From 79672f26904e537e36bb43c2942d6914cb334acf Mon Sep 17 00:00:00 2001
From: ioannanedelcu <ioannanedelcu@google.com>
Date: Wed, 26 Jul 2023 00:38:39 -0700
Subject: Register JwtRsaSsaPkcs1 proto serialization.

PiperOrigin-RevId: 551117542
---
 .../java/com/google/crypto/tink/jwt/BUILD.bazel    |  2 ++
 .../tink/jwt/JwtRsaSsaPkcs1SignKeyManager.java     |  1 +
 .../java/com/google/crypto/tink/jwt/BUILD.bazel    |  3 +++
 .../crypto/tink/jwt/JwkSetConverterTest.java       |  3 +--
 .../tink/jwt/JwtRsaSsaPkcs1SignKeyManagerTest.java | 30 +++++++++++++++++++---
 5 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel b/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel
index c8b3ee51d..dd333dd60 100644
--- a/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel
+++ b/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel
@@ -339,6 +339,7 @@ java_library(
         ":jwt_format",
         ":jwt_invalid_exception",
         ":jwt_public_key_sign_internal",
+        ":jwt_rsa_ssa_pkcs1_proto_serialization",
         ":jwt_rsa_ssa_pkcs1_verify_key_manager",
         ":raw_jwt",
         "//proto:jwt_rsa_ssa_pkcs1_java_proto",
@@ -691,6 +692,7 @@ android_library(
         ":jwt_format-android",
         ":jwt_invalid_exception-android",
         ":jwt_public_key_sign_internal-android",
+        ":jwt_rsa_ssa_pkcs1_proto_serialization-android",
         ":jwt_rsa_ssa_pkcs1_verify_key_manager-android",
         ":raw_jwt-android",
         "//proto:jwt_rsa_ssa_pkcs1_java_proto_lite",
diff --git a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1SignKeyManager.java b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1SignKeyManager.java
index e97550ec9..564cc823e 100644
--- a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1SignKeyManager.java
+++ b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1SignKeyManager.java
@@ -305,6 +305,7 @@ public final class JwtRsaSsaPkcs1SignKeyManager
   public static void registerPair(boolean newKeyAllowed) throws GeneralSecurityException {
     Registry.registerAsymmetricKeyManagers(
         new JwtRsaSsaPkcs1SignKeyManager(), new JwtRsaSsaPkcs1VerifyKeyManager(), newKeyAllowed);
+    JwtRsaSsaPkcs1ProtoSerialization.register();
   }
 
 
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel
index 58d80f6a0..2981f1583 100644
--- a/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel
+++ b/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel
@@ -182,6 +182,7 @@ java_test(
         "//proto:jwt_rsa_ssa_pkcs1_java_proto",
         "//proto:tink_java_proto",
         "//src/main/java/com/google/crypto/tink:cleartext_keyset_handle",
+        "//src/main/java/com/google/crypto/tink:key",
         "//src/main/java/com/google/crypto/tink:key_template",
         "//src/main/java/com/google/crypto/tink:key_templates",
         "//src/main/java/com/google/crypto/tink:registry_cluster",
@@ -193,6 +194,8 @@ java_test(
         "//src/main/java/com/google/crypto/tink/jwt:jwt_public_key_sign",
         "//src/main/java/com/google/crypto/tink/jwt:jwt_public_key_sign_internal",
         "//src/main/java/com/google/crypto/tink/jwt:jwt_public_key_verify",
+        "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pkcs1_parameters",
+        "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pkcs1_private_key",
         "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pkcs1_sign_key_manager",
         "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pkcs1_verify_key_manager",
         "//src/main/java/com/google/crypto/tink/jwt:jwt_signature_config",
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java b/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java
index 7e310a1c5..6c55a5417 100644
--- a/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java
+++ b/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java
@@ -940,9 +940,8 @@ public final class JwkSetConverterTest {
         "{\"keys\":[{\"kty\":\"RSA\","
             + "\"n\":\"AAAwOQ\","
             + "\"e\":\"AQAB\",\"use\":\"sig\",\"alg\":\"RS256\",\"key_ops\":[\"verify\"]}]}";
-    KeysetHandle handle = JwkSetConverter.toPublicKeysetHandle(jwksString);
     assertThrows(
-        GeneralSecurityException.class, () -> handle.getPrimitive(JwtPublicKeyVerify.class));
+        GeneralSecurityException.class, () -> JwkSetConverter.toPublicKeysetHandle(jwksString));
 
