// SPDX-FileCopyrightText: 2021 Paul Schaub // // SPDX-License-Identifier: Apache-2.0 package org.pgpainless.sop; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; import java.io.IOException; import java.nio.charset.StandardCharsets; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; import java.util.Date; import java.util.List; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSignature; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; import org.pgpainless.algorithm.SignatureType; import org.pgpainless.signature.SignatureUtils; import sop.SOP; import sop.Verification; import sop.enums.SignAs; import sop.exception.SOPGPException; public class SignTest { private static SOP sop; private static byte[] key; private static byte[] cert; private static byte[] data; @BeforeAll public static void setup() throws IOException { sop = new SOPImpl(); key = sop.generateKey() .userId("Alice") .generate() .getBytes(); cert = sop.extractCert() .key(key) .getBytes(); data = "Hello, World\n".getBytes(StandardCharsets.UTF_8); } @Test public void signArmored() throws IOException { byte[] signature = sop.sign() .key(key) .data(data) .toByteArrayAndResult().getBytes(); assertTrue(new String(signature).startsWith("-----BEGIN PGP SIGNATURE-----")); List verifications = sop.verify() .cert(cert) .notAfter(new Date(new Date().getTime() + 10000)) .notBefore(new Date(new Date().getTime() - 10000)) .signatures(signature) .data(data); assertEquals(1, verifications.size()); } @Test public void signUnarmored() throws IOException { byte[] signature = sop.sign() .key(key) .noArmor() .data(data) .toByteArrayAndResult().getBytes(); assertFalse(new String(signature).startsWith("-----BEGIN PGP SIGNATURE-----")); List verifications = sop.verify() .cert(cert) .notAfter(new Date(new Date().getTime() + 10000)) .notBefore(new Date(new Date().getTime() - 10000)) .signatures(signature) .data(data); assertEquals(1, verifications.size()); } @Test public void rejectSignatureAsTooOld() throws IOException { byte[] signature = sop.sign() .key(key) .data(data) .toByteArrayAndResult().getBytes(); assertThrows(SOPGPException.NoSignature.class, () -> sop.verify() .cert(cert) .notAfter(new Date(new Date().getTime() - 10000)) // Sig is older .signatures(signature) .data(data)); } @Test public void rejectSignatureAsTooYoung() throws IOException { byte[] signature = sop.sign() .key(key) .data(data) .toByteArrayAndResult().getBytes(); assertThrows(SOPGPException.NoSignature.class, () -> sop.verify() .cert(cert) .notBefore(new Date(new Date().getTime() + 10000)) // Sig is younger .signatures(signature) .data(data)); } @Test public void mode() throws IOException, PGPException { byte[] signature = sop.sign() .mode(SignAs.Text) .key(key) .data(data) .toByteArrayAndResult().getBytes(); PGPSignature sig = SignatureUtils.readSignatures(signature).get(0); assertEquals(SignatureType.CANONICAL_TEXT_DOCUMENT.getCode(), sig.getSignatureType()); } @Test public void rejectEncryptedKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException { PGPSecretKeyRing key = PGPainless.generateKeyRing() .modernKeyRing("Alice", "passphrase"); byte[] bytes = key.getEncoded(); assertThrows(SOPGPException.KeyIsProtected.class, () -> sop.sign().key(bytes)); } }