Modernize the Aead, Mac, and DeterministicAead examples.

PiperOrigin-RevId: 529085813
author: tholenst <tholenst@google.com> 2023-05-03 07:36:25 -0700
committer: Copybara-Service <copybara-worker@google.com> 2023-05-03 07:38:28 -0700
commit: 75ce8a909f94856d28d950b636246ffd7a3687ba (patch)
tree: d6f611efdff7d68f77f1b0d7b859c8720ce85732 /java_src/examples
parent: 723cb4ca67a8ee5cc57efd50ed0585771c7280cc (diff)
download: tink-75ce8a909f94856d28d950b636246ffd7a3687ba.tar.gz
6 files changed, 51 insertions, 118 deletions
diff --git a/java_src/examples/aead/AeadExample.java b/java_src/examples/aead/AeadExample.java
index 58c515ad6..bca79b1cc 100644
--- a/java_src/examples/aead/AeadExample.java
+++ b/java_src/examples/aead/AeadExample.java
@@ -17,16 +17,13 @@ package aead;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
 import com.google.crypto.tink.Aead;
-import com.google.crypto.tink.CleartextKeysetHandle;
-import com.google.crypto.tink.JsonKeysetReader;
+import com.google.crypto.tink.InsecureSecretKeyAccess;
 import com.google.crypto.tink.KeysetHandle;
+import com.google.crypto.tink.TinkJsonProtoKeysetFormat;
 import com.google.crypto.tink.aead.AeadConfig;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
 import java.nio.file.Files;
-import java.security.GeneralSecurityException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 
 /**
  * A command-line utility for encrypting small files with AEAD.
@@ -55,9 +52,9 @@ public final class AeadExample {
       System.exit(1);
     }
     String mode = args[0];
-    File keyFile = new File(args[1]);
-    File inputFile = new File(args[2]);
-    File outputFile = new File(args[3]);
+    Path keyFile = Paths.get(args[1]);
+    Path inputFile = Paths.get(args[2]);
+    Path outputFile = Paths.get(args[3]);
     byte[] associatedData = new byte[0];
     if (args.length == 5) {
       associatedData = args[4].getBytes(UTF_8);
@@ -66,42 +63,26 @@ public final class AeadExample {
     AeadConfig.register();
 
     // Read the keyset into a KeysetHandle.
-    KeysetHandle handle = null;
-    try (FileInputStream inputStream = new FileInputStream(keyFile)) {
-      handle = CleartextKeysetHandle.read(JsonKeysetReader.withInputStream(inputStream));
-    } catch (GeneralSecurityException | IOException ex) {
-      System.err.println("Cannot read keyset, got error: " + ex);
-      System.exit(1);
-    }
+    KeysetHandle handle =
+        TinkJsonProtoKeysetFormat.parseKeyset(
+            new String(Files.readAllBytes(keyFile), UTF_8), InsecureSecretKeyAccess.get());
 
     // Get the primitive.
-    Aead aead = null;
-    try {
-      aead = handle.getPrimitive(Aead.class);
-    } catch (GeneralSecurityException ex) {
-      System.err.println("Cannot create primitive, got error: " + ex);
-      System.exit(1);
-    }
+    Aead aead = handle.getPrimitive(Aead.class);
 
     // Use the primitive to encrypt/decrypt files.
     if (MODE_ENCRYPT.equals(mode)) {
-      byte[] plaintext = Files.readAllBytes(inputFile.toPath());
+      byte[] plaintext = Files.readAllBytes(inputFile);
       byte[] ciphertext = aead.encrypt(plaintext, associatedData);
-      try (FileOutputStream stream = new FileOutputStream(outputFile)) {
-        stream.write(ciphertext);
-      }
+      Files.write(outputFile, ciphertext);
     } else if (MODE_DECRYPT.equals(mode)) {
-      byte[] ciphertext = Files.readAllBytes(inputFile.toPath());
+      byte[] ciphertext = Files.readAllBytes(inputFile);
       byte[] plaintext = aead.decrypt(ciphertext, associatedData);
-      try (FileOutputStream stream = new FileOutputStream(outputFile)) {
-        stream.write(plaintext);
-      }
+      Files.write(outputFile, plaintext);
     } else {
       System.err.println("The first argument must be either encrypt or decrypt, got: " + mode);
       System.exit(1);
     }
-
-    System.exit(0);
   }
 
