mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-26 14:22:05 +01:00
Progress on SOP04 support
This commit is contained in:
parent
3f16c54867
commit
2d60650cc6
5 changed files with 131 additions and 19 deletions
|
@ -42,7 +42,13 @@ public final class ClearsignedMessageUtil {
|
||||||
public static PGPSignatureList detachSignaturesFromInbandClearsignedMessage(InputStream clearsignedInputStream,
|
public static PGPSignatureList detachSignaturesFromInbandClearsignedMessage(InputStream clearsignedInputStream,
|
||||||
OutputStream messageOutputStream)
|
OutputStream messageOutputStream)
|
||||||
throws IOException, WrongConsumingMethodException {
|
throws IOException, WrongConsumingMethodException {
|
||||||
ArmoredInputStream in = ArmoredInputStreamFactory.get(clearsignedInputStream);
|
ArmoredInputStream in;
|
||||||
|
if (clearsignedInputStream instanceof ArmoredInputStream) {
|
||||||
|
in = (ArmoredInputStream) clearsignedInputStream;
|
||||||
|
} else {
|
||||||
|
in = ArmoredInputStreamFactory.get(clearsignedInputStream);
|
||||||
|
}
|
||||||
|
|
||||||
if (!in.isClearText()) {
|
if (!in.isClearText()) {
|
||||||
throw new WrongConsumingMethodException("Message is not using the Cleartext Signature Framework.");
|
throw new WrongConsumingMethodException("Message is not using the Cleartext Signature Framework.");
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,8 +14,8 @@ import org.bouncycastle.bcpg.ArmoredOutputStream;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
import org.bouncycastle.openpgp.PGPSignatureList;
|
import org.bouncycastle.openpgp.PGPSignatureList;
|
||||||
import org.bouncycastle.util.io.Streams;
|
import org.bouncycastle.util.io.Streams;
|
||||||
import org.pgpainless.exception.WrongConsumingMethodException;
|
|
||||||
import org.pgpainless.decryption_verification.cleartext_signatures.ClearsignedMessageUtil;
|
import org.pgpainless.decryption_verification.cleartext_signatures.ClearsignedMessageUtil;
|
||||||
|
import org.pgpainless.exception.WrongConsumingMethodException;
|
||||||
import org.pgpainless.util.ArmoredOutputStreamFactory;
|
import org.pgpainless.util.ArmoredOutputStreamFactory;
|
||||||
import sop.ReadyWithResult;
|
import sop.ReadyWithResult;
|
||||||
import sop.Signatures;
|
import sop.Signatures;
|
||||||
|
|
|
@ -25,7 +25,7 @@ import sop.Verification;
|
||||||
import sop.enums.SignAs;
|
import sop.enums.SignAs;
|
||||||
import sop.exception.SOPGPException;
|
import sop.exception.SOPGPException;
|
||||||
|
|
||||||
public class SignTest {
|
public class DetachedSignTest {
|
||||||
|
|
||||||
private static SOP sop;
|
private static SOP sop;
|
||||||
private static byte[] key;
|
private static byte[] key;
|
|
@ -29,12 +29,13 @@ import sop.ByteArrayAndResult;
|
||||||
import sop.SOP;
|
import sop.SOP;
|
||||||
import sop.Signatures;
|
import sop.Signatures;
|
||||||
import sop.Verification;
|
import sop.Verification;
|
||||||
|
import sop.enums.InlineSignAs;
|
||||||
|
|
||||||
public class DetachInbandSignatureAndMessageTest {
|
public class InlineDetachTest {
|
||||||
|
|
||||||
|
private static final SOP sop = new SOPImpl();
|
||||||
@Test
|
@Test
|
||||||
public void testDetachingOfInbandSignaturesAndMessage() throws IOException, PGPException {
|
public void detachCleartextSignedMessage() throws IOException {
|
||||||
SOP sop = new SOPImpl();
|
|
||||||
byte[] key = sop.generateKey()
|
byte[] key = sop.generateKey()
|
||||||
.userId("Alice <alice@pgpainless.org>")
|
.userId("Alice <alice@pgpainless.org>")
|
||||||
.generate()
|
.generate()
|
||||||
|
@ -44,22 +45,15 @@ public class DetachInbandSignatureAndMessageTest {
|
||||||
|
|
||||||
// Create a cleartext signed message
|
// Create a cleartext signed message
|
||||||
byte[] data = "Hello, World\n".getBytes(StandardCharsets.UTF_8);
|
byte[] data = "Hello, World\n".getBytes(StandardCharsets.UTF_8);
|
||||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
byte[] cleartextSigned = sop.inlineSign()
|
||||||
EncryptionStream signingStream = PGPainless.encryptAndOrSign()
|
.key(key)
|
||||||
.onOutputStream(out)
|
.withKeyPassword("sw0rdf1sh")
|
||||||
.withOptions(
|
.mode(InlineSignAs.CleartextSigned)
|
||||||
ProducerOptions.sign(
|
.data(data).getBytes();
|
||||||
SigningOptions.get()
|
|
||||||
.addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(),
|
|
||||||
secretKey, DocumentSignatureType.BINARY_DOCUMENT)
|
|
||||||
).setCleartextSigned());
|
|
||||||
|
|
||||||
Streams.pipeAll(new ByteArrayInputStream(data), signingStream);
|
|
||||||
signingStream.close();
|
|
||||||
|
|
||||||
// actually detach the message
|
// actually detach the message
|
||||||
ByteArrayAndResult<Signatures> detachedMsg = sop.inlineDetach()
