1; - private static RfcToken RFC_TEST_VECTOR_V2_E_2_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V2_E_2_PAYLOAD = new RfcToken("this is a secret message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V2_E_2_FOOTER = null; - private static String RFC_TEST_VECTOR_V2_E_2_TOKEN + private static final KeyId RFC_TEST_VECTOR_V2_E_2_FOOTER = null; + private static final String RFC_TEST_VECTOR_V2_E_2_TOKEN = "v2.local.CH50H-HM5tzdK4kOmQ8KbIvrzJfjYUGuu5Vy9ARSFHy9owVDMYg" + "3-8rwtJZQjN9ABHb2njzFkvpr5cOYuRyt7CRXnHt42L5yZ7siD-4l-FoNsC7" + "J2OlvLlIwlG06mzQVunrFNb7Z3_CHM0PK5w"; - public static TestVector RFC_TEST_VECTOR_V2_E_2 - = new TestVector<>(RFC_TEST_VECTOR_V2_E_2_KEY, RFC_TEST_VECTOR_V2_E_2_NONCE, RFC_TEST_VECTOR_V2_E_2_PAYLOAD, + public static final TestVector RFC_TEST_VECTOR_V2_E_2 + = new TestVector<>(RFC_TEST_V2_KEY, RFC_TEST_NONCE_1, RFC_TEST_VECTOR_V2_E_2_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V2_E_2_FOOTER, RFC_TEST_VECTOR_V2_E_2_TOKEN); // A.2.1.3. Test Vector v2-E-3 - private static byte[] RFC_TEST_VECTOR_V2_E_3_KEY = RFC_TEST_KEY; - private static byte[] RFC_TEST_VECTOR_V2_E_3_NONCE = RFC_TEST_NONCE_V2; - private static RfcToken RFC_TEST_VECTOR_V2_E_3_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V2_E_3_PAYLOAD = new RfcToken("this is a signed message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V2_E_3_FOOTER = null; - private static String RFC_TEST_VECTOR_V2_E_3_TOKEN + private static final KeyId RFC_TEST_VECTOR_V2_E_3_FOOTER = null; + private static final String RFC_TEST_VECTOR_V2_E_3_TOKEN = "v2.local.5K4SCXNhItIhyNuVIZcwrdtaDKiyF81-eWHScuE0idiVqCo72bb" + "jo07W05mqQkhLZdVbxEa5I_u5sgVk1QLkcWEcOSlLHwNpCkvmGGlbCdNExn6" + "Qclw3qTKIIl5-O5xRBN076fSDPo5xUCPpBA"; - public static TestVector RFC_TEST_VECTOR_V2_E_3 - = new TestVector<>(RFC_TEST_VECTOR_V2_E_3_KEY, RFC_TEST_VECTOR_V2_E_3_NONCE, RFC_TEST_VECTOR_V2_E_3_PAYLOAD, + public static final TestVector RFC_TEST_VECTOR_V2_E_3 + = new TestVector<>(RFC_TEST_V2_KEY, RFC_TEST_NONCE_V2, RFC_TEST_VECTOR_V2_E_3_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V2_E_3_FOOTER, RFC_TEST_VECTOR_V2_E_3_TOKEN); // A.2.1.4. Test Vector v2-E-4 - private static byte[] RFC_TEST_VECTOR_V2_E_4_KEY = RFC_TEST_KEY; - private static byte[] RFC_TEST_VECTOR_V2_E_4_NONCE = RFC_TEST_NONCE_V2; - private static RfcToken RFC_TEST_VECTOR_V2_E_4_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V2_E_4_PAYLOAD = new RfcToken("this is a secret message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V2_E_4_FOOTER = null; - private static String RFC_TEST_VECTOR_V2_E_4_TOKEN + private static final KeyId RFC_TEST_VECTOR_V2_E_4_FOOTER = null; + private static final String RFC_TEST_VECTOR_V2_E_4_TOKEN = "v2.local.pvFdDeNtXxknVPsbBCZF6MGedVhPm40SneExdClOxa9HNR8wFv7" + "cu1cB0B4WxDdT6oUc2toyLR6jA6sc-EUM5ll1EkeY47yYk6q8m1RCpqTIzUr" + "Iu3B6h232h62DPbIxtjGvNRAwsLK7LcV8oQ"; - public static TestVector RFC_TEST_VECTOR_V2_E_4 - = new TestVector<>(RFC_TEST_VECTOR_V2_E_4_KEY, RFC_TEST_VECTOR_V2_E_4_NONCE, RFC_TEST_VECTOR_V2_E_4_PAYLOAD, + public static final TestVector RFC_TEST_VECTOR_V2_E_4 + = new TestVector<>(RFC_TEST_V2_KEY, RFC_TEST_NONCE_V2, RFC_TEST_VECTOR_V2_E_4_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V2_E_4_FOOTER, RFC_TEST_VECTOR_V2_E_4_TOKEN); // A.2.1.5. Test Vector v2-E-5 - private static byte[] RFC_TEST_VECTOR_V2_E_5_KEY = RFC_TEST_KEY; - private static