• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2023 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16 
17 package com.google.crypto.tink.jwt;
18 
19 import static org.junit.Assert.assertNotNull;
20 import static org.junit.Assert.assertThrows;
21 
22 import com.google.crypto.tink.KeyTemplates;
23 import com.google.crypto.tink.KeysetHandle;
24 import com.google.crypto.tink.Parameters;
25 import com.google.crypto.tink.config.TinkFips;
26 import com.google.crypto.tink.config.internal.TinkFipsUtil;
27 import com.google.crypto.tink.internal.MutableKeyCreationRegistry;
28 import java.security.GeneralSecurityException;
29 import org.junit.Test;
30 import org.junit.runner.RunWith;
31 import org.junit.runners.JUnit4;
32 
33 /** Tests for JwtMacConfigTest. */
34 @RunWith(JUnit4.class)
35 public class JwtMacConfigTest {
36 
37   @Test
failIfAndOnlyIfInInvalidFipsState()38   public void failIfAndOnlyIfInInvalidFipsState() throws Exception {
39     boolean invalidFipsState = TinkFips.useOnlyFips() && !TinkFipsUtil.fipsModuleAvailable();
40 
41     Parameters hs256Parameters =
42         JwtHmacParameters.builder()
43             .setKeySizeBytes(32)
44             .setAlgorithm(JwtHmacParameters.Algorithm.HS256)
45             .setKidStrategy(JwtHmacParameters.KidStrategy.IGNORED)
46             .build();
47 
48     if (invalidFipsState) {
49       assertThrows(GeneralSecurityException.class, JwtMacConfig::register);
50       assertThrows(
51           GeneralSecurityException.class,
52           () -> KeysetHandle.generateNew(KeyTemplates.get("JWT_HS256")));
53       assertThrows(
54           GeneralSecurityException.class,
55           () -> MutableKeyCreationRegistry.globalInstance().createKey(hs256Parameters, null));
56     } else {
57       JwtMacConfig.register();
58       assertNotNull(KeysetHandle.generateNew(KeyTemplates.get("JWT_HS256")));
59       assertNotNull(MutableKeyCreationRegistry.globalInstance().createKey(hs256Parameters, null));
60     }
61   }
62 }
63