2021-10-07 15:48:52 +02:00
|
|
|
|
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
|
|
|
|
|
//
|
|
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
|
2021-05-29 14:13:08 +02:00
|
|
|
|
package org.pgpainless.decryption_verification;
|
2021-05-15 18:44:03 +02:00
|
|
|
|
|
|
|
|
|
|
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
|
|
|
|
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
2021-09-04 13:41:06 +02:00
|
|
|
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
2021-05-15 18:44:03 +02:00
|
|
|
|
|
|
|
|
|
|
import java.io.ByteArrayInputStream;
|
2021-05-29 14:13:08 +02:00
|
|
|
|
import java.io.ByteArrayOutputStream;
|
|
|
|
|
|
import java.io.File;
|
|
|
|
|
|
import java.io.FileInputStream;
|
2021-05-15 18:44:03 +02:00
|
|
|
|
import java.io.IOException;
|
|
|
|
|
|
import java.nio.charset.StandardCharsets;
|
2021-11-24 14:51:16 +01:00
|
|
|
|
import java.security.InvalidAlgorithmParameterException;
|
|
|
|
|
|
import java.security.NoSuchAlgorithmException;
|
|
|
|
|
|
import java.util.Random;
|
2021-05-15 18:44:03 +02:00
|
|
|
|
|
|
|
|
|
|
import org.bouncycastle.openpgp.PGPException;
|
2021-08-23 14:23:34 +02:00
|
|
|
|
import org.bouncycastle.openpgp.PGPPublicKey;
|
2021-05-15 18:44:03 +02:00
|
|
|
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
2021-10-01 15:21:42 +02:00
|
|
|
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
2021-05-15 18:44:03 +02:00
|
|
|
|
import org.bouncycastle.openpgp.PGPSignature;
|
2021-07-31 20:40:31 +02:00
|
|
|
|
import org.bouncycastle.util.io.Streams;
|
2021-05-15 18:44:03 +02:00
|
|
|
|
import org.junit.jupiter.api.Test;
|
|
|
|
|
|
import org.pgpainless.PGPainless;
|
2021-10-01 15:21:42 +02:00
|
|
|
|
import org.pgpainless.algorithm.DocumentSignatureType;
|
|
|
|
|
|
import org.pgpainless.decryption_verification.cleartext_signatures.InMemoryMultiPassStrategy;
|
|
|
|
|
|
import org.pgpainless.decryption_verification.cleartext_signatures.MultiPassStrategy;
|
|
|
|
|
|
import org.pgpainless.encryption_signing.EncryptionStream;
|
|
|
|
|
|
import org.pgpainless.encryption_signing.ProducerOptions;
|
|
|
|
|
|
import org.pgpainless.encryption_signing.SigningOptions;
|
2021-05-15 18:44:03 +02:00
|
|
|
|
import org.pgpainless.key.TestKeys;
|
2021-10-01 15:21:42 +02:00
|
|
|
|
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
2021-11-03 13:30:16 +01:00
|
|
|
|
import org.pgpainless.signature.consumer.CertificateValidator;
|
2021-08-23 14:23:34 +02:00
|
|
|
|
import org.pgpainless.signature.SignatureUtils;
|
2021-11-03 13:30:16 +01:00
|
|
|
|
import org.pgpainless.signature.consumer.SignatureVerifier;
|
2021-08-23 15:47:21 +02:00
|
|
|
|
import org.pgpainless.util.ArmorUtils;
|
2021-05-29 14:13:08 +02:00
|
|
|
|
import org.pgpainless.util.TestUtils;
|
2021-05-15 18:44:03 +02:00
|
|
|
|
|
|
|
|
|
|
public class CleartextSignatureVerificationTest {
|
|
|
|
|
|
|
2021-08-26 19:35:25 +02:00
|
|
|
|
public static final byte[] MESSAGE_BODY = ("Ah, Juliet, if the measure of thy joy\n" +
|
2021-08-23 14:23:34 +02:00
|
|
|
|
"Be heaped like mine, and that thy skill be more\n" +
|
|
|
|
|
