aboutsummaryrefslogtreecommitdiff
path: root/java_src/src/test/java
diff options
context:
space:
mode:
authorioannanedelcu <ioannanedelcu@google.com>2023-07-21 02:08:37 -0700
committerCopybara-Service <copybara-worker@google.com>2023-07-21 02:09:48 -0700
commitba1f77e3dee9a0d42468df279f2e9361ece87e8d (patch)
tree28ae3305633a2644edc36c6584fe7e486574ad7f /java_src/src/test/java
parentb3ccf388b00041c910449d34e882bb2cfee73dcf (diff)
downloadtink-ba1f77e3dee9a0d42468df279f2e9361ece87e8d.tar.gz
Add JwtRsaSsaPkcs1PrivateKey class in Java.
PiperOrigin-RevId: 549884443
Diffstat (limited to 'java_src/src/test/java')
-rw-r--r--java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel19
-rw-r--r--java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1PrivateKeyTest.java597
2 files changed, 616 insertions, 0 deletions
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel
index 337614535..79e027604 100644
--- a/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel
+++ b/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel
@@ -524,3 +524,22 @@ java_test(
"@maven//:junit_junit",
],
)
+
+java_test(
+ name = "JwtRsaSsaPkcs1PrivateKeyTest",
+ size = "small",
+ srcs = ["JwtRsaSsaPkcs1PrivateKeyTest.java"],
+ deps = [
+ "//src/main/java/com/google/crypto/tink:insecure_secret_key_access",
+ "//src/main/java/com/google/crypto/tink/aead:cha_cha20_poly1305_key",
+ "//src/main/java/com/google/crypto/tink/internal:key_tester",
+ "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pkcs1_parameters",
+ "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pkcs1_private_key",
+ "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pkcs1_public_key",
+ "//src/main/java/com/google/crypto/tink/subtle:base64",
+ "//src/main/java/com/google/crypto/tink/util:secret_big_integer",
+ "//src/main/java/com/google/crypto/tink/util:secret_bytes",
+ "@maven//:com_google_truth_truth",
+ "@maven//:junit_junit",
+ ],
+)
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1PrivateKeyTest.java b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1PrivateKeyTest.java
new file mode 100644
index 000000000..59e485b02
--- /dev/null
+++ b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1PrivateKeyTest.java
@@ -0,0 +1,597 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+package com.google.crypto.tink.jwt;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
+
+import com.google.crypto.tink.InsecureSecretKeyAccess;
+import com.google.crypto.tink.aead.ChaCha20Poly1305Key;
+import com.google.crypto.tink.internal.KeyTester;
+import com.google.crypto.tink.subtle.Base64;
+import com.google.crypto.tink.util.SecretBigInteger;
+import com.google.crypto.tink.util.SecretBytes;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.util.Optional;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public final class JwtRsaSsaPkcs1PrivateKeyTest {
+
+ // Test vector from https://datatracker.ietf.org/doc/html/rfc7515#appendix-A.2
+ static final BigInteger EXPONENT = new BigInteger(1, Base64.urlSafeDecode("AQAB"));
+ static final BigInteger MODULUS =
+ new BigInteger(
+ 1,
+ Base64.urlSafeDecode(
+ "ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx"
+ + "HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs"
+ + "D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH"
+ + "SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV"
+ + "MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8"
+ + "NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ"));
+ static final BigInteger P =
+ new BigInteger(
+ 1,
+ Base64.urlSafeDecode(
+ "4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdi"
+ + "YrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPG"
+ + "BY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc"));
+ static final BigInteger Q =
+ new BigInteger(
+ 1,
+ Base64.urlSafeDecode(
+ "uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxa"
+ + "ewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA"
+ + "-njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc"));
+ static final BigInteger D =
+ new BigInteger(
+ 1,
+ Base64.urlSafeDecode(
+ "Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I"
+ + "jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0"
+ + "BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn"
+ + "439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT"
+ + "CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh"
+ + "BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ"));
