Use Parameters instead of KeyTemplate in Tinkey.

PiperOrigin-RevId: 540820026
author: tholenst <tholenst@google.com> 2023-06-16 02:20:27 -0700
committer: Copybara-Service <copybara-worker@google.com> 2023-06-16 02:21:36 -0700
commit: 8e924fde880b85aebc69de86550a9e07a3b2fe55 (patch)
tree: 06f88d75c58c2017aae06ddfb1dcebfb24da7df9 /tools
parent: 1ecd571fd26ef98300e8d0d41677ecb919143596 (diff)
download: tink-8e924fde880b85aebc69de86550a9e07a3b2fe55.tar.gz
4 files changed, 28 insertions, 46 deletions
diff --git a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/AddKeyCommand.java b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/AddKeyCommand.java
index 495eff1d9..e08b45cb6 100644
--- a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/AddKeyCommand.java
+++ b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/AddKeyCommand.java
@@ -50,7 +50,14 @@ public class AddKeyCommand extends AddRotateOptions implements Command {
       InputStream inputStream, String inFormat,
       String masterKeyUri, String credentialPath,
       KeyTemplate keyTemplate) throws GeneralSecurityException, IOException {
-    TinkeyUtil.createKey(TinkeyUtil.CommandType.ADD_KEY, outputStream, outFormat,
-        inputStream, inFormat, masterKeyUri, credentialPath, keyTemplate);
+    TinkeyUtil.createKey(
+        TinkeyUtil.CommandType.ADD_KEY,
+        outputStream,
+        outFormat,
+        inputStream,
+        inFormat,
+        masterKeyUri,
+        credentialPath,
+        keyTemplate.toParameters());
   }
 }
diff --git a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/BUILD.bazel b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/BUILD.bazel
index aa53ce1ac..2ba7e0622 100644
--- a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/BUILD.bazel
+++ b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/BUILD.bazel
@@ -113,14 +113,13 @@ java_library(
     srcs = ["TinkeyUtil.java"],
     deps = [
         ":kms_clients_factory",
-        "@com_google_protobuf//:protobuf_javalite",
-        "@tink_java//proto:tink_java_proto",
         "@tink_java//src/main/java/com/google/crypto/tink:aead",
         "@tink_java//src/main/java/com/google/crypto/tink:insecure_secret_key_access",
         "@tink_java//src/main/java/com/google/crypto/tink:key_template",
         "@tink_java//src/main/java/com/google/crypto/tink:registry_cluster",
         "@tink_java//src/main/java/com/google/crypto/tink:tink_json_proto_keyset_format",
         "@tink_java//src/main/java/com/google/crypto/tink:tink_proto_keyset_format",
+        "@tink_java//src/main/java/com/google/crypto/tink:parameters",
     ],
 )
 
diff --git a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/RotateKeysetCommand.java b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/RotateKeysetCommand.java
index 4963dead5..b330431b6 100644
--- a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/RotateKeysetCommand.java
+++ b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/RotateKeysetCommand.java
@@ -42,7 +42,14 @@ public class RotateKeysetCommand extends AddRotateOptions implements Command {
       InputStream inputStream, String inFormat,
       String masterKeyUri, String credentialPath,
       KeyTemplate keyTemplate) throws Exception {
-    TinkeyUtil.createKey(TinkeyUtil.CommandType.ROTATE_KEYSET, outputStream, outFormat,
-        inputStream, inFormat, masterKeyUri, credentialPath, keyTemplate);
+    TinkeyUtil.createKey(
+        TinkeyUtil.CommandType.ROTATE_KEYSET,
+        outputStream,
+        outFormat,
+        inputStream,
+        inFormat,
+        masterKeyUri,
+        credentialPath,
+        keyTemplate.toParameters());
   }
 }
diff --git a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/TinkeyUtil.java b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/TinkeyUtil.java
index 28dac1332..561128feb 100644
--- a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/TinkeyUtil.java
+++ b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/TinkeyUtil.java
@@ -23,10 +23,9 @@ import com.google.crypto.tink.InsecureSecretKeyAccess;
 import com.google.crypto.tink.KeyTemplate;
 import com.google.crypto.tink.KeysetHandle;
 import com.google.crypto.tink.KeysetManager;
+import com.google.crypto.tink.Parameters;
 import com.google.crypto.tink.TinkJsonProtoKeysetFormat;
 import com.google.crypto.tink.TinkProtoKeysetFormat;
-import com.google.crypto.tink.proto.OutputPrefixType;
-import com.google.protobuf.ByteString;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -84,9 +83,7 @@ final class TinkeyUtil {
       String credentialPath,
       KeyTemplate keyTemplate)
       throws GeneralSecurityException, IOException {
-    @SuppressWarnings("deprecation") // Need to maintain backward-compatibility
-    KeysetHandle handle =
-        KeysetManager.withEmptyKeyset().rotate(toProto(keyTemplate)).getKeysetHandle();
+    KeysetHandle handle = KeysetHandle.generateNew(keyTemplate);
 