|
"To blazon it, then sweeten with thy breath\n" +
|
|
|
|
|
|
"This neighbor air, and let rich music’s tongue\n" +
|
|
|
|
|
|
"Unfold the imagined happiness that both\n" +
|
2021-08-26 19:35:25 +02:00
|
|
|
|
"Receive in either by this dear encounter.").getBytes(StandardCharsets.UTF_8);
|
|
|
|
|
|
public static final byte[] MESSAGE_SIGNED = ("-----BEGIN PGP SIGNED MESSAGE-----\n" +
|
2021-08-23 14:23:34 +02:00
|
|
|
|
"Hash: SHA512\n" +
|
|
|
|
|
|
"\n" +
|
|
|
|
|
|
"Ah, Juliet, if the measure of thy joy\n" +
|
|
|
|
|
|
"Be heaped like mine, and that thy skill be more\n" +
|
|
|
|
|
|
"To blazon it, then sweeten with thy breath\n" +
|
|
|
|
|
|
"This neighbor air, and let rich music’s tongue\n" +
|
|
|
|
|
|
"Unfold the imagined happiness that both\n" +
|
|
|
|
|
|
"Receive in either by this dear encounter.\n" +
|
|
|
|
|
|
"-----BEGIN PGP SIGNATURE-----\n" +
|
|
|
|
|
|
"\n" +
|
|
|
|
|
|
"iHUEARMKAB0WIQRPZlxNwsRmC8ZCXkFXNuaTGs83DAUCYJ/x5gAKCRBXNuaTGs83\n" +
|
|
|
|
|
|
"DFRwAP9/4wMvV3WcX59Clo7mkRce6iwW3VBdiN+yMu3tjmHB2wD/RfE28Q1v4+eo\n" +
|
|
|
|
|
|
"ySNgbyvqYYsNr0fnBwaG3aaj+u5ExiE=\n" +
|
|
|
|
|
|
"=Z2SO\n" +
|
2021-08-26 19:35:25 +02:00
|
|
|
|
"-----END PGP SIGNATURE-----").getBytes(StandardCharsets.UTF_8);
|
|
|
|
|
|
public static final byte[] SIGNATURE = ("-----BEGIN PGP SIGNATURE-----\n" +
|
2021-08-23 14:23:34 +02:00
|
|
|
|
"\n" +
|
|
|
|
|
|
"iHUEARMKAB0WIQRPZlxNwsRmC8ZCXkFXNuaTGs83DAUCYJ/x5gAKCRBXNuaTGs83\n" +
|
|
|
|
|
|
"DFRwAP9/4wMvV3WcX59Clo7mkRce6iwW3VBdiN+yMu3tjmHB2wD/RfE28Q1v4+eo\n" +
|
|
|
|
|
|
"ySNgbyvqYYsNr0fnBwaG3aaj+u5ExiE=\n" +
|
|
|
|
|
|
"=Z2SO\n" +
|
2021-08-26 19:35:25 +02:00
|
|
|
|
"-----END PGP SIGNATURE-----").getBytes(StandardCharsets.UTF_8);
|
2021-08-23 14:23:34 +02:00
|
|
|
|
|
2021-11-24 14:51:16 +01:00
|
|
|
|
public static final String alphabet = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
|
|
|
|
|
public static final Random random = new Random();
|
|
|
|
|
|
|
2021-05-15 18:44:03 +02:00
|
|
|
|
@Test
|
2021-12-28 13:32:50 +01:00
|
|
|
|
public void cleartextSignVerification_InMemoryMultiPassStrategy()
|
|
|
|
|
|
throws IOException, PGPException {
|
2021-05-15 18:44:03 +02:00
|
|
|
|
PGPPublicKeyRing signingKeys = TestKeys.getEmilPublicKeyRing();
|
2021-08-28 11:39:50 +02:00
|
|
|
|
ConsumerOptions options = new ConsumerOptions()
|
|
|
|
|
|
.addVerificationCert(signingKeys);
|
2021-05-15 18:44:03 +02:00
|
|
|
|
|
|
|
|
|
|
InMemoryMultiPassStrategy multiPassStrategy = MultiPassStrategy.keepMessageInMemory();
|
2021-11-02 12:12:29 +01:00
|
|
|
|
options.setMultiPassStrategy(multiPassStrategy);
|
|
|
|
|
|
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
2021-08-26 19:35:25 +02:00
|
|
|
|
.onInputStream(new ByteArrayInputStream(MESSAGE_SIGNED))
|
2021-08-28 11:39:50 +02:00
|
|
|
|
.withOptions(options);
|
2021-05-15 18:44:03 +02:00
|
|
|
|
|
2021-09-27 11:47:54 +02:00
|
|
|
|
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
|
|
|
|
|
Streams.pipeAll(decryptionStream, out);
|
|
|
|
|
|
decryptionStream.close();
|
|
|
|
|
|
|
|
|
|
|
|
OpenPgpMetadata result = decryptionStream.getResult();