byte[] RFC_TEST_VECTOR_V2_E_5_NONCE = RFC_TEST_NONCE_V2; - private static RfcToken RFC_TEST_VECTOR_V2_E_5_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V2_E_5_PAYLOAD = new RfcToken("this is a signed message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V2_E_5_FOOTER + private static final KeyId RFC_TEST_VECTOR_V2_E_5_FOOTER = new KeyId().setKeyId("zVhMiPBP9fRf2snEcT7gFTioeA9COcNy9DfgL1W60haN"); - private static String RFC_TEST_VECTOR_V2_E_5_TOKEN + private static final String RFC_TEST_VECTOR_V2_E_5_TOKEN = "v2.local.5K4SCXNhItIhyNuVIZcwrdtaDKiyF81-eWHScuE0idiVqCo72bb" + "jo07W05mqQkhLZdVbxEa5I_u5sgVk1QLkcWEcOSlLHwNpCkvmGGlbCdNExn6" + "Qclw3qTKIIl5-zSLIrxZqOLwcFLYbVK1SrQ.eyJraWQiOiJ6VmhNaVBCUDlm" + "UmYyc25FY1Q3Z0ZUaW9lQTlDT2NOeTlEZmdMMVc2MGhhTiJ9"; - public static TestVector RFC_TEST_VECTOR_V2_E_5 - = new TestVector<>(RFC_TEST_VECTOR_V2_E_5_KEY, RFC_TEST_VECTOR_V2_E_5_NONCE, RFC_TEST_VECTOR_V2_E_5_PAYLOAD, + public static final TestVector RFC_TEST_VECTOR_V2_E_5 + = new TestVector<>(RFC_TEST_V2_KEY, RFC_TEST_NONCE_V2, RFC_TEST_VECTOR_V2_E_5_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V2_E_5_FOOTER, RFC_TEST_VECTOR_V2_E_5_TOKEN); // A.2.1.6. Test Vector v2-E-6 - private static byte[] RFC_TEST_VECTOR_V2_E_6_KEY = RFC_TEST_KEY; - private static byte[] RFC_TEST_VECTOR_V2_E_6_NONCE = RFC_TEST_NONCE_V2; - private static RfcToken RFC_TEST_VECTOR_V2_E_6_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V2_E_6_PAYLOAD = new RfcToken("this is a secret message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V2_E_6_FOOTER + private static final KeyId RFC_TEST_VECTOR_V2_E_6_FOOTER = new KeyId().setKeyId("zVhMiPBP9fRf2snEcT7gFTioeA9COcNy9DfgL1W60haN"); - private static String RFC_TEST_VECTOR_V2_E_6_TOKEN + private static final String RFC_TEST_VECTOR_V2_E_6_TOKEN = "v2.local.pvFdDeNtXxknVPsbBCZF6MGedVhPm40SneExdClOxa9HNR8wFv7" + "cu1cB0B4WxDdT6oUc2toyLR6jA6sc-EUM5ll1EkeY47yYk6q8m1RCpqTIzUr" + "Iu3B6h232h62DnMXKdHn_Smp6L_NfaEnZ-A.eyJraWQiOiJ6VmhNaVBCUDlm" + "UmYyc25FY1Q3Z0ZUaW9lQTlDT2NOeTlEZmdMMVc2MGhhTiJ9"; - public static TestVector RFC_TEST_VECTOR_V2_E_6 - = new TestVector<>(RFC_TEST_VECTOR_V2_E_6_KEY, RFC_TEST_VECTOR_V2_E_6_NONCE, + public static final TestVector RFC_TEST_VECTOR_V2_E_6 + = new TestVector<>(RFC_TEST_V2_KEY, RFC_TEST_NONCE_V2, RFC_TEST_VECTOR_V2_E_6_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V2_E_6_FOOTER, RFC_TEST_VECTOR_V2_E_6_TOKEN); // A.2.2.1. Test Vector v2-S-1 - private static byte[] RFC_TEST_VECTOR_V2_S_1_SK = RFC_TEST_SK; - private static byte[] RFC_TEST_VECTOR_V2_S_1_PK = RFC_TEST_PK; - private static RfcToken RFC_TEST_VECTOR_V2_S_1_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V2_S_1_PAYLOAD = new RfcToken("this is a signed message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V2_S_1_FOOTER = null; - private static String RFC_TEST_VECTOR_V2_S_1_TOKEN + private static final KeyId RFC_TEST_VECTOR_V2_S_1_FOOTER = null; + private static final String RFC_TEST_VECTOR_V2_S_1_TOKEN = "v2.public.eyJkYXRhIjoidGhpcyBpcyBhIHNpZ25lZCBtZXNzYWdlIi" + "wiZXhwIjoiMjAxOS0wMS0wMVQwMDowMDowMCswMDowMCJ9HQr8URrGnt" + "Tu7Dz9J2IF23d1M7-9lH9xiqdGyJNvzp4angPW5Esc7C5huy_M8I8_Dj" + "JK2ZXC2SUYuOFM-Q_5Cw"; - public static TestVector RFC_TEST_VECTOR_V2_S_1 - = new TestVector<>(RFC_TEST_VECTOR_V2_S_1_SK, RFC_TEST_VECTOR_V2_S_1_PK, + public static final TestVector RFC_TEST_VECTOR_V2_S_1 + = new