pgpainless/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/VerifyNotBeforeNotAfterTest.java

/*
 * Copyright 2021 Paul Schaub.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.pgpainless.decryption_verification;

import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Date;

import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.util.io.Streams;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless;
import org.pgpainless.key.SubkeyIdentifier;
import org.pgpainless.key.TestKeys;
import org.pgpainless.util.DateUtil;

public class VerifyNotBeforeNotAfterTest {

    private static final byte[] data = "Hello, World!\n".getBytes(StandardCharsets.UTF_8);

    private static final byte[] inlineSigned = ("" +
            "-----BEGIN PGP MESSAGE-----\n" +
            "Version: PGPainless\n" +
            "\n" +
            "kA0DAAoTVzbmkxrPNwwAyxRiAAAAAABIZWxsbywgV29ybGQhCoh1BAATCgAGBQJh\n" +
            "G7iQACEJEFc25pMazzcMFiEET2ZcTcLEZgvGQl5BVzbmkxrPNwxH7AEAsEyOCQPG\n" +
            "3F2JSWK/8AYyvsk17Gtb9TGn5SWqLo5Ac8YBAIlijYnSIHm0aatlMsK6t/rAB3bU\n" +
            "eHyT9/mVlk9qrOWs\n" +
            "=vkxO\n" +
            "-----END PGP MESSAGE-----").getBytes(StandardCharsets.UTF_8);

    private static final byte[] detachedSignature = ("" +
            "-----BEGIN PGP SIGNATURE-----\n" +
            "Version: PGPainless\n" +
            "\n" +
            "iHUEABMKAAYFAmEbuJAAIQkQVzbmkxrPNwwWIQRPZlxNwsRmC8ZCXkFXNuaTGs83\n" +
            "DEfsAQDNXmvhkh92aoUp9KNCpCqA6nvHmT5O0n1Lr0BmBccHtgD8CVR3VElemas+\n" +
            "aH5l06cDUW1peQQs+xZ0FHltWmk5PJw=\n" +
            "=RJDi\n" +
            "-----END PGP SIGNATURE-----").getBytes(StandardCharsets.UTF_8);

    private static final Date signatureCreationDate = DateUtil.parseUTCDate("2021-08-17 13:24:32 UTC");
    private static final Date T0 = DateUtil.parseUTCDate("2021-08-17 12:30:00 UTC");
    private static final Date T1 = signatureCreationDate;
    private static final Date T2 = DateUtil.parseUTCDate("2021-08-17 13:30:00 UTC");
    private static PGPPublicKeyRing certificate;
    private static SubkeyIdentifier signingKey;

    @BeforeAll
    public static void setup() throws IOException {
        certificate = TestKeys.getEmilPublicKeyRing();
        signingKey = new SubkeyIdentifier(certificate);
    }

    @Test
    public void noConstraintsVerifyInlineSig() throws PGPException, IOException {
        ConsumerOptions options = new ConsumerOptions()
                .addVerificationCert(certificate);
        DecryptionStream verifier = PGPainless.decryptAndOrVerify()
                .onInputStream(new ByteArrayInputStream(inlineSigned))
                .withOptions(options);

        OpenPgpMetadata metadata = processSignedData(verifier);
        assertTrue(metadata.getVerifiedSignatures().containsKey(new SubkeyIdentifier(certificate)));
    }

    @Test
    public void noConstraintsVerifyDetachedSig() throws PGPException, IOException {
        ConsumerOptions options = new ConsumerOptions()
                .addVerificationCert(certificate)
                .addVerificationOfDetachedSignatures(new ByteArrayInputStream(detachedSignature));
        DecryptionStream verifier = PGPainless.decryptAndOrVerify()
                .onInputStream(new ByteArrayInputStream(data))
                .withOptions(options);

        OpenPgpMetadata metadata = processSignedData(verifier);
        assertTrue(metadata.getVerifiedSignatures().containsKey(new SubkeyIdentifier(certificate)));
    }

    @Test
    public void notBeforeT1DoesNotRejectInlineSigMadeAtT1() throws PGPException, IOException {
        ConsumerOptions options = new ConsumerOptions()
                .verifyNotBefore(T1)
                .addVerificationCert(certificate);
        DecryptionStream verifier = PGPainless.decryptAndOrVerify()
                .onInputStream(new ByteArrayInputStream(inlineSigned))
                .withOptions(options);
        OpenPgpMetadata metadata = processSignedData(verifier);
        assertTrue(metadata.getVerifiedSignatures().containsKey(signingKey));
    }