|
2021-09-04 13:41:06 +02:00
|
|
|
|
assertTrue(result.isVerified());
|
|
|
|
|
|
|
|
|
|
|
|
PGPSignature signature = result.getVerifiedSignatures().values().iterator().next();
|
2021-05-15 18:44:03 +02:00
|
|
|
|
|
|
|
|
|
|
assertEquals(signature.getKeyID(), signingKeys.getPublicKey().getKeyID());
|
2021-09-27 11:47:54 +02:00
|
|
|
|
assertArrayEquals(MESSAGE_BODY, out.toByteArray());
|
2021-05-15 18:44:03 +02:00
|
|
|
|
}
|
2021-05-29 14:13:08 +02:00
|
|
|
|
|
|
|
|
|
|
@Test
|
2021-12-28 13:32:50 +01:00
|
|
|
|
public void cleartextSignVerification_FileBasedMultiPassStrategy()
|
|
|
|
|
|
throws IOException, PGPException {
|
2021-05-29 14:13:08 +02:00
|
|
|
|
PGPPublicKeyRing signingKeys = TestKeys.getEmilPublicKeyRing();
|
2021-08-28 11:39:50 +02:00
|
|
|
|
ConsumerOptions options = new ConsumerOptions()
|
|
|
|
|
|
.addVerificationCert(signingKeys);
|
2021-05-29 14:13:08 +02:00
|
|
|
|
|
|
|
|
|
|
File tempDir = TestUtils.createTempDirectory();
|
|
|
|
|
|
File file = new File(tempDir, "file");
|
|
|
|
|
|
MultiPassStrategy multiPassStrategy = MultiPassStrategy.writeMessageToFile(file);
|
2021-11-02 12:12:29 +01:00
|
|
|
|
options.setMultiPassStrategy(multiPassStrategy);
|
|
|
|
|
|
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
2021-08-26 19:35:25 +02:00
|
|
|
|
.onInputStream(new ByteArrayInputStream(MESSAGE_SIGNED))
|
2021-08-28 11:39:50 +02:00
|
|
|
|
.withOptions(options);
|
2021-05-29 14:13:08 +02:00
|
|
|
|
|
2021-09-27 11:47:54 +02:00
|
|
|
|
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
|
|
|
|
|
Streams.pipeAll(decryptionStream, out);
|
|
|
|
|
|
decryptionStream.close();
|
|
|
|
|
|
|
|
|
|
|
|
OpenPgpMetadata result = decryptionStream.getResult();
|
2021-09-04 13:41:06 +02:00
|
|
|
|
assertTrue(result.isVerified());
|
|
|
|
|
|
|
|
|
|
|
|
PGPSignature signature = result.getVerifiedSignatures().values().iterator().next();
|
2021-05-29 14:13:08 +02:00
|
|
|
|
|
|
|
|
|
|
assertEquals(signature.getKeyID(), signingKeys.getPublicKey().getKeyID());
|
|
|
|
|
|
FileInputStream fileIn = new FileInputStream(file);
|
|
|
|
|
|
ByteArrayOutputStream bytes = new ByteArrayOutputStream();
|
2021-07-31 20:40:31 +02:00
|
|
|
|
Streams.pipeAll(fileIn, bytes);
|
2021-05-29 14:13:08 +02:00
|
|
|
|
fileIn.close();
|
2021-08-26 19:35:25 +02:00
|
|
|
|
assertArrayEquals(MESSAGE_BODY, bytes.toByteArray());
|
2021-08-23 14:23:34 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Test
|
2021-12-28 13:32:50 +01:00
|
|
|
|
public void verifySignatureDetached()
|
|
|
|
|
|
throws IOException, PGPException {
|
2021-08-23 14:23:34 +02:00
|
|
|
|
PGPPublicKeyRing signingKeys = TestKeys.getEmilPublicKeyRing();
|
|
|
|
|
|
|
|
|
|
|
|
PGPSignature signature = SignatureUtils.readSignatures(SIGNATURE).get(0);
|
|
|
|
|
|
PGPPublicKey signingKey = signingKeys.getPublicKey(signature.getKeyID());
|
|
|
|
|
|
|
2021-08-26 19:35:25 +02:00
|
|
|
|
SignatureVerifier.initializeSignatureAndUpdateWithSignedData(signature, new ByteArrayInputStream(MESSAGE_BODY), signingKey);
|
2021-08-23 15:47:21 +02:00
|
|
|
|
|
2021-08-23 14:23:34 +02:00
|
|
|
|