TestVector<>(RFC_TEST_V2_SK, RFC_TEST_V2_PK, RFC_TEST_VECTOR_V2_S_1_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V2_S_1_FOOTER, RFC_TEST_VECTOR_V2_S_1_TOKEN); // A.2.2.2. Test Vector v2-S-2 - private static byte[] RFC_TEST_VECTOR_V2_S_2_SK = RFC_TEST_SK; - private static byte[] RFC_TEST_VECTOR_V2_S_2_PK = RFC_TEST_PK; - private static RfcToken RFC_TEST_VECTOR_V2_S_2_PAYLOAD + private static final RfcToken RFC_TEST_VECTOR_V2_S_2_PAYLOAD = new RfcToken("this is a signed message", "2019-01-01T00:00:00+00:00"); - private static KeyId RFC_TEST_VECTOR_V2_S_2_FOOTER + private static final KeyId RFC_TEST_VECTOR_V2_S_2_FOOTER = new KeyId().setKeyId("zVhMiPBP9fRf2snEcT7gFTioeA9COcNy9DfgL1W60haN"); - private static String RFC_TEST_VECTOR_V2_S_2_TOKEN + private static final String RFC_TEST_VECTOR_V2_S_2_TOKEN = "v2.public.eyJkYXRhIjoidGhpcyBpcyBhIHNpZ25lZCBtZXNzYWdlIi" + "wiZXhwIjoiMjAxOS0wMS0wMVQwMDowMDowMCswMDowMCJ9flsZsx_gYC" + "R0N_Ec2QxJFFpvQAs7h9HtKwbVK2n1MJ3Rz-hwe8KUqjnd8FAnIJZ601" + "tp7lGkguU63oGbomhoBw.eyJraWQiOiJ6VmhNaVBCUDlmUmYyc25FY1Q" + "3Z0ZUaW9lQTlDT2NOeTlEZmdMMVc2MGhhTiJ9"; - public static TestVector RFC_TEST_VECTOR_V2_S_2 - = new TestVector<>(RFC_TEST_VECTOR_V2_S_2_SK, RFC_TEST_VECTOR_V2_S_2_PK, + public static final TestVector RFC_TEST_VECTOR_V2_S_2 + = new TestVector<>(RFC_TEST_V2_SK, RFC_TEST_V2_PK, RFC_TEST_VECTOR_V2_S_2_PAYLOAD, RfcToken.class, RFC_TEST_VECTOR_V2_S_2_FOOTER, RFC_TEST_VECTOR_V2_S_2_TOKEN); } diff --git a/paseto-core/src/test/java/net/aholbrook/paseto/data/TestVector.java b/paseto-core/src/test/java/net/aholbrook/paseto/data/TestVector.java index b478de9..193c44f 100644 --- a/paseto-core/src/test/java/net/aholbrook/paseto/data/TestVector.java +++ b/paseto-core/src/test/java/net/aholbrook/paseto/data/TestVector.java @@ -1,28 +1,57 @@ package net.aholbrook.paseto.data; +import net.aholbrook.paseto.keys.AsymmetricPublicKey; +import net.aholbrook.paseto.keys.AsymmetricSecretKey; +import net.aholbrook.paseto.keys.SymmetricKey; + public class TestVector<_Payload, _Footer> { - private final byte[] a, b; + private final SymmetricKey localKey; + private final AsymmetricSecretKey secretKey; + private final AsymmetricPublicKey publicKey; + private final byte[] nonce; private final _Payload payload; private final Class<_Payload> payloadClass; private final _Footer footer; private final String token; - public TestVector(byte[] a, byte[] b, _Payload payload, Class<_Payload> payloadClass, _Footer footer, - String token) { - this.a = a; - this.b = b; + public TestVector(SymmetricKey localKey, byte[] nonce, _Payload payload, Class<_Payload> payloadClass, + _Footer footer, String token) { + this.localKey = localKey; + this.nonce = nonce; + this.secretKey = null; + this.publicKey = null; this.payload = payload; this.payloadClass = payloadClass; this.footer = footer; this.token = token; } - public byte[] getA() { - return a; + public TestVector(AsymmetricSecretKey secretKey, AsymmetricPublicKey publicKey, _Payload payload, + Class<_Payload> payloadClass, _Footer footer, String token) { + this.localKey = null; + this.nonce = null; + this.secretKey = secretKey; + this.publicKey = publicKey; + this.payload = payload; + this.payloadClass = payloadClass; + this.footer = footer; + this.token = token; + } + + public SymmetricKey getLocalKey() { + return localKey; + } + + public AsymmetricSecretKey getSecretKey() { + return