|
ByteArrayAndResult<Signatures> detachedMsg = sop.inlineDetach()
|
||||||
.message(out.toByteArray())
|
.message(cleartextSigned)
|
||||||
.toByteArrayAndResult();
|
.toByteArrayAndResult();
|
||||||
|
|
||||||
byte[] message = detachedMsg.getBytes();
|
byte[] message = detachedMsg.getBytes();
|
||||||
|
@ -75,4 +69,35 @@ public class DetachInbandSignatureAndMessageTest {
|
||||||
assertEquals(new OpenPgpV4Fingerprint(secretKey).toString(), verificationList.get(0).getSigningCertFingerprint());
|
assertEquals(new OpenPgpV4Fingerprint(secretKey).toString(), verificationList.get(0).getSigningCertFingerprint());
|
||||||
assertArrayEquals(data, message);
|
assertArrayEquals(data, message);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void detachInbandSignedMessage() throws IOException {
|
||||||
|
byte[] key = sop.generateKey()
|
||||||
|
.userId("Alice <alice@pgpainless.org>")
|
||||||
|
.generate()
|
||||||
|
.getBytes();
|
||||||
|
byte[] cert = sop.extractCert().key(key).getBytes();
|
||||||
|
|
||||||
|
byte[] data = "Hello, World\n".getBytes(StandardCharsets.UTF_8);
|
||||||
|
byte[] inlineSigned = sop.inlineSign()
|
||||||
|
.key(key)
|
||||||
|
.data(data).getBytes();
|
||||||
|
|
||||||
|
// actually detach the message
|
||||||
|
ByteArrayAndResult<Signatures> detachedMsg = sop.inlineDetach()
|
||||||
|
.message(inlineSigned)
|
||||||
|
.toByteArrayAndResult();
|
||||||
|
|
||||||
|
byte[] message = detachedMsg.getBytes();
|
||||||
|
byte[] signature = detachedMsg.getResult().getBytes();
|
||||||
|
|
||||||
|
List<Verification> verificationList = sop.verify()
|
||||||
|
.cert(cert)
|
||||||
|
.signatures(signature)
|
||||||
|
.data(message);
|
||||||
|
|
||||||
|
assertFalse(verificationList.isEmpty());
|
||||||
|
assertEquals(1, verificationList.size());
|
||||||
|
assertArrayEquals(data, message);
|
||||||
|
}
|
||||||
}
|
}
|
|
@ -0,0 +1,81 @@
|
||||||
|
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package org.pgpainless.sop;
|
||||||
|
|
||||||
|
import org.junit.jupiter.api.Test;
|
||||||
|
import sop.ByteArrayAndResult;
|
||||||
|
import sop.SOP;
|
||||||
|
import sop.Verification;
|
||||||
|
import sop.enums.InlineSignAs;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.nio.charset.StandardCharsets;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||||
|
|
||||||
|
public class InlineSignVerifyRoundtripTest {
|
||||||
|
|
||||||
|
private static final SOP sop = new SOPImpl();
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testInlineSignAndVerifyWithCleartextSignatures() throws IOException {
|
||||||
|
byte[] key = sop.generateKey()
|
||||||
|
.userId("Werner")
|
||||||
|
.withKeyPassword("sw0rdf1sh")
|
||||||
|
.generate().getBytes();
|
||||||
|
|
||||||
|
byte[] cert = sop.extractCert()
|
||||||
|
.key(key).getBytes();
|
||||||
|
|
||||||
|
byte[] message = "If you want something different, create a new protocol but don't try to\npush it onto a working system.\n".getBytes(StandardCharsets.UTF_8);
|
||||||
|
|
||||||
|
byte[] inlineSigned = sop.inlineSign()
|
||||||
|
.key(key)
|
||||||
|
.withKeyPassword("sw0rdf1sh")
|
||||||
|
.mode(InlineSignAs.CleartextSigned)
|
||||||
|
.data(message).getBytes();
|
||||||
|
|
||||||
|
ByteArrayAndResult<List<Verification>> result = sop.inlineVerify()
|
||||||
|
.cert(cert)
|
||||||
|
.data(inlineSigned)
|
||||||
|
.toByteArrayAndResult();
|
||||||
|
|
||||||
|
byte[] verified = result.getBytes();
|
||||||
|
|
||||||
|
assertFalse(result.getResult().isEmpty());
|
||||||
|
assertArrayEquals(message, verified);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testInlineSignAndVerifyWithBinarySignatures() throws IOException {
|
||||||
|
byte[] key = sop.generateKey()
|
||||||
|
.userId("Werner")
|
||||||
|
.withKeyPassword("sw0rdf1sh")
|
||||||
|
.generate().getBytes();
|
||||||
|
|
||||||
|
byte[] cert = sop.extractCert()
|
||||||
|
.key(key).getBytes();
|
||||||
|
|
||||||
|
byte[] message = "Yes, this is what has been deployed worldwide for years in millions of\ninstallations (decryption wise) and is meanwhile in active use.\n".getBytes(StandardCharsets.UTF_8);
|
||||||
|
|
||||||
|
byte[] inlineSigned = sop.inlineSign()
|
||||||
|
.key(key)
|
||||||
|
.withKeyPassword("sw0rdf1sh")
|
||||||
|
.data(message).getBytes();
|
||||||
|
|
||||||
|
ByteArrayAndResult<List<Verification>> result = sop.inlineVerify()
|
||||||
|
.cert(cert)
|
||||||
|
.data(inlineSigned)
|
||||||
|
.toByteArrayAndResult();
|
||||||
|
|
||||||
|
byte[] verified = result.getBytes();
|
||||||
|
|
||||||
|
assertFalse(result.getResult().isEmpty());
|
||||||
|
assertArrayEquals(message, verified);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in a new issue