diff options
author | tholenst <tholenst@google.com> | 2023-06-16 02:20:27 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-06-16 02:21:36 -0700 |
commit | 8e924fde880b85aebc69de86550a9e07a3b2fe55 (patch) | |
tree | 06f88d75c58c2017aae06ddfb1dcebfb24da7df9 /tools | |
parent | 1ecd571fd26ef98300e8d0d41677ecb919143596 (diff) | |
download | tink-8e924fde880b85aebc69de86550a9e07a3b2fe55.tar.gz |
Use Parameters instead of KeyTemplate in Tinkey.
PiperOrigin-RevId: 540820026
Diffstat (limited to 'tools')
4 files changed, 28 insertions, 46 deletions
diff --git a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/AddKeyCommand.java b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/AddKeyCommand.java index 495eff1d9..e08b45cb6 100644 --- a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/AddKeyCommand.java +++ b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/AddKeyCommand.java @@ -50,7 +50,14 @@ public class AddKeyCommand extends AddRotateOptions implements Command { InputStream inputStream, String inFormat, String masterKeyUri, String credentialPath, KeyTemplate keyTemplate) throws GeneralSecurityException, IOException { - TinkeyUtil.createKey(TinkeyUtil.CommandType.ADD_KEY, outputStream, outFormat, - inputStream, inFormat, masterKeyUri, credentialPath, keyTemplate); + TinkeyUtil.createKey( + TinkeyUtil.CommandType.ADD_KEY, + outputStream, + outFormat, + inputStream, + inFormat, + masterKeyUri, + credentialPath, + keyTemplate.toParameters()); } } diff --git a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/BUILD.bazel b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/BUILD.bazel index aa53ce1ac..2ba7e0622 100644 --- a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/BUILD.bazel +++ b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/BUILD.bazel @@ -113,14 +113,13 @@ java_library( srcs = ["TinkeyUtil.java"], deps = [ ":kms_clients_factory", - "@com_google_protobuf//:protobuf_javalite", - "@tink_java//proto:tink_java_proto", "@tink_java//src/main/java/com/google/crypto/tink:aead", "@tink_java//src/main/java/com/google/crypto/tink:insecure_secret_key_access", "@tink_java//src/main/java/com/google/crypto/tink:key_template", "@tink_java//src/main/java/com/google/crypto/tink:registry_cluster", "@tink_java//src/main/java/com/google/crypto/tink:tink_json_proto_keyset_format", "@tink_java//src/main/java/com/google/crypto/tink:tink_proto_keyset_format", + "@tink_java//src/main/java/com/google/crypto/tink:parameters", ], ) diff --git a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/RotateKeysetCommand.java b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/RotateKeysetCommand.java index 4963dead5..b330431b6 100644 --- a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/RotateKeysetCommand.java +++ b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/RotateKeysetCommand.java @@ -42,7 +42,14 @@ public class RotateKeysetCommand extends AddRotateOptions implements Command { InputStream inputStream, String inFormat, String masterKeyUri, String credentialPath, KeyTemplate keyTemplate) throws Exception { - TinkeyUtil.createKey(TinkeyUtil.CommandType.ROTATE_KEYSET, outputStream, outFormat, - inputStream, inFormat, masterKeyUri, credentialPath, keyTemplate); + TinkeyUtil.createKey( + TinkeyUtil.CommandType.ROTATE_KEYSET, + outputStream, + outFormat, + inputStream, + inFormat, + masterKeyUri, + credentialPath, + keyTemplate.toParameters()); } } diff --git a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/TinkeyUtil.java b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/TinkeyUtil.java index 28dac1332..561128feb 100644 --- a/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/TinkeyUtil.java +++ b/tools/tinkey/src/main/java/com/google/crypto/tink/tinkey/TinkeyUtil.java @@ -23,10 +23,9 @@ import com.google.crypto.tink.InsecureSecretKeyAccess; import com.google.crypto.tink.KeyTemplate; import com.google.crypto.tink.KeysetHandle; import com.google.crypto.tink.KeysetManager; +import com.google.crypto.tink.Parameters; import com.google.crypto.tink.TinkJsonProtoKeysetFormat; import com.google.crypto.tink.TinkProtoKeysetFormat; -import com.google.crypto.tink.proto.OutputPrefixType; -import com.google.protobuf.ByteString; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -84,9 +83,7 @@ final class TinkeyUtil { String credentialPath, KeyTemplate keyTemplate) throws GeneralSecurityException, IOException { - @SuppressWarnings("deprecation") // Need to maintain backward-compatibility - KeysetHandle handle = - KeysetManager.withEmptyKeyset().rotate(toProto(keyTemplate)).getKeysetHandle(); + KeysetHandle handle = KeysetHandle.generateNew(keyTemplate); writeKeyset(handle, outputStream, outFormat, masterKeyUri, credentialPath); } @@ -140,52 +137,24 @@ final class TinkeyUtil { String inFormat, String masterKeyUri, String credentialPath, - KeyTemplate keyTemplate) + Parameters parameters) throws GeneralSecurityException, IOException { - KeysetManager manager = - KeysetManager.withKeysetHandle( + KeysetHandle.Builder builder = + KeysetHandle.newBuilder( getKeysetHandle(inputStream, inFormat, masterKeyUri, credentialPath)); switch (type) { case ADD_KEY: - manager.add(keyTemplate); + builder.addEntry(KeysetHandle.generateEntryFromParameters(parameters).withRandomId()); break; case ROTATE_KEYSET: - manager.rotate(toProto(keyTemplate)); + builder.addEntry( + KeysetHandle.generateEntryFromParameters(parameters).withRandomId().makePrimary()); break; default: throw new GeneralSecurityException("invalid command"); } - writeKeyset(manager.getKeysetHandle(), outputStream, outFormat, masterKeyUri, credentialPath); - } - - // TODO(b/153937575): remove this once KeysetManager allows to directly work with KeyTemplate - // POJO. - private static com.google.crypto.tink.proto.KeyTemplate toProto(KeyTemplate template) { - OutputPrefixType prefixType; - - switch (template.getOutputPrefixType()) { - case TINK: - prefixType = OutputPrefixType.TINK; - break; - case LEGACY: - prefixType = OutputPrefixType.LEGACY; - break; - case RAW: - prefixType = OutputPrefixType.RAW; - break; - case CRUNCHY: - prefixType = OutputPrefixType.CRUNCHY; - break; - default: - throw new IllegalArgumentException("Unknown output prefix type"); - } - - return com.google.crypto.tink.proto.KeyTemplate.newBuilder() - .setTypeUrl(template.getTypeUrl()) - .setValue(ByteString.copyFrom(template.getValue())) - .setOutputPrefixType(prefixType) - .build(); + writeKeyset(builder.build(), outputStream, outFormat, masterKeyUri, credentialPath); } /** |