secretKey; + } + + public AsymmetricPublicKey getPublicKey() { + return publicKey; } - public byte[] getB() { - return b; + public byte[] getNonce() { + return nonce; } public _Payload getPayload() { diff --git a/paseto-core/src/test/java/net/aholbrook/paseto/data/TokenTestVectors.java b/paseto-core/src/test/java/net/aholbrook/paseto/data/TokenTestVectors.java index 60f83bd..e10da04 100644 --- a/paseto-core/src/test/java/net/aholbrook/paseto/data/TokenTestVectors.java +++ b/paseto-core/src/test/java/net/aholbrook/paseto/data/TokenTestVectors.java @@ -1,22 +1,26 @@ package net.aholbrook.paseto.data; +import net.aholbrook.paseto.Version; +import net.aholbrook.paseto.keys.AsymmetricPublicKey; +import net.aholbrook.paseto.keys.AsymmetricSecretKey; +import net.aholbrook.paseto.keys.SymmetricKey; import net.aholbrook.paseto.service.KeyId; import net.aholbrook.paseto.service.Token; import net.aholbrook.paseto.utils.Hex; public class TokenTestVectors { // q9Rq3FfaAyN8JWyVJhphybm9DaFNLVt2 - public static byte[] TEST_KEY = Hex.decode("713952713346666141794e384a5779564a68706879626d394461464e4c567432"); + public static final byte[] TEST_KEY = Hex.decode("713952713346666141794e384a5779564a68706879626d394461464e4c567432"); // SmpF7Y5DeSJFJxjMrnDSwnUv - public static byte[] TEST_NONCE = Hex.decode("536d70463759354465534a464a786a4d726e4453776e5576"); + public static final byte[] TEST_NONCE = Hex.decode("536d70463759354465534a464a786a4d726e4453776e5576"); - public static byte[] TEST_SK = Hex.decode("452c1969ed4806c8d48ee4c670df980183f6796633787b15a03f09cb24eebe7c432" + public static final byte[] TEST_SK = Hex.decode("452c1969ed4806c8d48ee4c670df980183f6796633787b15a03f09cb24eebe7c432" + "fa82fc615a23192c7cb24cd3dfc4897c6e113db87dced7604d34d06c5b68d"); - public static byte[] TEST_PK = Hex.decode("432fa82fc615a23192c7cb24cd3dfc4897c6e113db87dced7604d34d06c5b68d"); + public static final byte[] TEST_PK = Hex.decode("432fa82fc615a23192c7cb24cd3dfc4897c6e113db87dced7604d34d06c5b68d"); // paseto-base/test_v1_rsa - public static byte[] TEST_RSA_PRIVATE_KEY = Hex.decode( + public static final byte[] TEST_RSA_PRIVATE_KEY = Hex.decode( "308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100b282b532724e9646349947452b" + "64b0ff1597f8428161785011e43a1187a90466c420271626909b865f2fdd1d4635a025b5a34394a2fa4bcfa963886cd0" + "308b4911b2a702c89aa38ebd80dec7b367226ab504ec29487037d509db7e9f6bb09a83cdd2f20ac4d664ba6df7e5b7a1" @@ -45,7 +49,7 @@ public class TokenTestVectors { + "161a882c59403e87bda25de0a98c"); // paseto-base/test_v1_rsa.pub - public static byte[] TEST_RSA_PUBLIC_KEY = Hex.decode( + public static final byte[] TEST_RSA_PUBLIC_KEY = Hex.decode( "30820122300d06092a864886f70d01010105000382010f003082010a0282010100b282b532724e9646349947452b64b0ff1597" + "f8428161785011e43a1187a90466c420271626909b865f2fdd1d4635a025b5a34394a2fa4bcfa963886cd0308b4911b2" + "a702c89aa38ebd80dec7b367226ab504ec29487037d509db7e9f6bb09a83cdd2f20ac4d664ba6df7e5b7a1bb08e47297" @@ -54,6 +58,14 @@ public class TokenTestVectors { + "b1c88edc8409af5bd42a3b11eaf8cca70cc62a8a4770f5ef2617b6dc77c01ceb6b8cfaa2a3979a2cb705951e0c950203" + "010001"); + public static final SymmetricKey TEST_V1_KEY = new SymmetricKey(TEST_KEY, Version.V1); + public static final AsymmetricSecretKey TEST_V1_SK = new AsymmetricSecretKey(TEST_RSA_PRIVATE_KEY, Version.V1); + public static final AsymmetricPublicKey TEST_V1_PK = new AsymmetricPublicKey(TEST_RSA_PUBLIC_KEY, Version.V1); + + public static final SymmetricKey TEST_V2_KEY = new SymmetricKey(TEST_KEY, Version.V2); + public static final AsymmetricSecretKey TEST_V2_SK = new AsymmetricSecretKey(TEST_SK, Version.V2); + public static final AsymmetricPublicKey TEST_V2_PK = new AsymmetricPublicKey(TEST_PK, Version.V2); + public final static Token TOKEN_1 = new Token() .setIssuer("paragonie.com") .setSubject("test") @@ -134,31 +146,32 @@ public class TokenTestVectors { + "0wMS0wMVQwMDowMDowMCswMDowMCIsIm5iZiI6IjIwMzgtMDQtMDFUMDA6MDA6MDArMDA6MDAiLCJpYXQiOiIyMDM4LTAzLTE3VDAwOj" + "AwOjAwKzAwOjAwIiwianRpIjoiODdJRlNHRmdQTnRRTk51dzBBdHVMdHRQIn0BYQ_iR7pXXZMTURqG4t8HrFWubNZeFrrHHP_3kZ6yEL" + "RtB3WJ68BEJSNc4Y-kkIdtD8QKqLD9tuTBZLRT9OUN.VEVTVA"; - public final static TestVector TV_1_V1_LOCAL = new TestVector<>(TEST_KEY, TEST_NONCE, TOKEN_1, - Token.class, null, TOKEN_1_V1_LOCAL); - public final static TestVector TV_1_V1_LOCAL_WITH_FOOTER = new TestVector<>(TEST_KEY, TEST_NONCE, - TOKEN_1, Token.class, TOKEN_1_FOOTER, TOKEN_1_V1_LOCAL_WITH_FOOTER); - public final static TestVector TV_1_V1_LOCAL_WITH_STRING_FOOTER = new TestVector<>(TEST_KEY, - TEST_NONCE, TOKEN_1, Token.class, TOKEN_1_STRING_FOOTER, TOKEN_1_V1_LOCAL_WITH_STRING_FOOTER); - public final static TestVector TV_1_V1_PUBLIC = new TestVector<>(TEST_RSA_PRIVATE_KEY, - TEST_RSA_PUBLIC_KEY, TOKEN_1, Token.class, null, TOKEN_1_V1_PUBLIC); - public final static TestVector TV_1_V1_PUBLIC_WITH_FOOTER = new TestVector<>(TEST_RSA_PRIVATE_KEY, - TEST_RSA_PUBLIC_KEY, TOKEN_1, Token.class, TOKEN_1_FOOTER, TOKEN_1_V1_PUBLIC_WITH_FOOTER); + + public final static TestVector TV_1_V1_LOCAL = new TestVector<>( + TEST_V1_KEY, TEST_NONCE, TOKEN_1, Token.class, null, TOKEN_1_V1_LOCAL); + public final static TestVector TV_1_V1_LOCAL_WITH_FOOTER = new TestVector<>( + TEST_V1_KEY, TEST_NONCE, TOKEN_1, Token.class, TOKEN_1_FOOTER, TOKEN_1_V1_LOCAL_WITH_FOOTER); + public final static TestVector TV_1_V1_LOCAL_WITH_STRING_FOOTER = new TestVector<>( + TEST_V1_KEY, TEST_NONCE, TOKEN_1, Token.class, TOKEN_1_STRING_FOOTER, TOKEN_1_V1_LOCAL_WITH_STRING_FOOTER); + public final static TestVector TV_1_V1_PUBLIC = new TestVector<>( + TEST_V1_SK, TEST_V1_PK, TOKEN_1, Token.class, null, TOKEN_1_V1_PUBLIC); + public final static TestVector TV_1_V1_PUBLIC_WITH_FOOTER = new TestVector<>( + TEST_V1_SK, TEST_V1_PK, TOKEN_1, Token.class, TOKEN_1_FOOTER, TOKEN_1_V1_PUBLIC_WITH_FOOTER); public final static TestVector TV_1_V1_PUBLIC_WITH_STRING_FOOTER = new TestVector<>( - TEST_RSA_PRIVATE_KEY, TEST_RSA_PUBLIC_KEY, TOKEN_1, Token.class, TOKEN_1_STRING_FOOTER, - TOKEN_1_V1_PUBLIC_WITH_STRING_FOOTER); - public final static TestVector TV_1_V2_LOCAL = new TestVector<>(TEST_KEY, TEST_NONCE, TOKEN_1, - Token.class, null, TOKEN_1_V2_LOCAL); - public final static TestVector TV_1_V2_LOCAL_WITH_FOOTER = new TestVector<>(TEST_KEY, TEST_NONCE, - TOKEN_1, Token.class, TOKEN_1_FOOTER, TOKEN_1_V2_LOCAL_WITH_FOOTER); - public final static TestVector TV_1_V2_LOCAL_WITH_STRING_FOOTER = new TestVector<>(TEST_KEY, - TEST_NONCE, TOKEN_1, Token.class, TOKEN_1_STRING_FOOTER, TOKEN_1_V2_LOCAL_WITH_STRING_FOOTER); - public final static TestVector TV_1_V2_PUBLIC = new TestVector<>(TEST_SK, TEST_PK, - TOKEN_1, Token.class, null, TOKEN_1_V2_PUBLIC); - public final static TestVector TV_1_V2_PUBLIC_WITH_FOOTER = new