   private AeadExample() {}
diff --git a/java_src/examples/aead/BUILD.bazel b/java_src/examples/aead/BUILD.bazel
index 6d571067e..a8fe4086f 100644
--- a/java_src/examples/aead/BUILD.bazel
+++ b/java_src/examples/aead/BUILD.bazel
@@ -10,9 +10,9 @@ java_binary(
     main_class = "aead.AeadExample",
     deps = [
         "@tink_java//src/main/java/com/google/crypto/tink:aead",
-        "@tink_java//src/main/java/com/google/crypto/tink:cleartext_keyset_handle",
-        "@tink_java//src/main/java/com/google/crypto/tink:json_keyset_reader",
+        "@tink_java//src/main/java/com/google/crypto/tink:insecure_secret_key_access",
         "@tink_java//src/main/java/com/google/crypto/tink:registry_cluster",
+        "@tink_java//src/main/java/com/google/crypto/tink:tink_json_proto_keyset_format",
         "@tink_java//src/main/java/com/google/crypto/tink/aead:aead_config",
     ],
 )
diff --git a/java_src/examples/deterministicaead/BUILD.bazel b/java_src/examples/deterministicaead/BUILD.bazel
index 00107f342..77804d7ea 100644
--- a/java_src/examples/deterministicaead/BUILD.bazel
+++ b/java_src/examples/deterministicaead/BUILD.bazel
@@ -9,10 +9,10 @@ java_binary(
     srcs = ["DeterministicAeadExample.java"],
     main_class = "deterministicaead.DeterministicAeadExample",
     deps = [
-        "@tink_java//src/main/java/com/google/crypto/tink:cleartext_keyset_handle",
         "@tink_java//src/main/java/com/google/crypto/tink:deterministic_aead",
-        "@tink_java//src/main/java/com/google/crypto/tink:json_keyset_reader",
+        "@tink_java//src/main/java/com/google/crypto/tink:insecure_secret_key_access",
         "@tink_java//src/main/java/com/google/crypto/tink:registry_cluster",
+        "@tink_java//src/main/java/com/google/crypto/tink:tink_json_proto_keyset_format",
         "@tink_java//src/main/java/com/google/crypto/tink/daead:deterministic_aead_config",
     ],
 )
diff --git a/java_src/examples/deterministicaead/DeterministicAeadExample.java b/java_src/examples/deterministicaead/DeterministicAeadExample.java
index 88b204ddc..d479db001 100644
--- a/java_src/examples/deterministicaead/DeterministicAeadExample.java
+++ b/java_src/examples/deterministicaead/DeterministicAeadExample.java
@@ -16,17 +16,14 @@ package deterministicaead;
 
 import static java.nio.charset.StandardCharsets.UTF_8;
 
-import com.google.crypto.tink.CleartextKeysetHandle;
 import com.google.crypto.tink.DeterministicAead;
-import com.google.crypto.tink.JsonKeysetReader;
+import com.google.crypto.tink.InsecureSecretKeyAccess;
 import com.google.crypto.tink.KeysetHandle;
+import com.google.crypto.tink.TinkJsonProtoKeysetFormat;
 import com.google.crypto.tink.daead.DeterministicAeadConfig;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
 import java.nio.file.Files;
-import java.security.GeneralSecurityException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 
 /**
  * A command-line utility for encrypting small files with Deterministic AEAD.
@@ -55,9 +52,9 @@ public final class DeterministicAeadExample {
       System.exit(1);
     }
     String mode = args[0];
-    File keyFile = new File(args[1]);
-    File inputFile = new File(args[2]);
-    File outputFile = new File(args[3]);
+    Path keyFile = Paths.get(args[1]);
+    Path inputFile = Paths.get(args[2]);
+    Path outputFile = Paths.get(args[3]);
     byte[] associatedData = new byte[0];
     if (args.length == 5) {
       associatedData = args[4].getBytes(UTF_8);
@@ -67,36 +64,22 @@ public final class DeterministicAeadExample {
     DeterministicAeadConfig.register();
 