CertificateValidator.validateCertificateAndVerifyInitializedSignature(signature, signingKeys, PGPainless.getPolicy());
|
2021-05-29 14:13:08 +02:00
|
|
|
|
}
|
2021-08-23 15:47:21 +02:00
|
|
|
|
|
2021-08-26 15:07:48 +02:00
|
|
|
|
public static void main(String[] args) throws IOException {
|
2021-08-23 15:47:21 +02:00
|
|
|
|
// CHECKSTYLE:OFF
|
|
|
|
|
|
PGPPublicKeyRing keys = TestKeys.getEmilPublicKeyRing();
|
|
|
|
|
|
System.out.println(ArmorUtils.toAsciiArmoredString(keys));
|
2021-08-26 19:35:25 +02:00
|
|
|
|
System.out.println(new String(MESSAGE_SIGNED));
|
|
|
|
|
|
System.out.println(new String(MESSAGE_BODY));
|
|
|
|
|
|
System.out.println(new String(SIGNATURE));
|
2021-08-23 15:47:21 +02:00
|
|
|
|
// CHECKSTYLE:ON
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Test
|
2021-12-28 13:32:50 +01:00
|
|
|
|
public void testOutputOfSigVerification()
|
|
|
|
|
|
throws IOException, PGPException {
|
2021-08-23 15:47:21 +02:00
|
|
|
|
PGPSignature signature = SignatureUtils.readSignatures(SIGNATURE).get(0);
|
|
|
|
|
|
|
|
|
|
|
|
ConsumerOptions options = new ConsumerOptions()
|
|
|
|
|
|
.addVerificationCert(TestKeys.getEmilPublicKeyRing())
|
|
|
|
|
|
.addVerificationOfDetachedSignature(signature);
|
|
|
|
|
|
|
|
|
|
|
|
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
2021-08-26 19:35:25 +02:00
|
|
|
|
.onInputStream(new ByteArrayInputStream(MESSAGE_BODY))
|
2021-08-23 15:47:21 +02:00
|
|
|
|
.withOptions(options);
|
|
|
|
|
|
|
|
|
|
|
|
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
|
|
|
|
|
Streams.pipeAll(decryptionStream, out);
|
|
|
|
|
|
decryptionStream.close();
|
|
|
|
|
|
|
|
|
|
|
|
OpenPgpMetadata metadata = decryptionStream.getResult();
|
|
|
|
|
|
assertEquals(1, metadata.getVerifiedSignatures().size());
|
|
|
|
|
|
}
|
2021-08-29 13:35:27 +02:00
|
|
|
|
|
2021-10-01 15:21:42 +02:00
|
|
|
|
@Test
|
2021-12-28 13:32:50 +01:00
|
|
|
|
public void getDecoderStreamMistakensPlaintextForBase64RegressionTest()
|
|
|
|
|
|
throws PGPException, IOException {
|
2021-12-28 13:53:25 +01:00
|
|
|
|
String message = "Foo\nBar"; // PGPUtil.getDecoderStream() would have mistaken this for base64 data
|
2021-10-01 15:21:42 +02:00
|
|
|
|
ByteArrayInputStream msgIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8));
|
|
|
|
|
|
|
|
|
|
|
|
PGPSecretKeyRing secretKey = TestKeys.getEmilSecretKeyRing();
|
|
|
|
|
|
ByteArrayOutputStream signedOut = new ByteArrayOutputStream();
|
|
|
|
|
|
EncryptionStream signingStream = PGPainless.encryptAndOrSign().onOutputStream(signedOut)
|
|
|
|
|
|
.withOptions(ProducerOptions.sign(SigningOptions.get()
|
2021-11-02 12:12:29 +01:00
|
|
|
|
.addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(), secretKey, DocumentSignatureType.CANONICAL_TEXT_DOCUMENT))
|
2021-10-01 15:21:42 +02:00
|
|
|
|
.setCleartextSigned());
|
|
|
|
|
|
|
|
|
|
|
|
Streams.pipeAll(msgIn, signingStream);
|
|
|
|
|
|
signingStream.close();
|
|
|
|
|
|
|
|
|
|
|
|
String signed = signedOut.toString();
|
|
|
|
|
|
|
|
|
|
|
|
ByteArrayInputStream signedIn = new ByteArrayInputStream(signed.getBytes(StandardCharsets.UTF_8));
|