TestVector<>(TEST_SK, - TEST_PK, TOKEN_1, Token.class, TOKEN_1_FOOTER, TOKEN_1_V2_PUBLIC_WITH_FOOTER); - public final static TestVector TV_1_V2_PUBLIC_WITH_STRING_FOOTER = new TestVector<>(TEST_SK, - TEST_PK, TOKEN_1, Token.class, TOKEN_1_STRING_FOOTER, TOKEN_1_V2_PUBLIC_WITH_STRING_FOOTER); + TEST_V1_SK, TEST_V1_PK, TOKEN_1, Token.class, TOKEN_1_STRING_FOOTER, TOKEN_1_V1_PUBLIC_WITH_STRING_FOOTER); + + public final static TestVector TV_1_V2_LOCAL = new TestVector<>( + TEST_V2_KEY, TEST_NONCE, TOKEN_1, Token.class, null, TOKEN_1_V2_LOCAL); + public final static TestVector TV_1_V2_LOCAL_WITH_FOOTER = new TestVector<>( + TEST_V2_KEY, TEST_NONCE, TOKEN_1, Token.class, TOKEN_1_FOOTER, TOKEN_1_V2_LOCAL_WITH_FOOTER); + public final static TestVector TV_1_V2_LOCAL_WITH_STRING_FOOTER = new TestVector<>( + TEST_V2_KEY, TEST_NONCE, TOKEN_1, Token.class, TOKEN_1_STRING_FOOTER, TOKEN_1_V2_LOCAL_WITH_STRING_FOOTER); + public final static TestVector TV_1_V2_PUBLIC = new TestVector<>( + TEST_V2_SK, TEST_V2_PK, TOKEN_1, Token.class, null, TOKEN_1_V2_PUBLIC); + public final static TestVector TV_1_V2_PUBLIC_WITH_FOOTER = new TestVector<>( + TEST_V2_SK, TEST_V2_PK, TOKEN_1, Token.class, TOKEN_1_FOOTER, TOKEN_1_V2_PUBLIC_WITH_FOOTER); + public final static TestVector TV_1_V2_PUBLIC_WITH_STRING_FOOTER = new TestVector<>( + TEST_V2_SK, TEST_V2_PK, TOKEN_1, Token.class, TOKEN_1_STRING_FOOTER, TOKEN_1_V2_PUBLIC_WITH_STRING_FOOTER); public final static CustomToken TOKEN_2 = (CustomToken) new CustomToken() .setUserId(100L) @@ -217,23 +230,23 @@ public class TokenTestVectors { + "FsLXNlcnZpY2UuZXhhbXBsZS5jb20iLCJleHAiOiIyMDE4LTAxLTAxVDE3OjIzOjQ0KzAwOjAwIiwibmJmIjoiMjAxOC0wMS0wMVQxNz" + "oxODo0NCswMDowMCIsImlhdCI6IjIwMTgtMDEtMDFUMTc6MTg6NDQrMDA6MDAifWn4VQZkCN2AhWGRcGpGDbj6p4ms8zDeauxMbdSOUW" + "f6aFNIIRhD-K7nLx-FFFDOr1_8MmhaSOZbVCh_tR4euA4.eyJraWQiOiJrZXktMSJ9"; - public final static TestVector TV_2_V1_LOCAL = new TestVector<>(TEST_KEY, TEST_NONCE, TOKEN_2, - CustomToken.class, null, TOKEN_2_V1_LOCAL); - public final static TestVector TV_2_V1_LOCAL_WITH_FOOTER = new TestVector<>(TEST_KEY, - TEST_NONCE, TOKEN_2, CustomToken.class, TOKEN_2_FOOTER, TOKEN_2_V1_LOCAL_WITH_FOOTER); - public final static TestVector TV_2_V1_PUBLIC = new TestVector<>(TEST_RSA_PRIVATE_KEY, - TEST_RSA_PUBLIC_KEY, TOKEN_2, CustomToken.class, null, TOKEN_2_V1_PUBLIC); + public final static TestVector TV_2_V1_LOCAL = new TestVector<>( + TEST_V1_KEY, TEST_NONCE, TOKEN_2, CustomToken.class, null, TOKEN_2_V1_LOCAL); + public final static TestVector TV_2_V1_LOCAL_WITH_FOOTER = new TestVector<>( + TEST_V1_KEY, TEST_NONCE, TOKEN_2, CustomToken.class, TOKEN_2_FOOTER, TOKEN_2_V1_LOCAL_WITH_FOOTER); + public final static TestVector TV_2_V1_PUBLIC = new TestVector<>( + TEST_V1_SK, TEST_V1_PK, TOKEN_2, CustomToken.class, null, TOKEN_2_V1_PUBLIC); public final static TestVector TV_2_V1_PUBLIC_WITH_FOOTER = new TestVector<>( - TEST_RSA_PRIVATE_KEY, TEST_RSA_PUBLIC_KEY, TOKEN_2, CustomToken.class, TOKEN_2_FOOTER, - TOKEN_2_V1_PUBLIC_WITH_FOOTER); - public final static TestVector TV_2_V2_LOCAL = new TestVector<>(TEST_KEY, TEST_NONCE, TOKEN_2, - CustomToken.class, null, TOKEN_2_V2_LOCAL); - public final static TestVector TV_2_V2_LOCAL_WITH_FOOTER = new TestVector<>(TEST_KEY, - TEST_NONCE, TOKEN_2, CustomToken.class, TOKEN_2_FOOTER, TOKEN_2_V2_LOCAL_WITH_FOOTER); - public final static TestVector TV_2_V2_PUBLIC = new