     writeKeyset(handle, outputStream, outFormat, masterKeyUri, credentialPath);
   }
@@ -140,52 +137,24 @@ final class TinkeyUtil {
       String inFormat,
       String masterKeyUri,
       String credentialPath,
-      KeyTemplate keyTemplate)
+      Parameters parameters)
       throws GeneralSecurityException, IOException {
-    KeysetManager manager =
-        KeysetManager.withKeysetHandle(
+    KeysetHandle.Builder builder =
+        KeysetHandle.newBuilder(
             getKeysetHandle(inputStream, inFormat, masterKeyUri, credentialPath));
     switch (type) {
       case ADD_KEY:
-        manager.add(keyTemplate);
+        builder.addEntry(KeysetHandle.generateEntryFromParameters(parameters).withRandomId());
         break;
       case ROTATE_KEYSET:
-        manager.rotate(toProto(keyTemplate));
+        builder.addEntry(
+            KeysetHandle.generateEntryFromParameters(parameters).withRandomId().makePrimary());
         break;
       default:
         throw new GeneralSecurityException("invalid command");
     }
 
-    writeKeyset(manager.getKeysetHandle(), outputStream, outFormat, masterKeyUri, credentialPath);
-  }
-
-  // TODO(b/153937575): remove this once KeysetManager allows to directly work with KeyTemplate
-  // POJO.
-  private static com.google.crypto.tink.proto.KeyTemplate toProto(KeyTemplate template) {
-    OutputPrefixType prefixType;
-
-    switch (template.getOutputPrefixType()) {
-      case TINK:
-        prefixType = OutputPrefixType.TINK;
-        break;
-      case LEGACY:
-        prefixType = OutputPrefixType.LEGACY;
-        break;
-      case RAW:
-        prefixType = OutputPrefixType.RAW;
-        break;
-      case CRUNCHY:
-        prefixType = OutputPrefixType.CRUNCHY;
-        break;
-      default:
-        throw new IllegalArgumentException("Unknown output prefix type");
-    }
-
-    return com.google.crypto.tink.proto.KeyTemplate.newBuilder()
-        .setTypeUrl(template.getTypeUrl())
-        .setValue(ByteString.copyFrom(template.getValue()))
-        .setOutputPrefixType(prefixType)
-        .build();
+    writeKeyset(builder.build(), outputStream, outFormat, masterKeyUri, credentialPath);
   }
 
   /**
author	tholenst <tholenst@google.com>	2023-06-16 02:20:27 -0700
committer	Copybara-Service <copybara-worker@google.com>	2023-06-16 02:21:36 -0700
commit	8e924fde880b85aebc69de86550a9e07a3b2fe55 (patch)
tree	06f88d75c58c2017aae06ddfb1dcebfb24da7df9 /tools
parent	1ecd571fd26ef98300e8d0d41677ecb919143596 (diff)
download	tink-8e924fde880b85aebc69de86550a9e07a3b2fe55.tar.gz