• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2023 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16 
17 package com.google.crypto.tink.jwt;
18 
19 import static org.junit.Assert.assertNotNull;
20 import static org.junit.Assert.assertThrows;
21 
22 import com.google.crypto.tink.KeyTemplates;
23 import com.google.crypto.tink.KeysetHandle;
24 import com.google.crypto.tink.config.TinkFips;
25 import com.google.crypto.tink.config.internal.TinkFipsUtil;
26 import com.google.crypto.tink.testing.TestUtil;
27 import java.security.GeneralSecurityException;
28 import java.security.Security;
29 import org.conscrypt.Conscrypt;
30 import org.junit.Assume;
31 import org.junit.BeforeClass;
32 import org.junit.Test;
33 import org.junit.runner.RunWith;
34 import org.junit.runners.JUnit4;
35 
36 /** Tests for JwtSignatureConfigTest. */
37 @RunWith(JUnit4.class)
38 public class JwtSignatureConfigTest {
39 
40   @BeforeClass
setup()41   public static void setup() {
42     try {
43       Conscrypt.checkAvailability();
44       Security.addProvider(Conscrypt.newProvider());
45     } catch (Throwable cause) {
46       // This test may be run without onlyFips turned on, in which case it is fine that installing
47       // conscrypt fails.
48     }
49   }
50 
51   @Test
failIfAndOnlyIfInInvalidFipsState()52   public void failIfAndOnlyIfInInvalidFipsState() throws Exception {
53     Assume.assumeFalse(TestUtil.isTsan()); // KeysetHandle.generateNew is too slow in Tsan.
54     boolean invalidFipsState = TinkFips.useOnlyFips() && !TinkFipsUtil.fipsModuleAvailable();
55 
56     if (invalidFipsState) {
57       assertThrows(GeneralSecurityException.class, JwtSignatureConfig::register);
58       assertThrows(
59           GeneralSecurityException.class,
60           () -> KeysetHandle.generateNew(KeyTemplates.get("JWT_ES256")));
61       assertThrows(
62           GeneralSecurityException.class,
63           () -> KeysetHandle.generateNew(KeyTemplates.get("JWT_RS256_2048_F4")));
64       assertThrows(
65           GeneralSecurityException.class,
66           () -> KeysetHandle.generateNew(KeyTemplates.get("JWT_PS256_2048_F4")));
67 
68     } else {
69       JwtSignatureConfig.register();
70       assertNotNull(KeysetHandle.generateNew(KeyTemplates.get("JWT_ES256")));
71       assertNotNull(KeysetHandle.generateNew(KeyTemplates.get("JWT_RS256_2048_F4")));
72       assertNotNull(KeysetHandle.generateNew(KeyTemplates.get("JWT_PS256_2048_F4")));
73     }
74   }
75 }
76