Register the JwtEcdsaSerialization.

The tests for JwkSetConverter need to be changed, as the failure now occurs earlier. They both only check that it fails if the point is not on the curve -- I don't think there is a reason to do this for two different point. PiperOrigin-RevId: 538463122
author: tholenst <tholenst@google.com> 2023-06-07 05:59:12 -0700
committer: Copybara-Service <copybara-worker@google.com> 2023-06-07 06:00:24 -0700
commit: 485e142511da3338e68704593314cbc2b5eddce3 (patch)
tree: 377e691dfdc0a6c2a7b30113e9f456817411d9d4
parent: 68d60dd9d8bb53b6128615ba20345e8b7b08d7fc (diff)
download: tink-485e142511da3338e68704593314cbc2b5eddce3.tar.gz
4 files changed, 5 insertions, 34 deletions
diff --git a/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel b/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel
index c1551b119..98c8cd132 100644
--- a/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel
+++ b/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel
@@ -261,6 +261,7 @@ java_library(
     name = "jwt_ecdsa_sign_key_manager",
     srcs = ["JwtEcdsaSignKeyManager.java"],
     deps = [
+        ":jwt_ecdsa_proto_serialization",
         ":jwt_ecdsa_verify_key_manager",
         ":jwt_format",
         ":jwt_invalid_exception",
@@ -286,6 +287,7 @@ android_library(
     name = "jwt_ecdsa_sign_key_manager-android",
     srcs = ["JwtEcdsaSignKeyManager.java"],
     deps = [
+        ":jwt_ecdsa_proto_serialization-android",
         ":jwt_ecdsa_verify_key_manager-android",
         ":jwt_format-android",
         ":jwt_invalid_exception-android",
diff --git a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManager.java b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManager.java
index 1c21dcf84..9735a70c2 100644
--- a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManager.java
+++ b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManager.java
@@ -231,6 +231,7 @@ public final class JwtEcdsaSignKeyManager
   public static void registerPair(boolean newKeyAllowed) throws GeneralSecurityException {
     Registry.registerAsymmetricKeyManagers(
         new JwtEcdsaSignKeyManager(), new JwtEcdsaVerifyKeyManager(), newKeyAllowed);
+    JwtEcdsaProtoSerialization.register();
   }
 
   private static KeyFactory.KeyFormat<JwtEcdsaKeyFormat> createKeyFormat(
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java b/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java
index 50fd95dc7..7e310a1c5 100644
--- a/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java
+++ b/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java
@@ -718,25 +718,7 @@ public final class JwkSetConverterTest {
   }
 
   @Test
-  public void ecdsaWithSmallX_getPrimitiveFails() throws Exception {
-    String jwksString =
-        "{"
-            + "\"keys\":[{"
-            + "\"kty\":\"EC\","
-            + "\"crv\":\"P-256\","
-            + "\"x\":\"AAAwOQ\","
-            + "\"y\":\"b22m_Y4sT-jUJSxBVqjrW_DxWyBLopxYHTuFVfx70ZI\","
-            + "\"use\":\"sig\","
-            + "\"alg\":\"ES256\","
-            + "\"key_ops\":[\"verify\"]"
-            + "}]}";
-    KeysetHandle handle = JwkSetConverter.toPublicKeysetHandle(jwksString);
-    assertThrows(
-        GeneralSecurityException.class, () -> handle.getPrimitive(JwtPublicKeyVerify.class));
-  }
-
-  @Test
-  public void ecdsaWithSmallY_getPrimitiveFails() throws Exception {
+  public void ecdsa_pointNotOnCurve_getPrimitiveFails() throws Exception {
     String jwksString =
         "{"
             + "\"keys\":[{"
@@ -748,9 +730,8 @@ public final class JwkSetConverterTest {
             + "\"alg\":\"ES256\","
             + "\"key_ops\":[\"verify\"]"
             + "}]}";
-    KeysetHandle handle = JwkSetConverter.toPublicKeysetHandle(jwksString);
     assertThrows(
-        GeneralSecurityException.class, () -> handle.getPrimitive(JwtPublicKeyVerify.class));
+        GeneralSecurityException.class, () -> JwkSetConverter.toPublicKeysetHandle(jwksString));
   }
 
   @Test
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManagerTest.java b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManagerTest.java
index ebdde8ace..6f045015c 100644
--- a/java_src/src/test/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManagerTest.java
+++ b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManagerTest.java
@@ -591,17 +591,4 @@ public class JwtEcdsaSignKeyManagerTest {
         JwtInvalidException.class,
         () -> verifierWithWrongKid.verifyAndDecode(signedCompactWithKid, validator));
   }
-
-  @Test
-  public void signWithTinkKeyAndCustomKid_fails() throws Exception {
-    assumeFalse(TestUtil.isTsan()); // KeysetHandle.generateNew is too slow in Tsan.
-    KeyTemplate template = KeyTemplates.get("JWT_ES256");
-    KeysetHandle handleWithoutKid = KeysetHandle.generateNew(template);
-    KeysetHandle handleWithKid =
-        withCustomKid(handleWithoutKid, "Lorem ipsum dolor sit amet, consectetur adipiscing elit");
-
-    JwtPublicKeySign signerWithKid = handleWithKid.getPrimitive(JwtPublicKeySign.class);
-    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
-    assertThrows(JwtInvalidException.class, () -> signerWithKid.signAndEncode(rawToken));
-  }
 }
author	tholenst <tholenst@google.com>	2023-06-07 05:59:12 -0700
committer	Copybara-Service <copybara-worker@google.com>	2023-06-07 06:00:24 -0700
commit	485e142511da3338e68704593314cbc2b5eddce3 (patch)
tree	377e691dfdc0a6c2a7b30113e9f456817411d9d4
parent	68d60dd9d8bb53b6128615ba20345e8b7b08d7fc (diff)
download	tink-485e142511da3338e68704593314cbc2b5eddce3.tar.gz