     // Read the keyset into a KeysetHandle
-    KeysetHandle handle = null;
-    try (FileInputStream inputStream = new FileInputStream(keyFile)) {
-      handle = CleartextKeysetHandle.read(JsonKeysetReader.withInputStream(inputStream));
-    } catch (GeneralSecurityException | IOException ex) {
-      System.err.println("Cannot read keyset, got error: " + ex);
-      System.exit(1);
-    }
+    KeysetHandle handle =
+        TinkJsonProtoKeysetFormat.parseKeyset(
+            new String(Files.readAllBytes(keyFile), UTF_8), InsecureSecretKeyAccess.get());
 
     // Get the primitive
-    DeterministicAead daead = null;
-    try {
-      daead = handle.getPrimitive(DeterministicAead.class);
-    } catch (GeneralSecurityException ex) {
-      System.err.println("Cannot create primitive, got error: " + ex);
-      System.exit(1);
-    }
+    DeterministicAead daead = handle.getPrimitive(DeterministicAead.class);
 
     // Use the primitive to encrypt/decrypt files.
     if (MODE_ENCRYPT.equals(mode)) {
-      byte[] plaintext = Files.readAllBytes(inputFile.toPath());
+      byte[] plaintext = Files.readAllBytes(inputFile);
       byte[] ciphertext = daead.encryptDeterministically(plaintext, associatedData);
-      try (FileOutputStream stream = new FileOutputStream(outputFile)) {
-        stream.write(ciphertext);
-      }
+      Files.write(outputFile, ciphertext);
     } else if (MODE_DECRYPT.equals(mode)) {
-      byte[] ciphertext = Files.readAllBytes(inputFile.toPath());
+      byte[] ciphertext = Files.readAllBytes(inputFile);
       byte[] plaintext = daead.decryptDeterministically(ciphertext, associatedData);
-      try (FileOutputStream stream = new FileOutputStream(outputFile)) {
-        stream.write(plaintext);
-      }
+      Files.write(outputFile, plaintext);
     } else {
       System.err.println("The first argument must be either encrypt or decrypt, got: " + mode);
       System.exit(1);
diff --git a/java_src/examples/mac/BUILD.bazel b/java_src/examples/mac/BUILD.bazel
index 360dfa54c..7d0b60ab0 100644
--- a/java_src/examples/mac/BUILD.bazel
+++ b/java_src/examples/mac/BUILD.bazel
@@ -10,11 +10,11 @@ java_binary(
     main_class = "mac.MacExample",
     deps = [
         "@tink_java//src/main/java/com/google/crypto/tink:cleartext_keyset_handle",
-        "@tink_java//src/main/java/com/google/crypto/tink:json_keyset_reader",
+        "@tink_java//src/main/java/com/google/crypto/tink:insecure_secret_key_access",
         "@tink_java//src/main/java/com/google/crypto/tink:mac",
         "@tink_java//src/main/java/com/google/crypto/tink:registry_cluster",
+        "@tink_java//src/main/java/com/google/crypto/tink:tink_json_proto_keyset_format",
         "@tink_java//src/main/java/com/google/crypto/tink/mac:mac_config",
-        "@tink_java//src/main/java/com/google/crypto/tink/subtle:hex",
     ],
 )
 
diff --git a/java_src/examples/mac/MacExample.java b/java_src/examples/mac/MacExample.java
index 61d357a00..6ab407cb5 100644
--- a/java_src/examples/mac/MacExample.java
+++ b/java_src/examples/mac/MacExample.java
@@ -16,20 +16,14 @@ package mac;
 
 import static java.nio.charset.StandardCharsets.UTF_8;
 
