2021-10-10 16:34:17 +02:00
|
|
|
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
|
|
|
//
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
|
|
package org.pgpainless.sop;
|
|
|
|
|
|
|
|
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
|
|
|
|
|
|
|
import java.io.ByteArrayInputStream;
|
|
|
|
import java.io.ByteArrayOutputStream;
|
|
|
|
import java.io.IOException;
|
2022-06-19 16:56:32 +02:00
|
|
|
import java.io.OutputStream;
|
2021-10-10 16:34:17 +02:00
|
|
|
import java.nio.charset.StandardCharsets;
|
|
|
|
import java.util.List;
|
|
|
|
|
2022-06-19 16:56:32 +02:00
|
|
|
import org.bouncycastle.bcpg.ArmoredInputStream;
|
|
|
|
import org.bouncycastle.openpgp.PGPCompressedData;
|
2021-10-10 16:34:17 +02:00
|
|
|
import org.bouncycastle.openpgp.PGPException;
|
2022-06-19 16:56:32 +02:00
|
|
|
import org.bouncycastle.openpgp.PGPLiteralData;
|
|
|
|
import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
|
|
|
|
import org.bouncycastle.openpgp.PGPObjectFactory;
|
2021-10-10 16:34:17 +02:00
|
|
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
2022-06-19 16:56:32 +02:00
|
|
|
import org.bouncycastle.openpgp.PGPSignature;
|
|
|
|
import org.bouncycastle.openpgp.PGPSignatureList;
|
2021-10-10 16:34:17 +02:00
|
|
|
import org.bouncycastle.util.io.Streams;
|
|
|
|
import org.junit.jupiter.api.Test;
|
|
|
|
import org.pgpainless.PGPainless;
|
2022-06-19 16:56:32 +02:00
|
|
|
import org.pgpainless.implementation.ImplementationFactory;
|
2021-10-10 16:34:17 +02:00
|
|
|
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
|
|
|
import sop.ByteArrayAndResult;
|
|
|
|
import sop.SOP;
|
|
|
|
import sop.Signatures;
|
|
|
|
import sop.Verification;
|
2022-06-16 13:09:42 +02:00
|
|
|
import sop.enums.InlineSignAs;
|
2023-04-27 15:15:42 +02:00
|
|
|
import sop.enums.SignatureMode;
|
2022-06-19 16:56:32 +02:00
|
|
|
import sop.exception.SOPGPException;
|
2023-04-27 15:15:42 +02:00
|
|
|
import sop.testsuite.assertions.VerificationListAssert;
|
2021-10-10 16:34:17 +02:00
|
|
|
|
2022-06-16 13:09:42 +02:00
|
|
|
public class InlineDetachTest {
|
2021-10-10 16:34:17 +02:00
|
|
|
|
2022-06-16 13:09:42 +02:00
|
|
|
private static final SOP sop = new SOPImpl();
|
2022-06-19 16:56:32 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Construct a message which is signed using the cleartext signature framework.
|
|
|
|
* The message consists of an armor header followed by the dash-escaped message data, followed by an armored signature.
|
|
|
|
*
|
|
|
|
* Detaching must result in the unescaped message data plus the signature packet.
|
|
|
|
* Verifying the signature must work.
