Register JwtRsaSsaPss proto serialization.

PiperOrigin-RevId: 555850886
author: ioannanedelcu <ioannanedelcu@google.com> 2023-08-11 01:49:22 -0700
committer: Copybara-Service <copybara-worker@google.com> 2023-08-11 01:50:20 -0700
commit: 8339f6fb72b7caa0a942ce51d4e60b41339905d4 (patch)
tree: 75f67c460473be9a8f6fd38e8f71fc281cbc3d56
parent: 82151fcac4881ec70b74e8c098cff1c675755571 (diff)
download: tink-8339f6fb72b7caa0a942ce51d4e60b41339905d4.tar.gz
5 files changed, 32 insertions, 5 deletions
diff --git a/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel b/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel
index fb92180c5..51a459c02 100644
--- a/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel
+++ b/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel
@@ -193,6 +193,7 @@ java_library(
         ":jwt_format",
         ":jwt_invalid_exception",
         ":jwt_public_key_sign_internal",
+        ":jwt_rsa_ssa_pss_proto_serialization",
         ":jwt_rsa_ssa_pss_verify_key_manager",
         ":raw_jwt",
         "//proto:jwt_rsa_ssa_pss_java_proto",
@@ -741,6 +742,7 @@ android_library(
         ":jwt_format-android",
         ":jwt_invalid_exception-android",
         ":jwt_public_key_sign_internal-android",
+        ":jwt_rsa_ssa_pss_proto_serialization-android",
         ":jwt_rsa_ssa_pss_verify_key_manager-android",
         ":raw_jwt-android",
         "//proto:jwt_rsa_ssa_pss_java_proto_lite",
diff --git a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManager.java b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManager.java
index bfd39ce5a..06fb829a5 100644
--- a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManager.java
+++ b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManager.java
@@ -303,6 +303,7 @@ public final class JwtRsaSsaPssSignKeyManager
   public static void registerPair(boolean newKeyAllowed) throws GeneralSecurityException {
     Registry.registerAsymmetricKeyManagers(
         new JwtRsaSsaPssSignKeyManager(), new JwtRsaSsaPssVerifyKeyManager(), newKeyAllowed);
+    JwtRsaSsaPssProtoSerialization.register();
   }
 
   private static KeyFactory.KeyFormat<JwtRsaSsaPssKeyFormat> createKeyFormat(
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel
index dd156bd25..2fff4191b 100644
--- a/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel
+++ b/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel
@@ -109,6 +109,7 @@ java_test(
         "//proto:jwt_rsa_ssa_pss_java_proto",
         "//proto:tink_java_proto",
         "//src/main/java/com/google/crypto/tink:cleartext_keyset_handle",
+        "//src/main/java/com/google/crypto/tink:key",
         "//src/main/java/com/google/crypto/tink:key_template",
         "//src/main/java/com/google/crypto/tink:key_templates",
         "//src/main/java/com/google/crypto/tink:registry_cluster",
@@ -120,6 +121,8 @@ java_test(
         "//src/main/java/com/google/crypto/tink/jwt:jwt_public_key_sign",
         "//src/main/java/com/google/crypto/tink/jwt:jwt_public_key_sign_internal",
         "//src/main/java/com/google/crypto/tink/jwt:jwt_public_key_verify",
+        "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pss_parameters",
+        "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pss_private_key",
         "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pss_sign_key_manager",
         "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pss_verify_key_manager",
         "//src/main/java/com/google/crypto/tink/jwt:jwt_signature_config",
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java b/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java
index 6c55a5417..48d3350a5 100644
--- a/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java
+++ b/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java
@@ -944,9 +944,8 @@ public final class JwkSetConverterTest {
         GeneralSecurityException.class, () -> JwkSetConverter.toPublicKeysetHandle(jwksString));
 
     String psJwksString = jwksString.replace("RS256", "PS256");
-    KeysetHandle psHandle = JwkSetConverter.toPublicKeysetHandle(psJwksString);
     assertThrows(
-        GeneralSecurityException.class, () -> psHandle.getPrimitive(JwtPublicKeyVerify.class));
+        GeneralSecurityException.class, () -> JwkSetConverter.toPublicKeysetHandle(psJwksString));
   }
 
   @Test
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManagerTest.java b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManagerTest.java
index 58c617307..30ebb5166 100644
--- a/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManagerTest.java
+++ b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManagerTest.java
@@ -313,6 +313,29 @@ public class JwtRsaSsaPssSignKeyManagerTest {
   }
 
   @Test
+  public void createKeysetHandle_works() throws Exception {
+    if (TestUtil.isTsan()) {
+      // factory.createKey is too slow in Tsan.
+      return;
+    }
+    KeysetHandle handle = KeysetHandle.generateNew(KeyTemplates.get("JWT_PS256_2048_F4"));
+
+    com.google.crypto.tink.Key key = handle.getAt(0).getKey();
+    assertThat(key).isInstanceOf(com.google.crypto.tink.jwt.JwtRsaSsaPssPrivateKey.class);
+    com.google.crypto.tink.jwt.JwtRsaSsaPssPrivateKey jwtPrivateKey =
+        (com.google.crypto.tink.jwt.JwtRsaSsaPssPrivateKey) key;
+
+    assertThat(jwtPrivateKey.getParameters())
+        .isEqualTo(
+            JwtRsaSsaPssParameters.builder()
+                .setModulusSizeBits(2048)
+                .setPublicExponent(JwtRsaSsaPssParameters.F4)
+                .setAlgorithm(JwtRsaSsaPssParameters.Algorithm.PS256)
+                .setKidStrategy(JwtRsaSsaPssParameters.KidStrategy.BASE64_ENCODED_KEY_ID)
+                .build());
+  }
+
+  @Test
   public void testTinkTemplatesAreTink() throws Exception {
     assertThat(getOutputPrefixType(KeyTemplates.get("JWT_PS256_2048_F4")))
         .isEqualTo(KeyTemplate.OutputPrefixType.TINK);
@@ -708,8 +731,7 @@ public class JwtRsaSsaPssSignKeyManagerTest {
     KeysetHandle handleWithKid =
         CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
 
-    JwtPublicKeySign signerWithKid = handleWithKid.getPrimitive(JwtPublicKeySign.class);
-    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
-    assertThrows(JwtInvalidException.class, () -> signerWithKid.signAndEncode(rawToken));
+    assertThrows(
+        GeneralSecurityException.class, () -> handleWithKid.getPrimitive(JwtPublicKeySign.class));
   }
 }
author	ioannanedelcu <ioannanedelcu@google.com>	2023-08-11 01:49:22 -0700
committer	Copybara-Service <copybara-worker@google.com>	2023-08-11 01:50:20 -0700
commit	8339f6fb72b7caa0a942ce51d4e60b41339905d4 (patch)
tree	75f67c460473be9a8f6fd38e8f71fc281cbc3d56
parent	82151fcac4881ec70b74e8c098cff1c675755571 (diff)
download	tink-8339f6fb72b7caa0a942ce51d4e60b41339905d4.tar.gz