Make the sign key managers public, but restrict visibility of the constructor. Then, add a static function which registers it together with the public key manager.
Also, do the same for the PublicKey{Sign,Verify}wrappers.
PiperOrigin-RevId: 271328404
diff --git a/java/src/main/java/com/google/crypto/tink/signature/EcdsaSignKeyManager.java b/java/src/main/java/com/google/crypto/tink/signature/EcdsaSignKeyManager.java
index f1bb5d2..751f993 100644
--- a/java/src/main/java/com/google/crypto/tink/signature/EcdsaSignKeyManager.java
+++ b/java/src/main/java/com/google/crypto/tink/signature/EcdsaSignKeyManager.java
@@ -18,6 +18,7 @@
import com.google.crypto.tink.PrivateKeyTypeManager;
import com.google.crypto.tink.PublicKeySign;
+import com.google.crypto.tink.Registry;
import com.google.crypto.tink.proto.EcdsaKeyFormat;
import com.google.crypto.tink.proto.EcdsaParams;
import com.google.crypto.tink.proto.EcdsaPrivateKey;
@@ -38,8 +39,8 @@
* This key manager generates new {@code EcdsaPrivateKey} keys and produces new instances of {@code
* EcdsaSignJce}.
*/
-class EcdsaSignKeyManager extends PrivateKeyTypeManager<EcdsaPrivateKey, EcdsaPublicKey> {
- public EcdsaSignKeyManager() {
+public class EcdsaSignKeyManager extends PrivateKeyTypeManager<EcdsaPrivateKey, EcdsaPublicKey> {
+ EcdsaSignKeyManager() {
super(
EcdsaPrivateKey.class,
EcdsaPublicKey.class,
@@ -131,4 +132,13 @@
}
};
}
+
+ /**
+ * Registers the {@link EcdsaSignKeyManager} and the {@link EcdsaVerifyKeyManager} with the
+ * registry, so that the the Ecdsa-Keys can be used with Tink.
+ */
+ public static void registerPair(boolean newKeyAllowed) throws GeneralSecurityException {
+ Registry.registerAsymmetricKeyManagers(
+ new EcdsaSignKeyManager(), new EcdsaVerifyKeyManager(), newKeyAllowed);
+ }
}
diff --git a/java/src/main/java/com/google/crypto/tink/signature/Ed25519PrivateKeyManager.java b/java/src/main/java/com/google/crypto/tink/signature/Ed25519PrivateKeyManager.java
index 35f0fe5..6acf802 100644
--- a/java/src/main/java/com/google/crypto/tink/signature/Ed25519PrivateKeyManager.java
+++ b/java/src/main/java/com/google/crypto/tink/signature/Ed25519PrivateKeyManager.java
@@ -18,6 +18,7 @@
import com.google.crypto.tink.PrivateKeyTypeManager;
import com.google.crypto.tink.PublicKeySign;
+import com.google.crypto.tink.Registry;
import com.google.crypto.tink.proto.Ed25519KeyFormat;
import com.google.crypto.tink.proto.Ed25519PrivateKey;
import com.google.crypto.tink.proto.Ed25519PublicKey;
@@ -108,4 +109,13 @@
}
};
}
+
+ /**
+ * Registers the {@link Ed25519PrivateKeyManager} and the {@link Ed25519PublicKeyManager} with the
+ * registry, so that the the Ed25519-Keys can be used with Tink.
