diff options
author | ioannanedelcu <ioannanedelcu@google.com> | 2023-07-20 05:59:06 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-07-20 05:59:56 -0700 |
commit | 5649ede627ddc4067dc8502b7aca61e41cd0481a (patch) | |
tree | 1e6ca3eae609e5b91713a2f29ce1349b9ae64b6f /java_src/src/test | |
parent | c5d022a07694180813f50171e0f5a1ce8aa50120 (diff) | |
download | tink-5649ede627ddc4067dc8502b7aca61e41cd0481a.tar.gz |
Add JwtRsaSsaPkcs1PublicKey class in Java.
PiperOrigin-RevId: 549607483
Diffstat (limited to 'java_src/src/test')
-rw-r--r-- | java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel | 14 | ||||
-rw-r--r-- | java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1PublicKeyTest.java | 345 |
2 files changed, 359 insertions, 0 deletions
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel index 6371ee03d..337614535 100644 --- a/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel +++ b/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel @@ -510,3 +510,17 @@ java_test( "@maven//:junit_junit", ], ) + +java_test( + name = "JwtRsaSsaPkcs1PublicKeyTest", + size = "small", + srcs = ["JwtRsaSsaPkcs1PublicKeyTest.java"], + deps = [ + "//src/main/java/com/google/crypto/tink/internal:key_tester", + "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pkcs1_parameters", + "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pkcs1_public_key", + "//src/main/java/com/google/crypto/tink/subtle:base64", + "@maven//:com_google_truth_truth", + "@maven//:junit_junit", + ], +) diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1PublicKeyTest.java b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1PublicKeyTest.java new file mode 100644 index 000000000..4239f47ef --- /dev/null +++ b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1PublicKeyTest.java @@ -0,0 +1,345 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +package com.google.crypto.tink.jwt; + +import static com.google.common.truth.Truth.assertThat; +import static org.junit.Assert.assertThrows; + +import com.google.crypto.tink.internal.KeyTester; +import com.google.crypto.tink.subtle.Base64; +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.util.Optional; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +@RunWith(JUnit4.class) +public final class JwtRsaSsaPkcs1PublicKeyTest { + + // Test vector from https://datatracker.ietf.org/doc/html/rfc7515#appendix-A.2 + static final BigInteger MODULUS = + new BigInteger( + 1, + Base64.urlSafeDecode( + "ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx" + + "HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs" + + "D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH" + + "SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV" + + "MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8" + + "NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ")); + + @Test + public void build_kidStrategyIgnored_hasExpectedValues() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1PublicKey key = + JwtRsaSsaPkcs1PublicKey.builder().setParameters(parameters).setModulus(MODULUS).build(); + assertThat(key.getParameters()).isEqualTo(parameters); + assertThat(key.getModulus()).isEqualTo(MODULUS); + assertThat(key.getKid()).isEqualTo(Optional.empty()); + assertThat(key.getIdRequirementOrNull()).isNull(); + } + + @Test + public void build_kidStrategyIgnored_setCustomKid_fails() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1PublicKey.Builder builder = + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parameters) + .setModulus(MODULUS) + .setCustomKid("customKid23"); + assertThrows(GeneralSecurityException.class, builder::build); + } + + @Test + public void build_kidStrategyIgnored_setIdRequirement_fails() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1PublicKey.Builder builder = + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parameters) + .setIdRequirement(123) + .setModulus(MODULUS); + assertThrows(GeneralSecurityException.class, builder::build); + } + + @Test + public void build_kidStrategyCustom_hasExpectedValues() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.CUSTOM) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1PublicKey key = + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parameters) + .setModulus(MODULUS) + .setCustomKid("customKid777") + .build(); + assertThat(key.getParameters()).isEqualTo(parameters); + assertThat(key.getModulus()).isEqualTo(MODULUS); + assertThat(key.getKid().get()).isEqualTo("customKid777"); + assertThat(key.getIdRequirementOrNull()).isNull(); + } + + @Test + public void build_kidStrategyCustom_setIdRequirement_fails() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.CUSTOM) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1PublicKey.Builder builder = + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parameters) + .setIdRequirement(123) + .setCustomKid("customKid777") + .setModulus(MODULUS); + assertThrows(GeneralSecurityException.class, builder::build); + } + + @Test + public void buildKidStrategyCustom_missingCustomKid_fails() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.CUSTOM) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1PublicKey.Builder builder = + JwtRsaSsaPkcs1PublicKey.builder().setParameters(parameters).setModulus(MODULUS); + assertThrows(GeneralSecurityException.class, builder::build); + } + + @Test + public void