From 8339f6fb72b7caa0a942ce51d4e60b41339905d4 Mon Sep 17 00:00:00 2001
From: ioannanedelcu <ioannanedelcu@google.com>
Date: Fri, 11 Aug 2023 01:49:22 -0700
Subject: Register JwtRsaSsaPss proto serialization.

PiperOrigin-RevId: 555850886
---
 .../java/com/google/crypto/tink/jwt/BUILD.bazel    |  2 ++
 .../tink/jwt/JwtRsaSsaPssSignKeyManager.java       |  1 +
 .../java/com/google/crypto/tink/jwt/BUILD.bazel    |  3 +++
 .../crypto/tink/jwt/JwkSetConverterTest.java       |  3 +--
 .../tink/jwt/JwtRsaSsaPssSignKeyManagerTest.java   | 28 +++++++++++++++++++---
 5 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel b/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel
index fb92180c5..51a459c02 100644
--- a/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel
+++ b/java_src/src/main/java/com/google/crypto/tink/jwt/BUILD.bazel
@@ -193,6 +193,7 @@ java_library(
         ":jwt_format",
         ":jwt_invalid_exception",
         ":jwt_public_key_sign_internal",
+        ":jwt_rsa_ssa_pss_proto_serialization",
         ":jwt_rsa_ssa_pss_verify_key_manager",
         ":raw_jwt",
         "//proto:jwt_rsa_ssa_pss_java_proto",
@@ -741,6 +742,7 @@ android_library(
         ":jwt_format-android",
         ":jwt_invalid_exception-android",
         ":jwt_public_key_sign_internal-android",
+        ":jwt_rsa_ssa_pss_proto_serialization-android",
         ":jwt_rsa_ssa_pss_verify_key_manager-android",
         ":raw_jwt-android",
         "//proto:jwt_rsa_ssa_pss_java_proto_lite",
diff --git a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManager.java b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManager.java
index bfd39ce5a..06fb829a5 100644
--- a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManager.java
+++ b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManager.java
@@ -303,6 +303,7 @@ public final class JwtRsaSsaPssSignKeyManager
   public static void registerPair(boolean newKeyAllowed) throws GeneralSecurityException {
     Registry.registerAsymmetricKeyManagers(
         new JwtRsaSsaPssSignKeyManager(), new JwtRsaSsaPssVerifyKeyManager(), newKeyAllowed);
+    JwtRsaSsaPssProtoSerialization.register();
   }
 
   private static KeyFactory.KeyFormat<JwtRsaSsaPssKeyFormat> createKeyFormat(
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel
index dd156bd25..2fff4191b 100644
--- a/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel
+++ b/java_src/src/test/java/com/google/crypto/tink/jwt/BUILD.bazel
@@ -109,6 +109,7 @@ java_test(
         "//proto:jwt_rsa_ssa_pss_java_proto",
         "//proto:tink_java_proto",
         "//src/main/java/com/google/crypto/tink:cleartext_keyset_handle",
+        "//src/main/java/com/google/crypto/tink:key",
         "//src/main/java/com/google/crypto/tink:key_template",
         "//src/main/java/com/google/crypto/tink:key_templates",
         "//src/main/java/com/google/crypto/tink:registry_cluster",
@@ -120,6 +121,8 @@ java_test(
         "//src/main/java/com/google/crypto/tink/jwt:jwt_public_key_sign",
         "//src/main/java/com/google/crypto/tink/jwt:jwt_public_key_sign_internal",
         "//src/main/java/com/google/crypto/tink/jwt:jwt_public_key_verify",
+        "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pss_parameters",
+        "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pss_private_key",
         "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pss_sign_key_manager",
         "//src/main/java/com/google/crypto/tink/jwt:jwt_rsa_ssa_pss_verify_key_manager",
         "//src/main/java/com/google/crypto/tink/jwt:jwt_signature_config",
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java b/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java
index 6c55a5417..48d3350a5 100644
--- a/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java
+++ b/java_src/src/test/java/com/google/crypto/tink/jwt/JwkSetConverterTest.java
@@ -944,9 +944,8 @@ public final class JwkSetConverterTest {
         GeneralSecurityException.class, () -> JwkSetConverter.toPublicKeysetHandle(jwksString));
 
     String psJwksString = jwksString.replace("RS256", "PS256");
-    KeysetHandle psHandle = JwkSetConverter.toPublicKeysetHandle(psJwksString);
     assertThrows(
-        GeneralSecurityException.class, () -> psHandle.getPrimitive(JwtPublicKeyVerify.class));
+        GeneralSecurityException.class, () -> JwkSetConverter.toPublicKeysetHandle(psJwksString));
   }
 
   @Test
diff --git a/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManagerTest.java b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManagerTest.java
index 58c617307..30ebb5166 100644
--- a/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManagerTest.java
+++ b/java_src/src/test/java/com/google/crypto/tink/jwt/JwtRsaSsaPssSignKeyManagerTest.java
@@ -312,6 +312,29 @@ public class JwtRsaSsaPssSignKeyManagerTest {
         KeyTemplates.get("JWT_PS256_3072_F4_RAW"), JwtRsaSsaPssAlgorithm.PS256, 3072, 65537);
   }
 
+  @Test
+  public void createKeysetHandle_works() throws Exception {
+    if (TestUtil.isTsan()) {
+      // factory.createKey is too slow in Tsan.
+      return;
+    }
+    KeysetHandle handle = KeysetHandle.generateNew(KeyTemplates.get("JWT_PS256_2048_F4"));
+
+    com.google.crypto.tink.Key key = handle.getAt(0).getKey();
+    assertThat(key).isInstanceOf(com.google.crypto.tink.jwt.JwtRsaSsaPssPrivateKey.class);
+    com.google.crypto.tink.jwt.JwtRsaSsaPssPrivateKey jwtPrivateKey =
+        (com.google.crypto.tink.jwt.JwtRsaSsaPssPrivateKey) key;
+
+    assertThat(jwtPrivateKey.getParameters())
+        .isEqualTo(
+            JwtRsaSsaPssParameters.builder()
+                .setModulusSizeBits(2048)
+                .setPublicExponent(JwtRsaSsaPssParameters.F4)
+                .setAlgorithm(JwtRsaSsaPssParameters.Algorithm.PS256)
+                .setKidStrategy(JwtRsaSsaPssParameters.KidStrategy.BASE64_ENCODED_KEY_ID)
+                .build());
+  }
+
   @Test
   public void testTinkTemplatesAreTink() throws Exception {
     assertThat(getOutputPrefixType(KeyTemplates.get("JWT_PS256_2048_F4")))
@@ -708,8 +731,7 @@ public class JwtRsaSsaPssSignKeyManagerTest {
     KeysetHandle handleWithKid =
         CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
 
-    JwtPublicKeySign signerWithKid = handleWithKid.getPrimitive(JwtPublicKeySign.class);
-    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
-    assertThrows(JwtInvalidException.class, () -> signerWithKid.signAndEncode(rawToken));
+    assertThrows(
+        GeneralSecurityException.class, () -> handleWithKid.getPrimitive(JwtPublicKeySign.class));
   }
 }
-- 
cgit v1.2.3