2021-11-02 12:12:29 +01:00
|
|
|
|
DecryptionStream verificationStream = PGPainless.decryptAndOrVerify()
|
2021-10-01 15:21:42 +02:00
|
|
|
|
.onInputStream(signedIn)
|
|
|
|
|
|
.withOptions(new ConsumerOptions()
|
2021-11-02 12:12:29 +01:00
|
|
|
|
.addVerificationCert(TestKeys.getEmilPublicKeyRing()));
|
2021-10-01 15:21:42 +02:00
|
|
|
|
|
|
|
|
|
|
ByteArrayOutputStream msgOut = new ByteArrayOutputStream();
|
|
|
|
|
|
Streams.pipeAll(verificationStream, msgOut);
|
|
|
|
|
|
verificationStream.close();
|
|
|
|
|
|
|
|
|
|
|
|
OpenPgpMetadata metadata = verificationStream.getResult();
|
|
|
|
|
|
assertTrue(metadata.isVerified());
|
|
|
|
|
|
}
|
2021-11-24 14:51:16 +01:00
|
|
|
|
|
|
|
|
|
|
@Test
|
2021-12-28 13:32:50 +01:00
|
|
|
|
public void testDecryptionOfVeryLongClearsignedMessage()
|
|
|
|
|
|
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
|
2021-11-24 14:51:16 +01:00
|
|
|
|
String message = randomString(28, 4000);
|
|
|
|
|
|
|
2022-06-09 00:42:06 +02:00
|
|
|
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing().modernKeyRing("Alice");
|
2021-11-24 14:51:16 +01:00
|
|
|
|
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
|
|
|
|
|
EncryptionStream encryptionStream = PGPainless.encryptAndOrSign()
|
|
|
|
|
|
.onOutputStream(out)
|
|
|
|
|
|
.withOptions(ProducerOptions.sign(
|
|
|
|
|
|
SigningOptions.get()
|
|
|
|
|
|
.addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(),
|
|
|
|
|
|
secretKeys, DocumentSignatureType.CANONICAL_TEXT_DOCUMENT)
|
|
|
|
|
|
).setCleartextSigned());
|
|
|
|
|
|
|
|
|
|
|
|
Streams.pipeAll(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)), encryptionStream);
|
|
|
|
|
|
encryptionStream.close();
|
|
|
|
|
|
|
|
|
|
|
|
String cleartextSigned = out.toString();
|
|
|
|
|
|
|
|
|
|
|
|
ByteArrayInputStream in = new ByteArrayInputStream(cleartextSigned.getBytes(StandardCharsets.UTF_8));
|
|
|
|
|
|
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
|
|
|
|
|
.onInputStream(in)
|
|
|
|
|
|
.withOptions(new ConsumerOptions()
|
|
|
|
|
|
.addVerificationCert(PGPainless.extractCertificate(secretKeys)));
|
|
|
|
|
|
|
|
|
|
|
|
out = new ByteArrayOutputStream();
|
|
|
|
|
|
Streams.pipeAll(decryptionStream, out);
|
|
|
|
|
|
decryptionStream.close();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private String randomString(int maxWordLen, int wordCount) {
|
|
|
|
|
|
StringBuilder sb = new StringBuilder();
|
|
|
|
|
|
for (int i = 0; i < wordCount; i++) {
|
|
|
|
|
|
sb.append(randomWord(maxWordLen)).append(' ');
|
|
|
|
|
|
int n = random.nextInt(12);
|
|
|
|
|
|
if (n == 11) {
|
|
|
|
|
|
sb.append('\n');
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return sb.toString();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private String randomWord(int maxWordLen) {
|
|
|
|
|
|
int len = random.nextInt(maxWordLen);
|
|
|
|
|
|
char[] word = new char[len];
|
|
|
|
|
|
for (int i = 0; i < word.length; i++) {
|
|
|
|
|
|
word[i] = alphabet.charAt(random.nextInt(alphabet.length()));
|
|
|
|
|
|
}
|
|
|
|
|
|
return new String(word);
|
|
|
|
|
|
}
|
2021-05-15 18:44:03 +02:00
|
|
|
|
}
|
