141 lines
4.6 KiB
Java
141 lines
4.6 KiB
Java
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
|
//
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package org.pgpainless.sop;
|
|
|
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
|
import static org.junit.jupiter.api.Assertions.assertFalse;
|
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
|
|
|
import java.io.IOException;
|
|
import java.nio.charset.StandardCharsets;
|
|
import java.security.InvalidAlgorithmParameterException;
|
|
import java.security.NoSuchAlgorithmException;
|
|
import java.util.Date;
|
|
import java.util.List;
|
|
|
|
import org.bouncycastle.openpgp.PGPException;
|
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
|
import org.bouncycastle.openpgp.PGPSignature;
|
|
import org.junit.jupiter.api.BeforeAll;
|
|
import org.junit.jupiter.api.Test;
|
|
import org.pgpainless.PGPainless;
|
|
import org.pgpainless.algorithm.SignatureType;
|
|
import org.pgpainless.signature.SignatureUtils;
|
|
import sop.SOP;
|
|
import sop.Verification;
|
|
import sop.enums.SignAs;
|
|
import sop.exception.SOPGPException;
|
|
|
|
public class SignTest {
|
|
|
|
private static SOP sop;
|
|
private static byte[] key;
|
|
private static byte[] cert;
|
|
private static byte[] data;
|
|
|
|
@BeforeAll
|
|
public static void setup() throws IOException {
|
|
sop = new SOPImpl();
|
|
key = sop.generateKey()
|
|
.userId("Alice")
|
|
.generate()
|
|
.getBytes();
|
|
cert = sop.extractCert()
|
|
.key(key)
|
|
.getBytes();
|
|
data = "Hello, World\n".getBytes(StandardCharsets.UTF_8);
|
|
}
|
|
|
|
@Test
|
|
public void signArmored() throws IOException {
|
|
byte[] signature = sop.sign()
|
|
.key(key)
|
|
.data(data)
|
|
.toByteArrayAndResult().getBytes();
|
|
|
|
assertTrue(new String(signature).startsWith("-----BEGIN PGP SIGNATURE-----"));
|
|
|
|
List<Verification> verifications = sop.verify()
|
|
.cert(cert)
|
|
.notAfter(new Date(new Date().getTime() + 10000))
|
|
.notBefore(new Date(new Date().getTime() - 10000))
|
|
.signatures(signature)
|
|
.data(data);
|
|
|
|
assertEquals(1, verifications.size());
|
|
}
|
|
|
|
@Test
|
|
public void signUnarmored() throws IOException {
|
|
byte[] signature = sop.sign()
|
|
.key(key)
|
|
.noArmor()
|
|
.data(data)
|
|
.toByteArrayAndResult().getBytes();
|
|
|
|
assertFalse(new String(signature).startsWith("-----BEGIN PGP SIGNATURE-----"));
|
|
|
|
List<Verification> verifications = sop.verify()
|
|
.cert(cert)
|
|
.notAfter(new Date(new Date().getTime() + 10000))
|
|
.notBefore(new Date(new Date().getTime() - 10000))
|
|
.signatures(signature)
|
|
.data(data);
|
|
|
|
assertEquals(1, verifications.size());
|
|
}
|
|
|
|
@Test
|
|
public void rejectSignatureAsTooOld() throws IOException {
|
|
byte[] signature = sop.sign()
|
|
.key(key)
|
|
.data(data)
|
|
.toByteArrayAndResult().getBytes();
|
|
|
|
assertThrows(SOPGPException.NoSignature.class, () -> sop.verify()
|
|
.cert(cert)
|
|
.notAfter(new Date(new Date().getTime() - 10000)) // Sig is older
|
|
.signatures(signature)
|
|
.data(data));
|
|
}
|
|
|
|
@Test
|
|
public void rejectSignatureAsTooYoung() throws IOException {
|
|
byte[] signature = sop.sign()
|
|
.key(key)
|
|
.data(data)
|
|
.toByteArrayAndResult().getBytes();
|
|
|
|
assertThrows(SOPGPException.NoSignature.class, () -> sop.verify()
|
|
.cert(cert)
|
|
.notBefore(new Date(new Date().getTime() + 10000)) // Sig is younger
|
|
.signatures(signature)
|
|
.data(data));
|
|
}
|
|
|
|
@Test
|
|
public void mode() throws IOException, PGPException {
|
|
byte[] signature = sop.sign()
|
|
.mode(SignAs.Text)
|
|
.key(key)
|
|
.data(data)
|
|
.toByteArrayAndResult().getBytes();
|
|
|
|
PGPSignature sig = SignatureUtils.readSignatures(signature).get(0);
|
|
assertEquals(SignatureType.CANONICAL_TEXT_DOCUMENT.getCode(), sig.getSignatureType());
|
|
}
|
|
|
|
@Test
|
|
public void rejectEncryptedKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
|
|
PGPSecretKeyRing key = PGPainless.generateKeyRing()
|
|
.modernKeyRing("Alice", "passphrase");
|
|
byte[] bytes = key.getEncoded();
|
|
|
|
assertThrows(SOPGPException.KeyIsProtected.class, () -> sop.sign().key(bytes));
|
|
}
|
|
|
|
}
|