TestVector<>(TEST_SK, - TEST_PK, TOKEN_2, CustomToken.class, null, TOKEN_2_V2_PUBLIC); - public final static TestVector TV_2_V2_PUBLIC_WITH_FOOTER = new TestVector<>(TEST_SK, - TEST_PK, TOKEN_2, CustomToken.class, TOKEN_2_FOOTER, TOKEN_2_V2_PUBLIC_WITH_FOOTER); + TEST_V1_SK, TEST_V1_PK, TOKEN_2, CustomToken.class, TOKEN_2_FOOTER, TOKEN_2_V1_PUBLIC_WITH_FOOTER); + + public final static TestVector TV_2_V2_LOCAL = new TestVector<>( + TEST_V2_KEY, TEST_NONCE, TOKEN_2, CustomToken.class, null, TOKEN_2_V2_LOCAL); + public final static TestVector TV_2_V2_LOCAL_WITH_FOOTER = new TestVector<>( + TEST_V2_KEY, TEST_NONCE, TOKEN_2, CustomToken.class, TOKEN_2_FOOTER, TOKEN_2_V2_LOCAL_WITH_FOOTER); + public final static TestVector TV_2_V2_PUBLIC = new TestVector<>( + TEST_V2_SK, TEST_V2_PK, TOKEN_2, CustomToken.class, null, TOKEN_2_V2_PUBLIC); + public final static TestVector TV_2_V2_PUBLIC_WITH_FOOTER = new TestVector<>( + TEST_V2_SK, TEST_V2_PK, TOKEN_2, CustomToken.class, TOKEN_2_FOOTER, TOKEN_2_V2_PUBLIC_WITH_FOOTER); // Minimal token, only iss and exp set. public final static Token TOKEN_3 = new Token() @@ -275,22 +288,23 @@ public class TokenTestVectors { = "v2.public.eyJleHAiOiIyMDE4LTAxLTAxVDE3OjIzOjQ0KzAwOjAwIiwiaWF0IjoiMjAxOC0wMS0wMVQxNzoxODo0NCswMDowMCJ9gc" + "TyYa__QR6HuqU5Kcbl1cmXZDCEGdFy2xCO4MFnP8teHUfLs_vcY3Dfq3KjgfSAYXxEktCwpxhk3eQwg14yCQ.eyJraWQiOiJrZXktMiJ" + "9"; - public final static TestVector TV_3_V1_LOCAL = new TestVector<>(TEST_KEY, TEST_NONCE, TOKEN_3, - Token.class, null, TOKEN_3_V1_LOCAL); - public final static TestVector TV_3_V1_LOCAL_WITH_FOOTER = new TestVector<>(TEST_KEY, TEST_NONCE, - TOKEN_3, Token.class, TOKEN_3_FOOTER, TOKEN_3_V1_LOCAL_WITH_FOOTER); - public final static TestVector TV_3_V1_PUBLIC = new TestVector<>(TEST_RSA_PRIVATE_KEY, - TEST_RSA_PUBLIC_KEY, TOKEN_3, Token.class, null, TOKEN_3_V1_PUBLIC); - public final static TestVector TV_3_V1_PUBLIC_WITH_FOOTER = new TestVector<>(TEST_RSA_PRIVATE_KEY, - TEST_RSA_PUBLIC_KEY, TOKEN_3, Token.class, TOKEN_3_FOOTER, TOKEN_3_V1_PUBLIC_WITH_FOOTER); - public final static TestVector TV_3_V2_LOCAL = new TestVector<>(TEST_KEY, TEST_NONCE, TOKEN_3, - Token.class, null, TOKEN_3_V2_LOCAL); - public final static TestVector TV_3_V2_LOCAL_WITH_FOOTER = new TestVector<>(TEST_KEY, TEST_NONCE, - TOKEN_3, Token.class, TOKEN_3_FOOTER, TOKEN_3_V2_LOCAL_WITH_FOOTER); - public final static TestVector TV_3_V2_PUBLIC = new TestVector<>(TEST_SK, TEST_PK, - TOKEN_3, Token.class, null, TOKEN_3_V2_PUBLIC); - public final static TestVector TV_3_V2_PUBLIC_WITH_FOOTER = new TestVector<>(TEST_SK, - TEST_PK, TOKEN_3, Token.class, TOKEN_3_FOOTER, TOKEN_3_V2_PUBLIC_WITH_FOOTER); + public final static TestVector TV_3_V1_LOCAL = new TestVector<>( + TEST_V1_KEY, TEST_NONCE, TOKEN_3, Token.class, null, TOKEN_3_V1_LOCAL); + public final static TestVector TV_3_V1_LOCAL_WITH_FOOTER = new TestVector<>( + TEST_V1_KEY, TEST_NONCE, TOKEN_3, Token.class, TOKEN_3_FOOTER, TOKEN_3_V1_LOCAL_WITH_FOOTER); + public final static TestVector TV_3_V1_PUBLIC = new TestVector<>( + TEST_V1_SK, TEST_V1_PK, TOKEN_3, Token.class, null, TOKEN_3_V1_PUBLIC); + public final static TestVector TV_3_V1_PUBLIC_WITH_FOOTER = new TestVector<>( + TEST_V1_SK, TEST_V1_PK, TOKEN_3, Token.class, TOKEN_3_FOOTER, TOKEN_3_V1_PUBLIC_WITH_FOOTER); + + public final static TestVector TV_3_V2_LOCAL = new