+ static final BigInteger DP =
+ new BigInteger(
+ 1,
+ Base64.urlSafeDecode(
+ "BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3Q"
+ + "CLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb"
+ + "34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0"));
+ static final BigInteger DQ =
+ new BigInteger(
+ 1,
+ Base64.urlSafeDecode(
+ "h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa"
+ + "7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3_-ky"
+ + "NlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU"));
+ static final BigInteger Q_INV =
+ new BigInteger(
+ 1,
+ Base64.urlSafeDecode(
+ "IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2o"
+ + "y26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLU"
+ + "W0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U"));
+
+ @Test
+ public void build_kidStrategyIgnored_hasExpectedValues() throws Exception {
+ JwtRsaSsaPkcs1Parameters parameters =
+ JwtRsaSsaPkcs1Parameters.builder()
+ .setModulusSizeBits(2048)
+ .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4)
+ .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED)
+ .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256)
+ .build();
+ JwtRsaSsaPkcs1PublicKey publicKey =
+ JwtRsaSsaPkcs1PublicKey.builder().setParameters(parameters).setModulus(MODULUS).build();
+ JwtRsaSsaPkcs1PrivateKey privateKey =
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(publicKey)
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrivateExponent(SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build();
+ assertThat(privateKey.getParameters()).isEqualTo(parameters);
+ assertThat(privateKey.getPublicKey()).isEqualTo(publicKey);
+ assertThat(privateKey.getPrimeP().getBigInteger(InsecureSecretKeyAccess.get())).isEqualTo(P);
+ assertThat(privateKey.getPrimeQ().getBigInteger(InsecureSecretKeyAccess.get())).isEqualTo(Q);
+ assertThat(privateKey.getPrimeExponentP().getBigInteger(InsecureSecretKeyAccess.get()))
+ .isEqualTo(DP);
+ assertThat(privateKey.getPrimeExponentQ().getBigInteger(InsecureSecretKeyAccess.get()))
+ .isEqualTo(DQ);
+ assertThat(privateKey.getCrtCoefficient().getBigInteger(InsecureSecretKeyAccess.get()))
+ .isEqualTo(Q_INV);
+ assertThat(privateKey.getPrivateExponent().getBigInteger(InsecureSecretKeyAccess.get()))
+ .isEqualTo(D);
+
+ assertThat(privateKey.getKid()).isEqualTo(Optional.empty());
+ assertThat(privateKey.getIdRequirementOrNull()).isNull();
+ }
+
+ @Test
+ public void build_kidStrategyCustom_hasExpectedValues() throws Exception {
+ JwtRsaSsaPkcs1Parameters parameters =
+ JwtRsaSsaPkcs1Parameters.builder()
+ .setModulusSizeBits(2048)
+ .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4)
+ .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.CUSTOM)
+ .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256)
+ .build();
+ JwtRsaSsaPkcs1PublicKey publicKey =
+ JwtRsaSsaPkcs1PublicKey.builder()
+ .setParameters(parameters)
+ .setModulus(MODULUS)
+ .setCustomKid("customKid777")
+ .build();
+ JwtRsaSsaPkcs1PrivateKey privateKey =
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(publicKey)
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrivateExponent(SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build();
+ assertThat(privateKey.getParameters()).isEqualTo(parameters);
+ assertThat(privateKey.getPublicKey()).isEqualTo(publicKey);
+
+ assertThat(privateKey.getKid().get()).isEqualTo("customKid777");
+ assertThat(privateKey.getIdRequirementOrNull()).isNull();
+ }
+
+ @Test
+ public void build_kidStrategyBase64_hasExpectedValues() throws Exception {
+ JwtRsaSsaPkcs1Parameters parameters =
+ JwtRsaSsaPkcs1Parameters.builder()
+ .setModulusSizeBits(2048)
+ .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4)
+ .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.BASE64_ENCODED_KEY_ID)
+ .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256)
+ .build();
+ JwtRsaSsaPkcs1PublicKey publicKey =
+ JwtRsaSsaPkcs1PublicKey.builder()
+ .setParameters(parameters)
+ .setModulus(MODULUS)
+ .setIdRequirement(0x1ac6a944)
+ .build();
+ JwtRsaSsaPkcs1PrivateKey privateKey =
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(publicKey)
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrivateExponent(SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build();
+ assertThat(privateKey.getParameters()).isEqualTo(parameters);
+ assertThat(privateKey.getPublicKey()).isEqualTo(publicKey);
+