+ */
+ public static void registerPair(boolean newKeyAllowed) throws GeneralSecurityException {
+ Registry.registerAsymmetricKeyManagers(
+ new Ed25519PrivateKeyManager(), new Ed25519PublicKeyManager(), newKeyAllowed);
+ }
}
diff --git a/java/src/main/java/com/google/crypto/tink/signature/PublicKeySignWrapper.java b/java/src/main/java/com/google/crypto/tink/signature/PublicKeySignWrapper.java
index a58a3ac..d65c9a5 100644
--- a/java/src/main/java/com/google/crypto/tink/signature/PublicKeySignWrapper.java
+++ b/java/src/main/java/com/google/crypto/tink/signature/PublicKeySignWrapper.java
@@ -20,6 +20,7 @@
import com.google.crypto.tink.PrimitiveSet;
import com.google.crypto.tink.PrimitiveWrapper;
import com.google.crypto.tink.PublicKeySign;
+import com.google.crypto.tink.Registry;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.crypto.tink.subtle.Bytes;
import java.security.GeneralSecurityException;
@@ -31,7 +32,7 @@
* uses the primary key in the keyset, and prepends to the signature a certain prefix associated
* with the primary key.
*/
-class PublicKeySignWrapper implements PrimitiveWrapper<PublicKeySign> {
+public class PublicKeySignWrapper implements PrimitiveWrapper<PublicKeySign> {
private static class WrappedPublicKeySign implements PublicKeySign {
private final PrimitiveSet<PublicKeySign> primitives;
@@ -53,6 +54,8 @@
}
}
+ PublicKeySignWrapper() {}
+
@Override
public PublicKeySign wrap(final PrimitiveSet<PublicKeySign> primitives) {
return new WrappedPublicKeySign(primitives);
@@ -62,4 +65,14 @@
public Class<PublicKeySign> getPrimitiveClass() {
return PublicKeySign.class;
}
+
+ /**
+ * Register the wrapper within the registry.
+ *
+ * <p>This is required for calls to {@link Keyset.getPrimitive} with a {@link PublicKeySign}
+ * argument.
+ */
+ public static void register() throws GeneralSecurityException {
+ Registry.registerPrimitiveWrapper(new PublicKeySignWrapper());
+ }
}
diff --git a/java/src/main/java/com/google/crypto/tink/signature/PublicKeyVerifyWrapper.java b/java/src/main/java/com/google/crypto/tink/signature/PublicKeyVerifyWrapper.java
index b432fe4..9f2dd36 100644
--- a/java/src/main/java/com/google/crypto/tink/signature/PublicKeyVerifyWrapper.java
+++ b/java/src/main/java/com/google/crypto/tink/signature/PublicKeyVerifyWrapper.java
@@ -20,6 +20,7 @@
import com.google.crypto.tink.PrimitiveSet;
import com.google.crypto.tink.PrimitiveWrapper;
import com.google.crypto.tink.PublicKeyVerify;
+import com.google.crypto.tink.Registry;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.crypto.tink.subtle.Bytes;
import java.security.GeneralSecurityException;
@@ -100,4 +101,14 @@
public Class<PublicKeyVerify> getPrimitiveClass() {
return PublicKeyVerify.class;
}
+
+ /**
+ * Register the wrapper within the registry.
+ *
+ * <p>This is required for calls to {@link Keyset.getPrimitive} with a {@link PublicKeyVerify}
+ * argument.
+ */
+ public static void register() throws GeneralSecurityException {
+ Registry.registerPrimitiveWrapper(new PublicKeyVerifyWrapper());
+ }
}
diff --git a/java/src/main/java/com/google/crypto/tink/signature/RsaSsaPkcs1SignKeyManager.java b/java/src/main/java/com/google/crypto/tink/signature/RsaSsaPkcs1SignKeyManager.java
index ea724f1..4c84020 100644
--- a/java/src/main/java/com/google/crypto/tink/signature/RsaSsaPkcs1SignKeyManager.java
+++ b/java/src/main/java/com/google/crypto/tink/signature/RsaSsaPkcs1SignKeyManager.java
@@ -18,6 +18,7 @@
import com.google.crypto.tink.PrivateKeyTypeManager;
import com.google.crypto.tink.PublicKeySign;
+import com.google.crypto.tink.Registry;
import com.google.crypto.tink.proto.KeyData.KeyMaterialType;
import com.google.crypto.tink.proto.RsaSsaPkcs1KeyFormat;
import com.google.crypto.tink.proto.RsaSsaPkcs1Params;
@@ -187,4 +188,13 @@
}
};
}
+
+ /**
+ * Registers the {@link RsaSsaPkcs1SignKeyManager} and the {@link RsaSsaPkcs1VerifyKeyManager}
+ * with the registry, so that the the RsaSsaPkcs1-Keys can be used with Tink.