build_kidStrategyBase64_getProperties_succeeds() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.BASE64_ENCODED_KEY_ID) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1PublicKey key = + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parameters) + .setModulus(MODULUS) + .setIdRequirement(0x1ac6a944) + .build(); + assertThat(key.getParameters()).isEqualTo(parameters); + assertThat(key.getIdRequirementOrNull()).isEqualTo(0x1ac6a944); + // See JwtFormatTest.getKidFromTinkOutputPrefixType_success + assertThat(key.getKid()).isEqualTo(Optional.of("GsapRA")); + } + + @Test + public void build_kidStrategyBase64_noIdRequirement_throws() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.BASE64_ENCODED_KEY_ID) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1PublicKey.Builder builder = + JwtRsaSsaPkcs1PublicKey.builder().setParameters(parameters).setModulus(MODULUS); + assertThrows(GeneralSecurityException.class, builder::build); + } + + @Test + public void build_kidStrategyBase64_setCustomKid_throws() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.BASE64_ENCODED_KEY_ID) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1PublicKey.Builder builder = + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parameters) + .setIdRequirement(0x89abcdef) + .setCustomKid("customKid") + .setModulus(MODULUS); + assertThrows(GeneralSecurityException.class, builder::build); + } + + @Test + public void emptyBuild_fails() throws Exception { + assertThrows(GeneralSecurityException.class, () -> JwtRsaSsaPkcs1PublicKey.builder().build()); + } + + @Test + public void buildWithoutParameters_fails() throws Exception { + assertThrows( + GeneralSecurityException.class, + () -> JwtRsaSsaPkcs1PublicKey.builder().setModulus(MODULUS).build()); + } + + @Test + public void build_withoutModulus_fails() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + assertThrows( + GeneralSecurityException.class, + () -> JwtRsaSsaPkcs1PublicKey.builder().setParameters(parameters).build()); + } + + @Test + public void build_invalidModulusSize_fails() throws Exception { + JwtRsaSsaPkcs1Parameters parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(3456) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + + // Modulus between 2^3455 and 2^3456 are valid. + BigInteger tooSmall = BigInteger.valueOf(2).pow(3455).subtract(BigInteger.ONE); + BigInteger tooBig = BigInteger.valueOf(2).pow(3456).add(BigInteger.ONE); + + assertThrows( + GeneralSecurityException.class, + () -> + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(parameters) + .setModulus(tooSmall) + .build()); + assertThrows( + GeneralSecurityException.class, + () -> + JwtRsaSsaPkcs1PublicKey.builder().setParameters(parameters).setModulus(tooBig).build()); + } + + @Test + public void testEqualities() throws Exception { + JwtRsaSsaPkcs1Parameters kidStrategyIgnoredParameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + JwtRsaSsaPkcs1Parameters kidStrategyIgnoredParametersCopy = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.IGNORED) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + + JwtRsaSsaPkcs1Parameters kidStrategyCustomParameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.CUSTOM) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + + JwtRsaSsaPkcs1Parameters kidStrategyBase64Parameters = + JwtRsaSsaPkcs1Parameters.builder() + .setModulusSizeBits(2048) + .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4) + .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.BASE64_ENCODED_KEY_ID) + .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256) + .build(); + + new KeyTester() + .addEqualityGroup( + "KID Ignored, R256", + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(kidStrategyIgnoredParameters) + .setModulus(MODULUS) + .build(), + // the same key built twice must be equal + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(kidStrategyIgnoredParameters) + .setModulus(MODULUS) + .build(), + // the same key built with a copy of parameters must be equal + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(kidStrategyIgnoredParametersCopy) + .setModulus(MODULUS) + .build()) + // This group checks that keys with different key bytes are not equal + .addEqualityGroup( + "KID Ignored, different modulus", + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(kidStrategyIgnoredParameters) + .setModulus(MODULUS.add(BigInteger.ONE)) + .build()) + // These groups checks that keys with different customKid are not equal + .addEqualityGroup( + "KID Custom, customKid1", + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(kidStrategyCustomParameters) + .setModulus(MODULUS) + .setCustomKid("customKid1") + .build()) + .addEqualityGroup( + "KID Custom, customKid2", + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(kidStrategyCustomParameters) + .setModulus(MODULUS) + .setCustomKid("customKid2") + .build()) + // These groups checks that keys with different ID Requirements are not equal + .addEqualityGroup( + "Tink with key id 1907", + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(kidStrategyBase64Parameters) + .setModulus(MODULUS) + .setIdRequirement(1907) + .build()) + .addEqualityGroup( + "Tink with key id 1908", + JwtRsaSsaPkcs1PublicKey.builder() + .setParameters(kidStrategyBase64Parameters) + .setModulus(MODULUS) + .setIdRequirement(1908) + .build()) + .doTests(); + } +} |