|
|
|
|
*
|
|
|
|
* @throws IOException in case of an IO error
|
|
|
|
*/
|
2021-10-10 16:34:17 +02:00
|
|
|
@Test
|
2022-06-16 13:09:42 +02:00
|
|
|
public void detachCleartextSignedMessage() throws IOException {
|
2021-10-10 16:34:17 +02:00
|
|
|
byte[] key = sop.generateKey()
|
|
|
|
.userId("Alice <alice@pgpainless.org>")
|
|
|
|
.generate()
|
|
|
|
.getBytes();
|
|
|
|
byte[] cert = sop.extractCert().key(key).getBytes();
|
|
|
|
PGPSecretKeyRing secretKey = PGPainless.readKeyRing().secretKeyRing(key);
|
|
|
|
|
|
|
|
// Create a cleartext signed message
|
|
|
|
byte[] data = "Hello, World\n".getBytes(StandardCharsets.UTF_8);
|
2022-06-16 13:09:42 +02:00
|
|
|
byte[] cleartextSigned = sop.inlineSign()
|
|
|
|
.key(key)
|
|
|
|
.withKeyPassword("sw0rdf1sh")
|
2022-11-11 13:46:05 +01:00
|
|
|
.mode(InlineSignAs.clearsigned)
|
2022-06-16 13:09:42 +02:00
|
|
|
.data(data).getBytes();
|
2021-10-10 16:34:17 +02:00
|
|
|
|
|
|
|
// actually detach the message
|
2022-06-07 08:55:10 +02:00
|
|
|
ByteArrayAndResult<Signatures> detachedMsg = sop.inlineDetach()
|
2022-06-16 13:09:42 +02:00
|
|
|
.message(cleartextSigned)
|
2021-10-10 16:34:17 +02:00
|
|
|
.toByteArrayAndResult();
|
|
|
|
|
|
|
|
byte[] message = detachedMsg.getBytes();
|
|
|
|
byte[] signature = detachedMsg.getResult().getBytes();
|
|
|
|
|
|
|
|
List<Verification> verificationList = sop.verify()
|
|
|
|
.cert(cert)
|
|
|
|
.signatures(signature)
|
|
|
|
.data(message);
|
|
|
|
|
2023-04-27 15:15:42 +02:00
|
|
|
VerificationListAssert.assertThatVerificationList(verificationList)
|
|
|
|
.hasSingleItem()
|
|
|
|
.issuedBy(new OpenPgpV4Fingerprint(secretKey).toString())
|
|
|
|
.hasMode(SignatureMode.text);
|
|
|
|
|
2021-10-10 16:34:17 +02:00
|
|
|
assertArrayEquals(data, message);
|
|
|
|
}
|
2022-06-16 13:09:42 +02:00
|
|
|
|
2022-06-19 16:56:32 +02:00
|
|
|
/**
|
|
|
|
* Construct a message which is inline-signed.
|
|
|
|
* The message consists of a compressed data packet containing an OnePassSignature, a literal data packet and
|
|
|
|
* a signature packet.
|
|
|
|
*
|
|
|
|
* Detaching the message must result in the contents of the literal data packet, plus the signature packet.
|
|
|
|
* Verification must work.
|
|
|
|
*
|
|
|
|
* @throws IOException in case of an IO error
|
|
|
|
*/
|
2022-06-16 13:09:42 +02:00
|
|
|
@Test
|
|
|
|
public void detachInbandSignedMessage() throws IOException {
|
|
|
|
byte[] key = sop.generateKey()
|
|
|
|
.userId("Alice <alice@pgpainless.org>")
|
|
|
|
.generate()
|
|
|
|
.getBytes();
|
|
|
|
byte[] cert = sop.extractCert().key(key).getBytes();
|
|
|
|
|
|
|
|
byte[] data = "Hello, World\n".getBytes(StandardCharsets.UTF_8);
|
|
|
|
byte[] inlineSigned = sop.inlineSign()
|
|
|
|
.key(key)
|
|
|
|
.data(data).getBytes();
|
|
|
|
|
|
|
|
// actually detach the message
|
|
|
|
ByteArrayAndResult<Signatures> detachedMsg = sop.inlineDetach()
|
|
|
|
.message(inlineSigned)
|
|
|
|
.toByteArrayAndResult();
|
|
|
|
|
|
|
|
byte[] message = detachedMsg.getBytes();
|
|
|
|
byte[] signature = detachedMsg.getResult().getBytes();
|
|
|
|
|
|
|
|
List<Verification> verificationList = sop.verify()
|
|
|
|
.cert(cert)
|
|
|
|
.signatures(signature)
|
|
|
|
.data(message);
|
|
|
|
|
2023-04-27 15:15:42 +02:00
|
|
|
VerificationListAssert.assertThatVerificationList(verificationList)
|
|
|
|
.hasSingleItem()
|
|
|
|
.hasMode(SignatureMode.binary);
|
|
|
|
|
2022-06-16 13:09:42 +02:00
|
|
|
assertArrayEquals(data, message);
|
|
|
|
}
|
2022-06-19 16:56:32 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Construct a message which consists of a literal data packet followed by a signatures block.
