diff options
author | juerg <juerg@google.com> | 2022-04-07 07:07:05 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2022-04-07 07:07:58 -0700 |
commit | 2d01efbcea5597438a2e80472370d7372e126de3 (patch) | |
tree | cb448a9e89c6656536dae9671f250b6d7310bd9e | |
parent | 6aaa2842bf760859d66bf647eebb136b950a005c (diff) | |
download | tink-2d01efbcea5597438a2e80472370d7372e126de3.tar.gz |
Allow missing KeysetInfo in JsonKeysetReader.java
Currently, the C++ KeysetHandle.write method does not set the KeysetInfo. To make sure that keysets written in C++ can be read in Java, we must allow missing KeysetInfo in JsonKeysetReader.java.
Note that the "KeysetInfo" field is anyways ignored by KeysetHandle.read, only the "EncryptedKeyset" is used to generate the KeysetHandle.
PiperOrigin-RevId: 440096586
-rw-r--r-- | java_src/src/main/java/com/google/crypto/tink/JsonKeysetReader.java | 14 | ||||
-rw-r--r-- | java_src/src/test/java/com/google/crypto/tink/JsonKeysetReaderTest.java | 22 |
2 files changed, 32 insertions, 4 deletions
diff --git a/java_src/src/main/java/com/google/crypto/tink/JsonKeysetReader.java b/java_src/src/main/java/com/google/crypto/tink/JsonKeysetReader.java index dd5dcbcc8..eb4934078 100644 --- a/java_src/src/main/java/com/google/crypto/tink/JsonKeysetReader.java +++ b/java_src/src/main/java/com/google/crypto/tink/JsonKeysetReader.java @@ -187,10 +187,16 @@ public final class JsonKeysetReader implements KeysetReader { } else { encryptedKeyset = Base64.decode(json.get("encryptedKeyset").getAsString()); } - return EncryptedKeyset.newBuilder() - .setEncryptedKeyset(ByteString.copyFrom(encryptedKeyset)) - .setKeysetInfo(keysetInfoFromJson(json.getAsJsonObject("keysetInfo"))) - .build(); + if (json.has("keysetInfo")) { + return EncryptedKeyset.newBuilder() + .setEncryptedKeyset(ByteString.copyFrom(encryptedKeyset)) + .setKeysetInfo(keysetInfoFromJson(json.getAsJsonObject("keysetInfo"))) + .build(); + } else { + return EncryptedKeyset.newBuilder() + .setEncryptedKeyset(ByteString.copyFrom(encryptedKeyset)) + .build(); + } } private Keyset.Key keyFromJson(JsonObject json) { diff --git a/java_src/src/test/java/com/google/crypto/tink/JsonKeysetReaderTest.java b/java_src/src/test/java/com/google/crypto/tink/JsonKeysetReaderTest.java index a5d1f13f5..607b2087e 100644 --- a/java_src/src/test/java/com/google/crypto/tink/JsonKeysetReaderTest.java +++ b/java_src/src/test/java/com/google/crypto/tink/JsonKeysetReaderTest.java @@ -312,6 +312,28 @@ public class JsonKeysetReaderTest { } @Test + public void testReadEncrypted_missingKeysetInfo_shouldSucceed() throws Exception { + Aead keysetEncryptionAead = + KeysetHandle.generateNew(KeyTemplates.get("AES128_EAX")).getPrimitive(Aead.class); + ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); + KeysetHandle handle1 = KeysetHandle.generateNew(KeyTemplates.get("HMAC_SHA256_128BITTAG")); + + // Generate a valid encrypted keyset in JSON format, and delete "keysetInfo". + handle1.write(JsonKeysetWriter.withOutputStream(outputStream), keysetEncryptionAead); + JsonObject jsonEncryptedKeyset = + JsonParser.parseString(new String(outputStream.toByteArray(), UTF_8)).getAsJsonObject(); + jsonEncryptedKeyset.remove("keysetInfo"); + String jsonEncryptedKeysetWithoutKeysetInfo = jsonEncryptedKeyset.toString(); + + KeysetHandle handle2 = + KeysetHandle.read( + JsonKeysetReader.withString(jsonEncryptedKeysetWithoutKeysetInfo), + keysetEncryptionAead); + + assertKeysetHandle(handle1, handle2); + } + + @Test public void testReadEncrypted_missingEncryptedKeyset_shouldThrowException() throws Exception { KeyTemplate masterKeyTemplate = AeadKeyTemplates.AES128_EAX; Aead masterKey = Registry.getPrimitive(Registry.newKeyData(masterKeyTemplate)); |