-import com.google.crypto.tink.CleartextKeysetHandle;
-import com.google.crypto.tink.JsonKeysetReader;
+import com.google.crypto.tink.InsecureSecretKeyAccess;
 import com.google.crypto.tink.KeysetHandle;
 import com.google.crypto.tink.Mac;
+import com.google.crypto.tink.TinkJsonProtoKeysetFormat;
 import com.google.crypto.tink.mac.MacConfig;
-import com.google.crypto.tink.subtle.Hex;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
 import java.nio.file.Files;
+import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.security.GeneralSecurityException;
-import java.util.List;
 
 /**
  * A command-line utility for checking file integrity with a Message Authentication Code (MAC).
@@ -56,54 +50,29 @@ public final class MacExample {
       System.err.println("Incorrect mode. Please select compute or verify.");
       System.exit(1);
     }
-    File keyFile = new File(args[1]);
+    Path keyFile = Paths.get(args[1]);
     byte[] msg = Files.readAllBytes(Paths.get(args[2]));
-    File macFile = new File(args[3]);
+    Path macFile = Paths.get(args[3]);
 
     // Register all MAC key types with the Tink runtime.
     MacConfig.register();
 
     // Read the keyset into a KeysetHandle.
-    KeysetHandle handle = null;
-    try (FileInputStream inputStream = new FileInputStream(keyFile)) {
-      handle = CleartextKeysetHandle.read(JsonKeysetReader.withInputStream(inputStream));
-    } catch (GeneralSecurityException | IOException ex) {
-      System.err.println("Cannot read keyset, got error: " + ex);
-      System.exit(1);
-    }
+    KeysetHandle handle =
+        TinkJsonProtoKeysetFormat.parseKeyset(
+            new String(Files.readAllBytes(keyFile), UTF_8), InsecureSecretKeyAccess.get());
 
     // Get the primitive.
-    Mac macPrimitive = null;
-    try {
-      macPrimitive = handle.getPrimitive(Mac.class);
-    } catch (GeneralSecurityException ex) {
-      System.err.println("Cannot create primitive, got error: " + ex);
-      System.exit(1);
-    }
+    Mac macPrimitive = handle.getPrimitive(Mac.class);
 
     if (mode.equals("compute")) {
-      byte[] mac = macPrimitive.computeMac(msg);
-      try (FileOutputStream stream = new FileOutputStream(macFile)) {
-        stream.write(Hex.encode(mac).getBytes(UTF_8));
-      }
-      System.exit(0);
+      byte[] macTag = macPrimitive.computeMac(msg);
+      Files.write(macFile, macTag);
+    } else {
+      byte[] macTag = Files.readAllBytes(macFile);
+      // This will throw a GeneralSecurityException if verification fails.
+      macPrimitive.verifyMac(macTag, msg);
     }
-
-    List<String> lines = Files.readAllLines(macFile.toPath());
-    if (lines.size() != 1) {
-      System.err.printf("The MAC file should contain only one line, got %d", lines.size());
-      System.exit(1);
-    }
-
-    byte[] mac = Hex.decode(lines.get(0).trim());
-    try {
-      macPrimitive.verifyMac(mac, msg);
-    } catch (GeneralSecurityException ex) {
-      System.err.println("MAC verification failed.");
-      System.exit(1);
-    }
-
-    System.exit(0);
   }
 
   private MacExample() {}
author	tholenst <tholenst@google.com>	2023-05-03 07:36:25 -0700
committer	Copybara-Service <copybara-worker@google.com>	2023-05-03 07:38:28 -0700
commit	75ce8a909f94856d28d950b636246ffd7a3687ba (patch)
tree	d6f611efdff7d68f77f1b0d7b859c8720ce85732 /java_src/examples
parent	723cb4ca67a8ee5cc57efd50ed0585771c7280cc (diff)
download	tink-75ce8a909f94856d28d950b636246ffd7a3687ba.tar.gz