|
|
|
|
* Detaching it must result in the contents of the literal data packet plus the signatures block.
|
|
|
|
*
|
|
|
|
* Verification must still work.
|
|
|
|
*
|
|
|
|
* @throws IOException in case of an IO error
|
|
|
|
*/
|
|
|
|
@Test
|
|
|
|
public void detachOpenPgpMessage() throws IOException {
|
|
|
|
byte[] key = sop.generateKey()
|
|
|
|
.userId("Alice <alice@pgpainless.org>")
|
|
|
|
.generate()
|
|
|
|
.getBytes();
|
|
|
|
byte[] cert = sop.extractCert().key(key).getBytes();
|
|
|
|
|
|
|
|
byte[] data = "Hello, World\n".getBytes(StandardCharsets.UTF_8);
|
|
|
|
byte[] inlineSigned = sop.inlineSign()
|
|
|
|
.key(key)
|
|
|
|
.data(data).getBytes();
|
|
|
|
|
|
|
|
ByteArrayOutputStream literalDataAndSignatures = new ByteArrayOutputStream();
|
|
|
|
ArmoredInputStream armorIn = new ArmoredInputStream(new ByteArrayInputStream(inlineSigned));
|
|
|
|
PGPObjectFactory objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(armorIn);
|
|
|
|
Object next;
|
|
|
|
while ((next = objectFactory.nextObject()) != null) {
|
|
|
|
if (next instanceof PGPCompressedData) {
|
|
|
|
PGPCompressedData compressedData = (PGPCompressedData) next;
|
|
|
|
try {
|
|
|
|
objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(compressedData.getDataStream());
|
|
|
|
} catch (PGPException e) {
|
|
|
|
throw new SOPGPException.BadData("Cannot decompress compressed data", e);
|
|
|
|
}
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (next instanceof PGPLiteralData) {
|
|
|
|
PGPLiteralData litDat = (PGPLiteralData) next;
|
|
|
|
PGPLiteralDataGenerator litGen = new PGPLiteralDataGenerator();
|
|
|
|
OutputStream litOut = litGen.open(literalDataAndSignatures, (char) litDat.getFormat(), litDat.getFileName(), litDat.getModificationTime(), new byte[8192]);
|
|
|
|
Streams.pipeAll(litDat.getDataStream(), litOut);
|
|
|
|
litOut.close();
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (next instanceof PGPSignatureList) {
|
|
|
|
PGPSignatureList signatures = (PGPSignatureList) next;
|
|
|
|
for (PGPSignature signature : signatures) {
|
|
|
|
signature.encode(literalDataAndSignatures);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// actually detach the message
|
|
|
|
ByteArrayAndResult<Signatures> detachedMsg = sop.inlineDetach()
|
|
|
|
.message(literalDataAndSignatures.toByteArray())
|
|
|
|
.toByteArrayAndResult();
|
|
|
|
|
|
|
|
byte[] message = detachedMsg.getBytes();
|
|
|
|
byte[] signature = detachedMsg.getResult().getBytes();
|
|
|
|
|
|
|
|
List<Verification> verificationList = sop.verify()
|
|
|
|
.cert(cert)
|
|
|
|
.signatures(signature)
|
|
|
|
.data(message);
|
|
|
|
|
2023-04-27 15:15:42 +02:00
|
|
|
VerificationListAssert.assertThatVerificationList(verificationList)
|
|
|
|
.hasSingleItem()
|
|
|
|
.hasMode(SignatureMode.binary);
|
|
|
|
|
2022-06-19 16:56:32 +02:00
|
|
|
assertArrayEquals(data, message);
|
|
|
|
}
|
2021-10-10 16:34:17 +02:00
|
|
|
}
|