+ assertThat(privateKey.getKid().get()).isEqualTo("GsapRA");
+ assertThat(privateKey.getIdRequirementOrNull()).isEqualTo(0x1ac6a944);
+ }
+
+ @Test
+ public void notAllValuesSet_throws() throws Exception {
+ JwtRsaSsaPkcs1Parameters parameters =
+ JwtRsaSsaPkcs1Parameters.builder()
+ .setModulusSizeBits(2048)
+ .setPublicExponent(EXPONENT)
+ .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED)
+ .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256)
+ .build();
+ JwtRsaSsaPkcs1PublicKey publicKey =
+ JwtRsaSsaPkcs1PublicKey.builder().setParameters(parameters).setModulus(MODULUS).build();
+
+ // no public key
+ assertThrows(
+ GeneralSecurityException.class,
+ () ->
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrivateExponent(
+ SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build());
+
+ // no prime factors
+ assertThrows(
+ GeneralSecurityException.class,
+ () ->
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(publicKey)
+ .setPrivateExponent(
+ SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build());
+
+ // no private exponent
+ assertThrows(
+ GeneralSecurityException.class,
+ () ->
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(publicKey)
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build());
+
+ // no factors crt exponents
+ assertThrows(
+ GeneralSecurityException.class,
+ () ->
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(publicKey)
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrivateExponent(
+ SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build());
+
+ // no crt coefficient
+ assertThrows(
+ GeneralSecurityException.class,
+ () ->
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(publicKey)
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrivateExponent(
+ SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .build());
+ }
+
+ @Test
+ public void emptyBuild_fails() throws Exception {
+ assertThrows(GeneralSecurityException.class, () -> JwtRsaSsaPkcs1PrivateKey.builder().build());
+ }
+
+ @Test
+ public void build_validatesValues() throws Exception {
+ JwtRsaSsaPkcs1Parameters parameters =
+ JwtRsaSsaPkcs1Parameters.builder()
+ .setModulusSizeBits(2048)
+ .setPublicExponent(EXPONENT)
+ .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED)
+ .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256)
+ .build();
+ // Check that build fails if any value is increased by 1.
+ assertThrows(
+ GeneralSecurityException.class,
+ () ->
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(
+ JwtRsaSsaPkcs1PublicKey.builder()
+ .setParameters(parameters)
+ .setModulus(MODULUS.add(BigInteger.ONE)) // modulus is one off
+ .build())
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build());
+ assertThrows(
+ GeneralSecurityException.class,
+ () ->
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(
+ JwtRsaSsaPkcs1PublicKey.builder()
+ .setParameters(parameters)
+ .setModulus(MODULUS)
+ .build())
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(
+ P.add(BigInteger.ONE), InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build());
+ assertThrows(
+ GeneralSecurityException.class,
+ () ->
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(
+ JwtRsaSsaPkcs1PublicKey.builder()
+ .setParameters(parameters)
+ .setModulus(MODULUS)
+ .build())
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(
+ Q.add(BigInteger.ONE), InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build());
+ assertThrows(
+ GeneralSecurityException.class,
+ () ->
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(
+ JwtRsaSsaPkcs1PublicKey.builder()
+ .setParameters(parameters)
+ .setModulus(MODULUS)
+ .build())
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(
+ DP.add(BigInteger.ONE), InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build());
+ assertThrows(
+ GeneralSecurityException.class,
+ () ->
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(
+ JwtRsaSsaPkcs1PublicKey.builder()
+ .setParameters(parameters)
+ .setModulus(MODULUS)
+ .build())
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(
+ DQ.add(BigInteger.ONE), InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build());
+ assertThrows(
+ GeneralSecurityException.class,
+ () ->
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(
+ JwtRsaSsaPkcs1PublicKey.builder()
+ .setParameters(parameters)
+ .setModulus(MODULUS)
+ .build())
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(
+ Q_INV.add(BigInteger.ONE), InsecureSecretKeyAccess.get()))