+ */
+ public static void registerPair(boolean newKeyAllowed) throws GeneralSecurityException {
+ Registry.registerAsymmetricKeyManagers(
+ new RsaSsaPkcs1SignKeyManager(), new RsaSsaPkcs1VerifyKeyManager(), newKeyAllowed);
+ }
}
diff --git a/java/src/main/java/com/google/crypto/tink/signature/RsaSsaPssSignKeyManager.java b/java/src/main/java/com/google/crypto/tink/signature/RsaSsaPssSignKeyManager.java
index e4f4c05..971ac05 100644
--- a/java/src/main/java/com/google/crypto/tink/signature/RsaSsaPssSignKeyManager.java
+++ b/java/src/main/java/com/google/crypto/tink/signature/RsaSsaPssSignKeyManager.java
@@ -18,6 +18,7 @@
import com.google.crypto.tink.PrivateKeyTypeManager;
import com.google.crypto.tink.PublicKeySign;
+import com.google.crypto.tink.Registry;
import com.google.crypto.tink.proto.KeyData.KeyMaterialType;
import com.google.crypto.tink.proto.RsaSsaPssKeyFormat;
import com.google.crypto.tink.proto.RsaSsaPssParams;
@@ -192,4 +193,13 @@
}
};
}
+
+ /**
+ * Registers the {@link RsaSsaPssSignKeyManager} and the {@link RsaSsaPssVerifyKeyManager}
+ * with the registry, so that the the RsaSsaPss-Keys can be used with Tink.
+ */
+ public static void registerPair(boolean newKeyAllowed) throws GeneralSecurityException {
+ Registry.registerAsymmetricKeyManagers(
+ new RsaSsaPssSignKeyManager(), new RsaSsaPssVerifyKeyManager(), newKeyAllowed);
+ }
}
diff --git a/java/src/main/java/com/google/crypto/tink/signature/SignatureConfig.java b/java/src/main/java/com/google/crypto/tink/signature/SignatureConfig.java
index 7b3e027..206e15a 100644
--- a/java/src/main/java/com/google/crypto/tink/signature/SignatureConfig.java
+++ b/java/src/main/java/com/google/crypto/tink/signature/SignatureConfig.java
@@ -86,19 +86,12 @@
* @since 1.2.0
*/
public static void register() throws GeneralSecurityException {
- Registry.registerAsymmetricKeyManagers(
- new EcdsaSignKeyManager(), new EcdsaVerifyKeyManager(), true);
+ EcdsaSignKeyManager.registerPair(/*newKeyAllowed=*/ true);
+ Ed25519PrivateKeyManager.registerPair(/*newKeyAllowed=*/ true);
+ RsaSsaPkcs1SignKeyManager.registerPair(/*newKeyAllowed=*/ true);
+ RsaSsaPssSignKeyManager.registerPair(/*newKeyAllowed=*/ true);
- Registry.registerAsymmetricKeyManagers(
- new Ed25519PrivateKeyManager(), new Ed25519PublicKeyManager(), true);
-
- Registry.registerAsymmetricKeyManagers(
- new RsaSsaPkcs1SignKeyManager(), new RsaSsaPkcs1VerifyKeyManager(), true);
-
- Registry.registerAsymmetricKeyManagers(
- new RsaSsaPssSignKeyManager(), new RsaSsaPssVerifyKeyManager(), true);
-
- Registry.registerPrimitiveWrapper(new PublicKeySignWrapper());
- Registry.registerPrimitiveWrapper(new PublicKeyVerifyWrapper());
+ PublicKeySignWrapper.register();
+ PublicKeyVerifyWrapper.register();
}
}
