diff options
author | ioannanedelcu <ioannanedelcu@google.com> | 2023-07-21 02:08:37 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-07-21 02:09:48 -0700 |
commit | ba1f77e3dee9a0d42468df279f2e9361ece87e8d (patch) | |
tree | 28ae3305633a2644edc36c6584fe7e486574ad7f /java_src/src/test/java | |
parent | b3ccf388b00041c910449d34e882bb2cfee73dcf (diff) | |
download | tink-ba1f77e3dee9a0d42468df279f2e9361ece87e8d.tar.gz |
Add JwtRsaSsaPkcs1PrivateKey class in Java.
PiperOrigin-RevId: 549884443
Diffstat (limited to 'java_src/src/test/java')
-rw-r--r-- | java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel | 19 | ||||
-rw-r--r-- | java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1PrivateKeyTest.java | 597 |
2 files changed, 616 insertions, 0 deletions
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel index 337614535..79e027604 100644 --- a/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel +++ b/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel @@ -524,3 +524,22 @@ java_test( "@maven//:junit_junit", ], ) + +java_test( + name = "JwtRsaSsaPkcs1PrivateKeyTest", + size = "small", + srcs = ["JwtRsaSsaPkcs1PrivateKeyTest.java"], + deps = [ + "//src/main/java/com/google/crypto/tink:insecure_secret_key_access", + "//src/main/java/com/google/crypto/tink/aead:cha_cha20_poly1305_key", + "//src/main/java/com/google/crypto/tink/internal:key_tester", + "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pkcs1_parameters", + "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pkcs1_private_key", + "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pkcs1_public_key", + "//src/main/java/com/google/crypto/tink/subtle:base64", + "//src/main/java/com/google/crypto/tink/util:secret_big_integer", + "//src/main/java/com/google/crypto/tink/util:secret_bytes", + "@maven//:com_google_truth_truth", + "@maven//:junit_junit", + ], +) diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1PrivateKeyTest.java b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1PrivateKeyTest.java new file mode 100644 index 000000000..59e485b02 --- /dev/null +++ b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1PrivateKeyTest.java @@ -0,0 +1,597 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +package com.google.crypto.tink.jwt; + +import static com.google.common.truth.Truth.assertThat; +import static org.junit.Assert.assertThrows; + +import com.google.crypto.tink.InsecureSecretKeyAccess; +import com.google.crypto.tink.aead.ChaCha20Poly1305Key; +import com.google.crypto.tink.internal.KeyTester; +import com.google.crypto.tink.subtle.Base64; +import com.google.crypto.tink.util.SecretBigInteger; +import com.google.crypto.tink.util.SecretBytes; +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.util.Optional; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +@RunWith(JUnit4.class) +public final class JwtRsaSsaPkcs1PrivateKeyTest { + + // Test vector from https://datatracker.ietf.org/doc/html/rfc7515#appendix-A.2 + static final BigInteger EXPONENT = new BigInteger(1, Base64.urlSafeDecode("AQAB")); + static final BigInteger MODULUS = + new BigInteger( + 1, + Base64.urlSafeDecode( + "ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx" + + "HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs" + + "D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH" + + "SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV" + + "MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8" + + "NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ")); + static final BigInteger P = + new BigInteger( + 1, + Base64.urlSafeDecode( + "4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdi" + + "YrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPG" + + "BY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc")); + static final BigInteger Q = + new BigInteger( + 1, + Base64.urlSafeDecode( + "uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxa" + + "ewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA" + + "-njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc")); + static final BigInteger D = + new BigInteger( + 1, + Base64.urlSafeDecode( + "Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I" + + "jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0" + + "BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn" + + "439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT" + + "CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh" + + "BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ")); + static final BigInteger DP = + new BigInteger( + 1, + Base64.urlSafeDecode( + "BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3Q" + + "CLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb" + + "34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0")); + static final BigInteger DQ = + new BigInteger( + 1, + Base64.urlSafeDecode( + "h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa" + + "7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3_-ky" + + "NlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU")); + static final BigInteger Q_INV = + new BigInteger( + 1, + Base64.urlSafeDecode( + "IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2o" + + "y26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLU" + + "W0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U")); + + @Test + public void build_kidStrategyIgnored_hasExpectedValues() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1PublicKey publicKey = + JwtRsaSsaPkcs1PublicKey.builder().setParameters(parameters).setModulus(MODULUS).build(); + JwtRsaSsaPkcs1PrivateKey