+ .build());
+ }
+
+ @Test
+ public void testEqualities() throws Exception {
+ JwtRsaSsaPkcs1Parameters parameters =
+ JwtRsaSsaPkcs1Parameters.builder()
+ .setModulusSizeBits(2048)
+ .setPublicExponent(EXPONENT)
+ .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED)
+ .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256)
+ .build();
+ JwtRsaSsaPkcs1PublicKey kidStrategyIgnoredPublicKey =
+ JwtRsaSsaPkcs1PublicKey.builder().setParameters(parameters).setModulus(MODULUS).build();
+
+ JwtRsaSsaPkcs1PublicKey kidStrategyBase64PublicKey =
+ JwtRsaSsaPkcs1PublicKey.builder()
+ .setParameters(
+ JwtRsaSsaPkcs1Parameters.builder()
+ .setModulusSizeBits(2048)
+ .setPublicExponent(EXPONENT)
+ .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.BASE64_ENCODED_KEY_ID)
+ .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256)
+ .build())
+ .setModulus(MODULUS)
+ .setIdRequirement(1907)
+ .build();
+
+ JwtRsaSsaPkcs1PublicKey kidStrategyIgnoredPublicKeyRS512 =
+ JwtRsaSsaPkcs1PublicKey.builder()
+ .setParameters(
+ JwtRsaSsaPkcs1Parameters.builder()
+ .setModulusSizeBits(2048)
+ .setPublicExponent(EXPONENT)
+ .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED)
+ .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS512)
+ .build())
+ .setModulus(MODULUS)
+ .build();
+
+ JwtRsaSsaPkcs1Parameters parametersCustomKid =
+ JwtRsaSsaPkcs1Parameters.builder()
+ .setModulusSizeBits(2048)
+ .setPublicExponent(EXPONENT)
+ .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.CUSTOM)
+ .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256)
+ .build();
+ JwtRsaSsaPkcs1PublicKey publicKeyCustomKid1 =
+ JwtRsaSsaPkcs1PublicKey.builder()
+ .setParameters(parametersCustomKid)
+ .setModulus(MODULUS)
+ .setCustomKid("CustomKID1")
+ .build();
+ JwtRsaSsaPkcs1PublicKey publicKeyCustomKid2 =
+ JwtRsaSsaPkcs1PublicKey.builder()
+ .setParameters(parametersCustomKid)
+ .setModulus(MODULUS)
+ .setCustomKid("CustomKID2")
+ .build();
+
+ new KeyTester()
+ .addEqualityGroup(
+ "kidStrategyIgnored",
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(kidStrategyIgnoredPublicKey)
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrivateExponent(
+ SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build(),
+ // the same key built twice must be equal
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(kidStrategyIgnoredPublicKey)
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrivateExponent(
+ SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build())
+ // This group checks that a private key where p and q are swapped is considered different
+ .addEqualityGroup(
+ "p and q swapped",
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(kidStrategyIgnoredPublicKey)
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()))
+ .setPrivateExponent(
+ SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(P.modInverse(Q), InsecureSecretKeyAccess.get()))
+ .build())
+ // This group checks that keys with different parameters are not equal
+ .addEqualityGroup(
+ "KID ignored, RRS512",
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(kidStrategyIgnoredPublicKeyRS512)
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrivateExponent(
+ SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build())
+ .addEqualityGroup(
+ "KID Base 64",
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(kidStrategyBase64PublicKey)
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrivateExponent(
+ SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build())
+ .addEqualityGroup(
+ "CustomKID1",
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(publicKeyCustomKid1)
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrivateExponent(
+ SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build())
+ .addEqualityGroup(
+ "CustomKID2",
+ JwtRsaSsaPkcs1PrivateKey.builder()
+ .setPublicKey(publicKeyCustomKid2)
+ .setPrimes(
+ SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()))
+ .setPrivateExponent(
+ SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get()))
+ .setPrimeExponents(
+ SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()),
+ SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()))
+ .setCrtCoefficient(
+ SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get()))
+ .build())
+ .addEqualityGroup(
+ "different key class", ChaCha20Poly1305Key.create(SecretBytes.randomBytes(32)))
+ .doTests();
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 00:26:24 +0000