Make the key managers public, but restrict visibility of the constructors....

Make the key managers public, but restrict visibility of the constructors. Then, add a static function which registers them.

PiperOrigin-RevId: 269516892

java/src/main/java/com/google/crypto/tink/aead/AeadConfig.java

@@ -99,12 +99,12 @@ public final class AeadConfig {
     MacConfig.register();
     Registry.registerKeyManager(new AesCtrHmacAeadKeyManager(), /*newKeyAllowed=*/ true);
     Registry.registerKeyManager(new AesEaxKeyManager(), /*newKeyAllowed=*/ true);
-    Registry.registerKeyManager(new AesGcmKeyManager(), /*newKeyAllowed=*/ true);
+    AesGcmKeyManager.register(/*newKeyAllowed=*/ true);
     Registry.registerKeyManager(new ChaCha20Poly1305KeyManager(), /*newKeyAllowed=*/ true);
     Registry.registerKeyManager(new KmsAeadKeyManager(), /*newKeyAllowed=*/ true);
     Registry.registerKeyManager(new KmsEnvelopeAeadKeyManager(), /*newKeyAllowed=*/ true);
     Registry.registerKeyManager(new XChaCha20Poly1305KeyManager(), /*newKeyAllowed=*/ true);
-    Registry.registerPrimitiveWrapper(new AeadWrapper());
+    AeadWrapper.register();
   }
 
   /**

java/src/main/java/com/google/crypto/tink/aead/AeadWrapper.java

@@ -20,6 +20,7 @@ import com.google.crypto.tink.Aead;
 import com.google.crypto.tink.CryptoFormat;
 import com.google.crypto.tink.PrimitiveSet;
 import com.google.crypto.tink.PrimitiveWrapper;
+import com.google.crypto.tink.Registry;
 import com.google.crypto.tink.subtle.Bytes;
 import java.security.GeneralSecurityException;
 import java.util.Arrays;
@@ -34,7 +35,7 @@ import java.util.logging.Logger;
  * succeed, we try the raw primitives. If any succeeds, we return the ciphertext, otherwise we
  * simply throw a GeneralSecurityException.
  */
-class AeadWrapper implements PrimitiveWrapper<Aead> {
+public class AeadWrapper implements PrimitiveWrapper<Aead> {
   private static final Logger logger = Logger.getLogger(AeadWrapper.class.getName());
 
   private static class WrappedAead implements Aead {
@@ -83,6 +84,8 @@ class AeadWrapper implements PrimitiveWrapper<Aead> {
     }
   }
 
+  AeadWrapper() {}
+
   @Override
   public Aead wrap(final PrimitiveSet<Aead> pset) throws GeneralSecurityException {
     return new WrappedAead(pset);
@@ -92,4 +95,8 @@ class AeadWrapper implements PrimitiveWrapper<Aead> {
   public Class<Aead> getPrimitiveClass() {
     return Aead.class;
   }
+
+  public static void register() throws GeneralSecurityException {
+    Registry.registerPrimitiveWrapper(new AeadWrapper());
+  }
 }

java/src/main/java/com/google/crypto/tink/aead/AesGcmKeyManager.java

@@ -18,6 +18,7 @@ package com.google.crypto.tink.aead;
 
 import com.google.crypto.tink.Aead;
 import com.google.crypto.tink.KeyTypeManager;
+import com.google.crypto.tink.Registry;
 import com.google.crypto.tink.proto.AesGcmKey;
 import com.google.crypto.tink.proto.AesGcmKeyFormat;
 import com.google.crypto.tink.proto.KeyData.KeyMaterialType;
@@ -32,8 +33,8 @@ import java.security.GeneralSecurityException;
  * This key manager generates new {@code AesGcmKey} keys and produces new instances of {@code
  * AesGcmJce}.
  */
-class AesGcmKeyManager extends KeyTypeManager<AesGcmKey> {
-  public AesGcmKeyManager() {
+public class AesGcmKeyManager extends KeyTypeManager<AesGcmKey> {
+  AesGcmKeyManager() {
     super(
         AesGcmKey.class,
         new PrimitiveFactory<Aead, AesGcmKey>(Aead.class) {
@@ -93,4 +94,8 @@ class AesGcmKeyManager extends KeyTypeManager<AesGcmKey> {
       }
     };
   }
+
+  public static void register(boolean newKeyAllowed) throws GeneralSecurityException {
+    Registry.registerKeyManager(new AesGcmKeyManager(), newKeyAllowed);
+  }
 }