    @Test
    public void notBeforeT1DoesNotRejectDetachedSigMadeAtT1() throws PGPException, IOException {
        ConsumerOptions options = new ConsumerOptions()
                .verifyNotBefore(T1)
                .addVerificationCert(certificate)
                .addVerificationOfDetachedSignatures(new ByteArrayInputStream(detachedSignature));
        DecryptionStream verifier = PGPainless.decryptAndOrVerify()
                .onInputStream(new ByteArrayInputStream(data))
                .withOptions(options);
        OpenPgpMetadata metadata = processSignedData(verifier);
        assertTrue(metadata.getVerifiedSignatures().containsKey(signingKey));
    }

    @Test
    public void verifyNotBeforeT2DoesRejectInlineSignatureMadeAtT1() throws PGPException, IOException {
        ConsumerOptions options = new ConsumerOptions()
                .verifyNotBefore(T2)
                .addVerificationCert(certificate);
        DecryptionStream verifier = PGPainless.decryptAndOrVerify()
                .onInputStream(new ByteArrayInputStream(inlineSigned))
                .withOptions(options);
        OpenPgpMetadata metadata = processSignedData(verifier);
        assertFalse(metadata.getVerifiedSignatures().containsKey(signingKey));
    }

    @Test
    public void verifyNotBeforeT2DoesRejectDetachedSigMadeAtT1() throws PGPException, IOException {
        ConsumerOptions options = new ConsumerOptions()
                .verifyNotBefore(T2)
                .addVerificationCert(certificate)
                .addVerificationOfDetachedSignatures(new ByteArrayInputStream(detachedSignature));
        DecryptionStream verifier = PGPainless.decryptAndOrVerify()
                .onInputStream(new ByteArrayInputStream(data))
                .withOptions(options);
        OpenPgpMetadata metadata = processSignedData(verifier);
        assertFalse(metadata.getVerifiedSignatures().containsKey(signingKey));
    }

    @Test
    public void verifyNotAfterT1DoesNotRejectInlineSigMadeAtT1() throws PGPException, IOException {
        ConsumerOptions options = new ConsumerOptions()
                .verifyNotAfter(T1)
                .addVerificationCert(certificate);
        DecryptionStream verifier = PGPainless.decryptAndOrVerify()
                .onInputStream(new ByteArrayInputStream(inlineSigned))
                .withOptions(options);
        OpenPgpMetadata metadata = processSignedData(verifier);
        assertTrue(metadata.getVerifiedSignatures().containsKey(signingKey));
    }

    @Test
    public void verifyNotAfterT1DoesRejectDetachedSigMadeAtT1() throws PGPException, IOException {
        ConsumerOptions options = new ConsumerOptions()
                .verifyNotAfter(T1)
                .addVerificationCert(certificate)
                .addVerificationOfDetachedSignatures(new ByteArrayInputStream(detachedSignature));
        DecryptionStream verifier = PGPainless.decryptAndOrVerify()
                .onInputStream(new ByteArrayInputStream(data))
                .withOptions(options);
        OpenPgpMetadata metadata = processSignedData(verifier);
        assertTrue(metadata.getVerifiedSignatures().containsKey(signingKey));
    }

    @Test
    public void verifyNotAfterT0DoesRejectInlineSigMadeAtT1() throws PGPException, IOException {
        ConsumerOptions options = new ConsumerOptions()
                .verifyNotAfter(T0)
                .addVerificationCert(certificate);
        DecryptionStream verifier = PGPainless.decryptAndOrVerify()
                .onInputStream(new ByteArrayInputStream(inlineSigned))
                .withOptions(options);
        OpenPgpMetadata metadata = processSignedData(verifier);
        assertFalse(metadata.getVerifiedSignatures().containsKey(signingKey));
    }

    @Test
    public void verifyNotAfterT0DoesRejectDetachedSigMadeAtT1() throws PGPException, IOException {
        ConsumerOptions options = new ConsumerOptions()
                .verifyNotAfter(T0)
                .addVerificationCert(certificate)
                .addVerificationOfDetachedSignatures(new ByteArrayInputStream(detachedSignature));
        DecryptionStream verifier = PGPainless.decryptAndOrVerify()
                .onInputStream(new ByteArrayInputStream(data))
                .withOptions(options);
        OpenPgpMetadata metadata = processSignedData(verifier);
        assertFalse(metadata.getVerifiedSignatures().containsKey(signingKey));
    }

    private OpenPgpMetadata processSignedData(DecryptionStream verifier) throws IOException {
        Streams.drain(verifier);
        verifier.close();
        return verifier.getResult();
    }
}