diff options
author | tholenst <tholenst@google.com> | 2023-05-03 07:36:25 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-05-03 07:38:28 -0700 |
commit | 75ce8a909f94856d28d950b636246ffd7a3687ba (patch) | |
tree | d6f611efdff7d68f77f1b0d7b859c8720ce85732 /java_src/examples | |
parent | 723cb4ca67a8ee5cc57efd50ed0585771c7280cc (diff) | |
download | tink-75ce8a909f94856d28d950b636246ffd7a3687ba.tar.gz |
Modernize the Aead, Mac, and DeterministicAead examples.
PiperOrigin-RevId: 529085813
Diffstat (limited to 'java_src/examples')
-rw-r--r-- | java_src/examples/aead/AeadExample.java | 49 | ||||
-rw-r--r-- | java_src/examples/aead/BUILD.bazel | 4 | ||||
-rw-r--r-- | java_src/examples/deterministicaead/BUILD.bazel | 4 | ||||
-rw-r--r-- | java_src/examples/deterministicaead/DeterministicAeadExample.java | 47 | ||||
-rw-r--r-- | java_src/examples/mac/BUILD.bazel | 4 | ||||
-rw-r--r-- | java_src/examples/mac/MacExample.java | 61 |
6 files changed, 51 insertions, 118 deletions
diff --git a/java_src/examples/aead/AeadExample.java b/java_src/examples/aead/AeadExample.java index 58c515ad6..bca79b1cc 100644 --- a/java_src/examples/aead/AeadExample.java +++ b/java_src/examples/aead/AeadExample.java @@ -17,16 +17,13 @@ package aead; import static java.nio.charset.StandardCharsets.UTF_8; import com.google.crypto.tink.Aead; -import com.google.crypto.tink.CleartextKeysetHandle; -import com.google.crypto.tink.JsonKeysetReader; +import com.google.crypto.tink.InsecureSecretKeyAccess; import com.google.crypto.tink.KeysetHandle; +import com.google.crypto.tink.TinkJsonProtoKeysetFormat; import com.google.crypto.tink.aead.AeadConfig; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; import java.nio.file.Files; -import java.security.GeneralSecurityException; +import java.nio.file.Path; +import java.nio.file.Paths; /** * A command-line utility for encrypting small files with AEAD. @@ -55,9 +52,9 @@ public final class AeadExample { System.exit(1); } String mode = args[0]; - File keyFile = new File(args[1]); - File inputFile = new File(args[2]); - File outputFile = new File(args[3]); + Path keyFile = Paths.get(args[1]); + Path inputFile = Paths.get(args[2]); + Path outputFile = Paths.get(args[3]); byte[] associatedData = new byte[0]; if (args.length == 5) { associatedData = args[4].getBytes(UTF_8); @@ -66,42 +63,26 @@ public final class AeadExample { AeadConfig.register(); // Read the keyset into a KeysetHandle. - KeysetHandle handle = null; - try (FileInputStream inputStream = new FileInputStream(keyFile)) { - handle = CleartextKeysetHandle.read(JsonKeysetReader.withInputStream(inputStream)); - } catch (GeneralSecurityException | IOException ex) { - System.err.println("Cannot read keyset, got error: " + ex); - System.exit(1); - } + KeysetHandle handle = + TinkJsonProtoKeysetFormat.parseKeyset( + new String(Files.readAllBytes(keyFile), UTF_8), InsecureSecretKeyAccess.get()); // Get the primitive. - Aead aead = null; - try { - aead = handle.getPrimitive(Aead.class); - } catch (GeneralSecurityException ex) { - System.err.println("Cannot create primitive, got error: " + ex); - System.exit(1); - } + Aead aead = handle.getPrimitive(Aead.class); // Use the primitive to encrypt/decrypt files. if (MODE_ENCRYPT.equals(mode)) { - byte[] plaintext = Files.readAllBytes(inputFile.toPath()); + byte[] plaintext = Files.readAllBytes(inputFile); byte[] ciphertext = aead.encrypt(plaintext, associatedData); - try (FileOutputStream stream = new FileOutputStream(outputFile)) { - stream.write(ciphertext); - } + Files.write(outputFile, ciphertext); } else if (MODE_DECRYPT.equals(mode)) { - byte[] ciphertext = Files.readAllBytes(inputFile.toPath()); + byte[] ciphertext = Files.readAllBytes(inputFile); byte[] plaintext = aead.decrypt(ciphertext, associatedData); - try (FileOutputStream stream = new FileOutputStream(outputFile)) { - stream.write(plaintext); - } + Files.write(outputFile, plaintext); } else { System.err.println("The first argument must be either encrypt or decrypt, got: " + mode); System.exit(1); } - - System.exit(0); } private AeadExample() {} diff --git a/java_src/examples/aead/BUILD.bazel b/java_src/examples/aead/BUILD.bazel index 6d571067e..a8fe4086f 100644 --- a/java_src/examples/aead/BUILD.bazel +++ b/java_src/examples/aead/BUILD.bazel @@ -10,9 +10,9 @@ java_binary( main_class = "aead.AeadExample", deps = [ "@tink_java//src/main/java/com/google/crypto/tink:aead", - "@tink_java//src/main/java/com/google/crypto/tink:cleartext_keyset_handle", - "@tink_java//src/main/java/com/google/crypto/tink:json_keyset_reader", + "@tink_java//src/main/java/com/google/crypto/tink:insecure_secret_key_access", "@tink_java//src/main/java/com/google/crypto/tink:registry_cluster", + "@tink_java//src/main/java/com/google/crypto/tink:tink_json_proto_keyset_format", "@tink_java//src/main/java/com/google/crypto/tink/aead:aead_config", ], ) diff --git a/java_src/examples/deterministicaead/BUILD.bazel b/java_src/examples/deterministicaead/BUILD.bazel index 00107f342..77804d7ea 100644 --- a/java_src/examples/deterministicaead/BUILD.bazel +++ b/java_src/examples/deterministicaead/BUILD.bazel @@ -9,10 +9,10 @@ java_binary( srcs = ["DeterministicAeadExample.java"], main_class = "deterministicaead.DeterministicAeadExample", deps = [ - "@tink_java//src/main/java/com/google/crypto/tink:cleartext_keyset_handle", "@tink_java//src/main/java/com/google/crypto/tink:deterministic_aead", - "@tink_java//src/main/java/com/google/crypto/tink:json_keyset_reader", + "@tink_java//src/main/java/com/google/crypto/tink:insecure_secret_key_access", "@tink_java//src/main/java/com/google/crypto/tink:registry_cluster", + "@tink_java//src/main/java/com/google/crypto/tink:tink_json_proto_keyset_format", "@tink_java//src/main/java/com/google/crypto/tink/daead:deterministic_aead_config", ], ) diff --git a/java_src/examples/deterministicaead/DeterministicAeadExample.java b/java_src/examples/deterministicaead/DeterministicAeadExample.java index 88b204ddc..d479db001 100644 --- a/java_src/examples/deterministicaead/DeterministicAeadExample.java +++ b/java_src/examples/deterministicaead/DeterministicAeadExample.java @@ -16,17 +16,14 @@ package deterministicaead; import static java.nio.charset.StandardCharsets.UTF_8; -import com.google.crypto.tink.CleartextKeysetHandle; import com.google.crypto.tink.DeterministicAead; -import com.google.crypto.tink.JsonKeysetReader; +import com.google.crypto.tink.InsecureSecretKeyAccess; import com.google.crypto.tink.KeysetHandle; +import com.google.crypto.tink.TinkJsonProtoKeysetFormat; import com.google.crypto.tink.daead.DeterministicAeadConfig; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; import java.nio.file.Files; -import java.security.GeneralSecurityException; +import java.nio.file.Path; +import java.nio.file.Paths; /** * A command-line utility for encrypting small files with Deterministic AEAD. @@ -55,9 +52,9 @@ public final class DeterministicAeadExample { System.exit(1); } String mode = args[0]; - File keyFile = new File(args[1]); - File inputFile = new File(args[2]); - File outputFile = new File(args[3]); + Path keyFile = Paths.get(args[1]); + Path inputFile = Paths.get(args[2]); + Path outputFile = Paths.get(args[3]); byte[] associatedData = new byte[0]; if (args.length == 5) { associatedData = args[4].getBytes(UTF_8); @@ -67,36 +64,22 @@ public final class DeterministicAeadExample { DeterministicAeadConfig.register(); // Read the keyset into a KeysetHandle - KeysetHandle handle = null; - try (FileInputStream inputStream = new FileInputStream(keyFile)) { - handle = CleartextKeysetHandle.read(JsonKeysetReader.withInputStream(inputStream)); - } catch (GeneralSecurityException | IOException ex) { - System.err.println("Cannot read keyset, got error: " + ex); - System.exit(1); - } + KeysetHandle handle = + TinkJsonProtoKeysetFormat.parseKeyset( + new String(Files.readAllBytes(keyFile), UTF_8), InsecureSecretKeyAccess.get()); // Get the primitive - DeterministicAead daead = null; - try { - daead = handle.getPrimitive(DeterministicAead.class); - } catch (GeneralSecurityException ex) { - System.err.println("Cannot create primitive, got error: " + ex); - System.exit(1); - } + DeterministicAead daead = handle.getPrimitive(DeterministicAead.class); // Use the primitive to encrypt/decrypt files. if (MODE_ENCRYPT.equals(mode)) { - byte[] plaintext = Files.readAllBytes(inputFile.toPath()); + byte[] plaintext = Files.readAllBytes(inputFile); byte[] ciphertext = daead.encryptDeterministically(plaintext, associatedData); - try (FileOutputStream stream = new FileOutputStream(outputFile)) { - stream.write(ciphertext); - } + Files.write(outputFile, ciphertext); } else if (MODE_DECRYPT.equals(mode)) { - byte[] ciphertext = Files.readAllBytes(inputFile.toPath()); + byte[] ciphertext = Files.readAllBytes(inputFile); byte[] plaintext = daead.decryptDeterministically(ciphertext, associatedData); - try (FileOutputStream stream = new FileOutputStream(outputFile)) { - stream.write(plaintext); - } + Files.write(outputFile, plaintext); } else { System.err.println("The first argument must be either encrypt or decrypt, got: " + mode); System.exit(1); diff --git a/java_src/examples/mac/BUILD.bazel b/java_src/examples/mac/BUILD.bazel index 360dfa54c..7d0b60ab0 100644 --- a/java_src/examples/mac/BUILD.bazel +++ b/java_src/examples/mac/BUILD.bazel @@ -10,11 +10,11 @@ java_binary( main_class = "mac.MacExample", deps = [ "@tink_java//src/main/java/com/google/crypto/tink:cleartext_keyset_handle", - "@tink_java//src/main/java/com/google/crypto/tink:json_keyset_reader", + "@tink_java//src/main/java/com/google/crypto/tink:insecure_secret_key_access", "@tink_java//src/main/java/com/google/crypto/tink:mac", "@tink_java//src/main/java/com/google/crypto/tink:registry_cluster", + "@tink_java//src/main/java/com/google/crypto/tink:tink_json_proto_keyset_format", "@tink_java//src/main/java/com/google/crypto/tink/mac:mac_config", - "@tink_java//src/main/java/com/google/crypto/tink/subtle:hex", ], ) diff --git a/java_src/examples/mac/MacExample.java b/java_src/examples/mac/MacExample.java index 61d357a00..6ab407cb5 100644 --- a/java_src/examples/mac/MacExample.java +++ b/java_src/examples/mac/MacExample.java @@ -16,20 +16,14 @@ package mac; import static java.nio.charset.StandardCharsets.UTF_8; -import com.google.crypto.tink.CleartextKeysetHandle; -import com.google.crypto.tink.JsonKeysetReader; +import com.google.crypto.tink.InsecureSecretKeyAccess; import com.google.crypto.tink.KeysetHandle; import com.google.crypto.tink.Mac; +import com.google.crypto.tink.TinkJsonProtoKeysetFormat; import com.google.crypto.tink.mac.MacConfig; -import com.google.crypto.tink.subtle.Hex; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; import java.nio.file.Files; +import java.nio.file.Path; import java.nio.file.Paths; -import java.security.GeneralSecurityException; -import java.util.List; /** * A command-line utility for checking file integrity with a Message Authentication Code (MAC). @@ -56,54 +50,29 @@ public final class MacExample { System.err.println("Incorrect mode. Please select compute or verify."); System.exit(1); } - File keyFile = new File(args[1]); + Path keyFile = Paths.get(args[1]); byte[] msg = Files.readAllBytes(Paths.get(args[2])); - File macFile = new File(args[3]); + Path macFile = Paths.get(args[3]); // Register all MAC key types with the Tink runtime. MacConfig.register(); // Read the keyset into a KeysetHandle. - KeysetHandle handle = null; - try (FileInputStream inputStream = new FileInputStream(keyFile)) { - handle = CleartextKeysetHandle.read(JsonKeysetReader.withInputStream(inputStream)); - } catch (GeneralSecurityException | IOException ex) { - System.err.println("Cannot read keyset, got error: " + ex); - System.exit(1); - } + KeysetHandle handle = + TinkJsonProtoKeysetFormat.parseKeyset( + new String(Files.readAllBytes(keyFile), UTF_8), InsecureSecretKeyAccess.get()); // Get the primitive. - Mac macPrimitive = null; - try { - macPrimitive = handle.getPrimitive(Mac.class); - } catch (GeneralSecurityException ex) { - System.err.println("Cannot create primitive, got error: " + ex); - System.exit(1); - } + Mac macPrimitive = handle.getPrimitive(Mac.class); if (mode.equals("compute")) { - byte[] mac = macPrimitive.computeMac(msg); - try (FileOutputStream stream = new FileOutputStream(macFile)) { - stream.write(Hex.encode(mac).getBytes(UTF_8)); - } - System.exit(0); + byte[] macTag = macPrimitive.computeMac(msg); + Files.write(macFile, macTag); + } else { + byte[] macTag = Files.readAllBytes(macFile); + // This will throw a GeneralSecurityException if verification fails. + macPrimitive.verifyMac(macTag, msg); } - - List<String> lines = Files.readAllLines(macFile.toPath()); - if (lines.size() != 1) { - System.err.printf("The MAC file should contain only one line, got %d", lines.size()); - System.exit(1); - } - - byte[] mac = Hex.decode(lines.get(0).trim()); - try { - macPrimitive.verifyMac(mac, msg); - } catch (GeneralSecurityException ex) { - System.err.println("MAC verification failed."); - System.exit(1); - } - - System.exit(0); } private MacExample() {} |