     String psJwksString = jwksString.replace("RS256", "PS256");
     KeysetHandle psHandle = JwkSetConverter.toPublicKeysetHandle(psJwksString);
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1SignKeyManagerTest.java b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1SignKeyManagerTest.java
index 8cf8fc308..c70c127e6 100644
--- a/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1SignKeyManagerTest.java
+++ b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPkcs1SignKeyManagerTest.java
@@ -322,6 +322,29 @@ public class JwtRsaSsaPkcs1SignKeyManagerTest {
         KeyTemplates.get("JWT_RS256_3072_F4_RAW"), JwtRsaSsaPkcs1Algorithm.RS256, 3072, 65537);
   }
 
+  @Test
+  public void createKeysetHandle_works() throws Exception {
+    if (TestUtil.isTsan()) {
+      // factory.createKey is too slow in Tsan.
+      return;
+    }
+    KeysetHandle handle = KeysetHandle.generateNew(KeyTemplates.get("JWT_RS256_2048_F4"));
+    
+    com.google.crypto.tink.Key key = handle.getAt(0).getKey();
+    assertThat(key).isInstanceOf(com.google.crypto.tink.jwt.JwtRsaSsaPkcs1PrivateKey.class);
+    com.google.crypto.tink.jwt.JwtRsaSsaPkcs1PrivateKey jwtPrivateKey =
+        (com.google.crypto.tink.jwt.JwtRsaSsaPkcs1PrivateKey) key;
+
+    assertThat(jwtPrivateKey.getParameters())
+        .isEqualTo(
+            JwtRsaSsaPkcs1Parameters.builder()
+                .setModulusSizeBits(2048)
+                .setPublicExponent(JwtRsaSsaPkcs1Parameters.F4)
+                .setAlgorithm(JwtRsaSsaPkcs1Parameters.Algorithm.RS256)
+                .setKidStrategy(JwtRsaSsaPkcs1Parameters.KidStrategy.BASE64_ENCODED_KEY_ID)
+                .build());
+  }
+
   @Test
   public void testTinkTemplatesAreTink() throws Exception {
     assertThat(getOutputPrefixType(KeyTemplates.get("JWT_RS256_2048_F4")))
@@ -718,7 +741,7 @@ public class JwtRsaSsaPkcs1SignKeyManagerTest {
   }
 
   @Test
-  public void signWithTinkKeyAndCustomKid_fails() throws Exception {
+  public void getPrimitiveWithTinkKeyAndCustomKid_fails() throws Exception {
     if (TestUtil.isTsan()) {
       // creating keys is too slow in Tsan.
       // We do not use assume because Theories expects to find something which is not skipped.
@@ -729,8 +752,7 @@ public class JwtRsaSsaPkcs1SignKeyManagerTest {
     KeysetHandle handleWithKid =
         withCustomKid(handleWithoutKid, "Lorem ipsum dolor sit amet, consectetur adipiscing elit");
 
-    JwtPublicKeySign signerWithKid = handleWithKid.getPrimitive(JwtPublicKeySign.class);
-    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
-    assertThrows(JwtInvalidException.class, () -> signerWithKid.signAndEncode(rawToken));
+    assertThrows(
+        GeneralSecurityException.class, () -> handleWithKid.getPrimitive(JwtPublicKeySign.class));
   }
 }
-- 
cgit v1.2.3