TestVector<>( + TEST_V2_KEY, TEST_NONCE, TOKEN_3, Token.class, null, TOKEN_3_V2_LOCAL); + public final static TestVector TV_3_V2_LOCAL_WITH_FOOTER = new TestVector<>( + TEST_V2_KEY, TEST_NONCE, TOKEN_3, Token.class, TOKEN_3_FOOTER, TOKEN_3_V2_LOCAL_WITH_FOOTER); + public final static TestVector TV_3_V2_PUBLIC = new TestVector<>( + TEST_V2_SK, TEST_V2_PK, TOKEN_3, Token.class, null, TOKEN_3_V2_PUBLIC); + public final static TestVector TV_3_V2_PUBLIC_WITH_FOOTER = new TestVector<>( + TEST_V2_SK, TEST_V2_PK, TOKEN_3, Token.class, TOKEN_3_FOOTER, TOKEN_3_V2_PUBLIC_WITH_FOOTER); // Empty token public final static Token TOKEN_4 = new Token(); @@ -320,20 +334,21 @@ public class TokenTestVectors { private final static String TOKEN_4_V2_PUBLIC_WITH_FOOTER = "v2.public.e30RItbv4bN4XIzyLFapaMll5aOnuqcmttzAH4-pFf8vHrK8COU0EeGwlt-1tfR3OkUxTyoQdlE2dlOtbLxlbrEO.eyJra" + "WQiOiJrZXktMSJ9"; - public final static TestVector TV_4_V1_LOCAL = new TestVector<>(TEST_KEY, TEST_NONCE, TOKEN_4, - Token.class, null, TOKEN_4_V1_LOCAL); - public final static TestVector TV_4_V1_LOCAL_WITH_FOOTER = new TestVector<>(TEST_KEY, TEST_NONCE, - TOKEN_4, Token.class, TOKEN_4_FOOTER, TOKEN_4_V1_LOCAL_WITH_FOOTER); - public final static TestVector TV_4_V1_PUBLIC = new TestVector<>(TEST_RSA_PRIVATE_KEY, - TEST_RSA_PUBLIC_KEY, TOKEN_4, Token.class, null, TOKEN_4_V1_PUBLIC); - public final static TestVector TV_4_V1_PUBLIC_WITH_FOOTER = new TestVector<>(TEST_RSA_PRIVATE_KEY, - TEST_RSA_PUBLIC_KEY, TOKEN_4, Token.class, TOKEN_4_FOOTER, TOKEN_4_V1_PUBLIC_WITH_FOOTER); - public final static TestVector TV_4_V2_LOCAL = new TestVector<>(TEST_KEY, TEST_NONCE, TOKEN_4, - Token.class, null, TOKEN_4_V2_LOCAL); - public final static TestVector TV_4_V2_LOCAL_WITH_FOOTER = new TestVector<>(TEST_KEY, TEST_NONCE, - TOKEN_4, Token.class, TOKEN_4_FOOTER, TOKEN_4_V2_LOCAL_WITH_FOOTER); - public final static TestVector TV_4_V2_PUBLIC = new TestVector<>(TEST_SK, TEST_PK, - TOKEN_4, Token.class, null, TOKEN_4_V2_PUBLIC); - public final static TestVector TV_4_V2_PUBLIC_WITH_FOOTER = new TestVector<>(TEST_SK, - TEST_PK, TOKEN_4, Token.class, TOKEN_4_FOOTER, TOKEN_4_V2_PUBLIC_WITH_FOOTER); + public final static TestVector TV_4_V1_LOCAL = new TestVector<>( + TEST_V1_KEY, TEST_NONCE, TOKEN_4, Token.class, null, TOKEN_4_V1_LOCAL); + public final static TestVector TV_4_V1_LOCAL_WITH_FOOTER = new TestVector<>( + TEST_V1_KEY, TEST_NONCE, TOKEN_4, Token.class, TOKEN_4_FOOTER, TOKEN_4_V1_LOCAL_WITH_FOOTER); + public final static TestVector TV_4_V1_PUBLIC = new TestVector<>( + TEST_V1_SK, TEST_V1_PK, TOKEN_4, Token.class, null, TOKEN_4_V1_PUBLIC); + public final static TestVector TV_4_V1_PUBLIC_WITH_FOOTER = new TestVector<>( + TEST_V1_SK, TEST_V1_PK, TOKEN_4, Token.class, TOKEN_4_FOOTER, TOKEN_4_V1_PUBLIC_WITH_FOOTER); + + public final static TestVector TV_4_V2_LOCAL = new TestVector<>( + TEST_V2_KEY, TEST_NONCE, TOKEN_4, Token.class, null, TOKEN_4_V2_LOCAL); + public final static TestVector TV_4_V2_LOCAL_WITH_FOOTER = new TestVector<>( + TEST_V2_KEY, TEST_NONCE, TOKEN_4, Token.class, TOKEN_4_FOOTER, TOKEN_4_V2_LOCAL_WITH_FOOTER); + public final static TestVector TV_4_V2_PUBLIC = new TestVector<>( + TEST_V2_SK, TEST_V2_PK, TOKEN_4, Token.class, null, TOKEN_4_V2_PUBLIC); + public final static TestVector TV_4_V2_PUBLIC_WITH_FOOTER = new TestVector<>( + TEST_V2_SK, TEST_V2_PK, TOKEN_4, Token.class, TOKEN_4_FOOTER, TOKEN_4_V2_PUBLIC_WITH_FOOTER); }