privateKey = + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey(publicKey) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrivateExponent(SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build(); + assertThat(privateKey.getParameters()).isEqualTo(parameters); + assertThat(privateKey.getPublicKey()).isEqualTo(publicKey); + assertThat(privateKey.getPrimeP().getBigInteger(InsecureSecretKeyAccess.get())).isEqualTo(P); + assertThat(privateKey.getPrimeQ().getBigInteger(InsecureSecretKeyAccess.get())).isEqualTo(Q); + assertThat(privateKey.getPrimeExponentP().getBigInteger(InsecureSecretKeyAccess.get())) + .isEqualTo(DP); + assertThat(privateKey.getPrimeExponentQ().getBigInteger(InsecureSecretKeyAccess.get())) + .isEqualTo(DQ); + assertThat(privateKey.getCrtCoefficient().getBigInteger(InsecureSecretKeyAccess.get())) + .isEqualTo(Q_INV); + assertThat(privateKey.getPrivateExponent().getBigInteger(InsecureSecretKeyAccess.get())) + .isEqualTo(D); + + assertThat(privateKey.getKid()).isEqualTo(Optional.empty()); + assertThat(privateKey.getIdRequirementOrNull()).isNull(); + } + + @Test + public void build_kidStrategyCustom_hasExpectedValues() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.CUSTOM) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1PublicKey publicKey = + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parameters) + .setModulus(MODULUS) + .setCustomKid("customKid777") + .build(); + JwtRsaSsaPkcs1PrivateKey privateKey = + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey(publicKey) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrivateExponent(SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build(); + assertThat(privateKey.getParameters()).isEqualTo(parameters); + assertThat(privateKey.getPublicKey()).isEqualTo(publicKey); + + assertThat(privateKey.getKid().get()).isEqualTo("customKid777"); + assertThat(privateKey.getIdRequirementOrNull()).isNull(); + } + + @Test + public void build_kidStrategyBase64_hasExpectedValues() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.BASE64_ENCODED_KEY_ID) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1PublicKey publicKey = + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parameters) + .setModulus(MODULUS) + .setIdRequirement(0x1ac6a944) + .build(); + JwtRsaSsaPkcs1PrivateKey privateKey = + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey(publicKey) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrivateExponent(SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build(); + assertThat(privateKey.getParameters()).isEqualTo(parameters); + assertThat(privateKey.getPublicKey()).isEqualTo(publicKey); + + assertThat(privateKey.getKid().get()).isEqualTo("GsapRA"); + assertThat(privateKey.getIdRequirementOrNull()).isEqualTo(0x1ac6a944); + } + + @Test + public void notAllValuesSet_throws() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(EXPONENT) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1PublicKey publicKey = + JwtRsaSsaPkcs1PublicKey.builder().setParameters(parameters).setModulus(MODULUS).build(); + + // no public key + assertThrows( + GeneralSecurityException.class, + () -> + JwtRsaSsaPkcs1PrivateKey.builder() + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrivateExponent( + SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build()); + + // no prime factors + assertThrows( + GeneralSecurityException.class, + () -> + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey(publicKey) + .setPrivateExponent( + SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build()); + + // no private exponent + assertThrows( + GeneralSecurityException.class, + () -> + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey(publicKey) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build()); + + // no factors crt exponents + assertThrows( + GeneralSecurityException.class, + () -> + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey(publicKey) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrivateExponent( + SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build()); + + // no crt coefficient + assertThrows( + GeneralSecurityException.class, + () -> + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey(publicKey) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrivateExponent( + SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .build()); + } + + @Test + public void emptyBuild_fails() throws Exception { + assertThrows(GeneralSecurityException.class, () -> JwtRsaSsaPkcs1PrivateKey.builder().build()); + } + + @Test + public void build_validatesValues() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(EXPONENT) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + // Check that build fails if any value is increased by 1. + assertThrows( + GeneralSecurityException.class, + () -> + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey( + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parameters) + .setModulus(MODULUS.add(BigInteger.ONE)) // modulus is one off + .build()) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build()); + assertThrows( + GeneralSecurityException.class, + () -> + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey( + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parameters) + .setModulus(MODULUS) + .build()) + .setPrimes( + SecretBigInteger.fromBigInteger( + P.add(BigInteger.ONE), InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build()); + assertThrows( + GeneralSecurityException.class, + () -> + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey( + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parameters) + .setModulus(MODULUS) + .build()) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger( + Q.add(BigInteger.ONE), InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build()); + assertThrows( + GeneralSecurityException.class, + () -> + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey( + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parameters) + .setModulus(MODULUS) + .build()) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger( + DP.add(BigInteger.ONE), InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build()); + assertThrows( + GeneralSecurityException.class, + () -> + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey( + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parameters) + .setModulus(MODULUS) + .build()) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger( + DQ.add(BigInteger.ONE), InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build()); + assertThrows( + GeneralSecurityException.class, + () -> + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey( + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parameters) + .setModulus(MODULUS) + .build()) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger( + Q_INV.add(BigInteger.ONE), InsecureSecretKeyAccess.get())) + .build()); + } + + @Test + public void testEqualities() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(EXPONENT) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1PublicKey kidStrategyIgnoredPublicKey = + JwtRsaSsaPkcs1PublicKey.builder().setParameters(parameters).setModulus(MODULUS).build(); + + JwtRsaSsaPkcs1PublicKey kidStrategyBase64PublicKey = + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters( + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(EXPONENT) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.BASE64_ENCODED_KEY_ID) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build()) + .setModulus(MODULUS) + .setIdRequirement(1907) + .build(); + + JwtRsaSsaPkcs1PublicKey kidStrategyIgnoredPublicKeyRS512 = + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters( + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(EXPONENT) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS512) + .build()) + .setModulus(MODULUS) + .build(); + + JwtRsaSsaPkcs1Parameters parametersCustomKid = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(EXPONENT) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.CUSTOM) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1PublicKey publicKeyCustomKid1 = + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parametersCustomKid) + .setModulus(MODULUS) + .setCustomKid("CustomKID1") + .build(); + JwtRsaSsaPkcs1PublicKey publicKeyCustomKid2 = + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parametersCustomKid) + .setModulus(MODULUS) + .setCustomKid("CustomKID2") + .build(); + + new KeyTester() + .addEqualityGroup( + "kidStrategyIgnored", + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey(kidStrategyIgnoredPublicKey) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrivateExponent( + SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build(), + // the same key built twice must be equal + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey(kidStrategyIgnoredPublicKey) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrivateExponent( + SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build()) + // This group checks that a private key where p and q are swapped is considered different + .addEqualityGroup( + "p and q swapped", + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey(kidStrategyIgnoredPublicKey) + .setPrimes( + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get())) + .setPrivateExponent( + SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(P.modInverse(Q), InsecureSecretKeyAccess.get())) + .build()) + // This group checks that keys with different parameters are not equal + .addEqualityGroup( + "KID ignored, RRS512", + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey(kidStrategyIgnoredPublicKeyRS512) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrivateExponent( + SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build()) + .addEqualityGroup( + "KID Base 64", + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey(kidStrategyBase64PublicKey) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrivateExponent( + SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build()) + .addEqualityGroup( + "CustomKID1", + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey(publicKeyCustomKid1) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrivateExponent( + SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build()) + .addEqualityGroup( + "CustomKID2", + JwtRsaSsaPkcs1PrivateKey.builder() + .setPublicKey(publicKeyCustomKid2) + .setPrimes( + SecretBigInteger.fromBigInteger(P, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(Q, InsecureSecretKeyAccess.get())) + .setPrivateExponent( + SecretBigInteger.fromBigInteger(D, InsecureSecretKeyAccess.get())) + .setPrimeExponents( + SecretBigInteger.fromBigInteger(DP, InsecureSecretKeyAccess.get()), + SecretBigInteger.fromBigInteger(DQ, InsecureSecretKeyAccess.get())) + .setCrtCoefficient( + SecretBigInteger.fromBigInteger(Q_INV, InsecureSecretKeyAccess.get())) + .build()) + .addEqualityGroup( + "different key class", ChaCha20Poly1305Key.create(SecretBytes.randomBytes(32))) + .doTests(); + } +} |