From 485e142511da3338e68704593314cbc2b5eddce3 Mon Sep 17 00:00:00 2001
From: tholenst <tholenst@google.com>
Date: Wed, 7 Jun 2023 05:59:12 -0700
Subject: Register the JwtEcdsaSerialization.

The tests for JwkSetConverter need to be changed, as the failure now occurs earlier. They both only check that it fails if the point is not on the curve -- I don't think there is a reason to do this for two different point.

PiperOrigin-RevId: 538463122
---
 .../java/com/google/crypto/tink/jwt/BUILD.bazel    |  2 ++
 .../crypto/tink/jwt/JwtEcdsaSignKeyManager.java    |  1 +
 .../crypto/tink/jwt/JwkSetConverterTest.java       | 23 ++--------------------
 .../tink/jwt/JwtEcdsaSignKeyManagerTest.java       | 13 ------------
 4 files changed, 5 insertions(+), 34 deletions(-)

diff --git a/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel b/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel
index c1551b119..98c8cd132 100644
--- a/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel
+++ b/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel
@@ -261,6 +261,7 @@ java_library(
     name = "jwt_ecdsa_sign_key_manager",
     srcs = ["JwtEcdsaSignKeyManager.java"],
     deps = [
+        ":jwt_ecdsa_proto_serialization",
         ":jwt_ecdsa_verify_key_manager",
         ":jwt_format",
         ":jwt_invalid_exception",
@@ -286,6 +287,7 @@ android_library(
     name = "jwt_ecdsa_sign_key_manager-android",
     srcs = ["JwtEcdsaSignKeyManager.java"],
     deps = [
+        ":jwt_ecdsa_proto_serialization-android",
         ":jwt_ecdsa_verify_key_manager-android",
         ":jwt_format-android",
         ":jwt_invalid_exception-android",
diff --git a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManager.java b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManager.java
index 1c21dcf84..9735a70c2 100644
--- a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManager.java
+++ b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManager.java
@@ -231,6 +231,7 @@ public final class JwtEcdsaSignKeyManager
   public static void registerPair(boolean newKeyAllowed) throws GeneralSecurityException {
     Registry.registerAsymmetricKeyManagers(
         new JwtEcdsaSignKeyManager(), new JwtEcdsaVerifyKeyManager(), newKeyAllowed);
+    JwtEcdsaProtoSerialization.register();
   }
 
   private static KeyFactory.KeyFormat<JwtEcdsaKeyFormat> createKeyFormat(
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java b/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java
index 50fd95dc7..7e310a1c5 100644
--- a/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java
+++ b/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java
@@ -718,25 +718,7 @@ public final class JwkSetConverterTest {
   }
 
   @Test
-  public void ecdsaWithSmallX_getPrimitiveFails() throws Exception {
-    String jwksString =
-        "{"
-            + "\"keys\":[{"
-            + "\"kty\":\"EC\","
-            + "\"crv\":\"P-256\","
-            + "\"x\":\"AAAwOQ\","
-            + "\"y\":\"b22m_Y4sT-jUJSxBVqjrW_DxWyBLopxYHTuFVfx70ZI\","
-            + "\"use\":\"sig\","
-            + "\"alg\":\"ES256\","
-            + "\"key_ops\":[\"verify\"]"
-            + "}]}";
-    KeysetHandle handle = JwkSetConverter.toPublicKeysetHandle(jwksString);
-    assertThrows(
-        GeneralSecurityException.class, () -> handle.getPrimitive(JwtPublicKeyVerify.class));
-  }
-
-  @Test
-  public void ecdsaWithSmallY_getPrimitiveFails() throws Exception {
+  public void ecdsa_pointNotOnCurve_getPrimitiveFails() throws Exception {
     String jwksString =
         "{"
             + "\"keys\":[{"
@@ -748,9 +730,8 @@ public final class JwkSetConverterTest {
             + "\"alg\":\"ES256\","
             + "\"key_ops\":[\"verify\"]"
             + "}]}";
-    KeysetHandle handle = JwkSetConverter.toPublicKeysetHandle(jwksString);
     assertThrows(
-        GeneralSecurityException.class, () -> handle.getPrimitive(JwtPublicKeyVerify.class));
+        GeneralSecurityException.class, () -> JwkSetConverter.toPublicKeysetHandle(jwksString));
   }
 
   @Test
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManagerTest.java b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManagerTest.java
index ebdde8ace..6f045015c 100644
--- a/java_src/src/test/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManagerTest.java
+++ b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtEcdsaSignKeyManagerTest.java
@@ -591,17 +591,4 @@ public class JwtEcdsaSignKeyManagerTest {
         JwtInvalidException.class,
         () -> verifierWithWrongKid.verifyAndDecode(signedCompactWithKid, validator));
   }
-
-  @Test
-  public void signWithTinkKeyAndCustomKid_fails() throws Exception {
-    assumeFalse(TestUtil.isTsan()); // KeysetHandle.generateNew is too slow in Tsan.
-    KeyTemplate template = KeyTemplates.get("JWT_ES256");
-    KeysetHandle handleWithoutKid = KeysetHandle.generateNew(template);
-    KeysetHandle handleWithKid =
-        withCustomKid(handleWithoutKid, "Lorem ipsum dolor sit amet, consectetur adipiscing elit");
-
-    JwtPublicKeySign signerWithKid = handleWithKid.getPrimitive(JwtPublicKeySign.class);
-    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
-    assertThrows(JwtInvalidException.class, () -> signerWithKid.signAndEncode(rawToken));
-  }
 }
-- 
cgit v1.2.3