2023-01-09 19:48:25 +01:00
|
|
|
// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
|
|
|
|
//
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
|
|
package sop.external;
|
|
|
|
|
|
|
|
import org.junit.jupiter.api.Test;
|
|
|
|
import org.junit.jupiter.api.condition.EnabledIf;
|
2023-01-12 14:40:00 +01:00
|
|
|
import sop.ByteArrayAndResult;
|
|
|
|
import sop.DecryptionResult;
|
|
|
|
import sop.Verification;
|
2023-01-13 18:50:19 +01:00
|
|
|
import sop.enums.EncryptAs;
|
2023-01-13 17:54:37 +01:00
|
|
|
import sop.exception.SOPGPException;
|
|
|
|
import sop.util.UTCUtil;
|
2023-01-09 19:48:25 +01:00
|
|
|
|
|
|
|
import java.io.IOException;
|
|
|
|
import java.nio.charset.StandardCharsets;
|
2023-01-13 17:54:37 +01:00
|
|
|
import java.util.Date;
|
2023-01-12 14:40:00 +01:00
|
|
|
import java.util.List;
|
2023-01-09 19:48:25 +01:00
|
|
|
|
|
|
|
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
2023-01-12 14:40:00 +01:00
|
|
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
2023-01-12 16:55:47 +01:00
|
|
|
import static org.junit.jupiter.api.Assertions.assertFalse;
|
2023-01-12 14:40:00 +01:00
|
|
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
2023-01-13 17:54:37 +01:00
|
|
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
2023-01-12 14:40:00 +01:00
|
|
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
2023-01-09 19:48:25 +01:00
|
|
|
|
|
|
|
@EnabledIf("sop.external.AbstractExternalSOPTest#isExternalSopInstalled")
|
2023-01-12 16:55:47 +01:00
|
|
|
public class ExternalEncryptDecryptRoundTripTest extends AbstractExternalSOPTest {
|
2023-01-09 19:48:25 +01:00
|
|
|
|
|
|
|
@Test
|
2023-01-12 14:40:00 +01:00
|
|
|
public void encryptDecryptRoundTripPasswordTest() throws IOException {
|
2023-01-21 21:17:57 +01:00
|
|
|
byte[] message = TestData.PLAINTEXT.getBytes(StandardCharsets.UTF_8);
|
2023-01-09 19:48:25 +01:00
|
|
|
byte[] ciphertext = getSop().encrypt()
|
2023-01-12 14:40:00 +01:00
|
|
|
.withPassword("sw0rdf1sh")
|
2023-01-09 19:48:25 +01:00
|
|
|
.plaintext(message)
|
|
|
|
.getBytes();
|
|
|
|
|
|
|
|
byte[] plaintext = getSop().decrypt()
|
2023-01-12 14:40:00 +01:00
|
|
|
.withPassword("sw0rdf1sh")
|
2023-01-09 19:48:25 +01:00
|
|
|
.ciphertext(ciphertext)
|
|
|
|
.toByteArrayAndResult()
|
|
|
|
.getBytes();
|
|
|
|
|
|
|
|
assertArrayEquals(message, plaintext);
|
|
|
|
}
|
|
|
|
|
2023-01-12 14:40:00 +01:00
|
|
|
@Test
|
|
|
|
public void encryptDecryptRoundTripAliceTest() throws IOException {
|
2023-01-21 21:17:57 +01:00
|
|
|
byte[] message = TestData.PLAINTEXT.getBytes(StandardCharsets.UTF_8);
|
2023-01-12 14:40:00 +01:00
|
|
|
byte[] ciphertext = getSop().encrypt()
|
2023-01-21 20:31:49 +01:00
|
|
|
.withCert(TestData.ALICE_CERT.getBytes(StandardCharsets.UTF_8))
|
2023-01-12 14:40:00 +01:00
|
|
|
.plaintext(message)
|
|
|
|
.getBytes();
|
|
|
|
|
|
|
|
ByteArrayAndResult<DecryptionResult> bytesAndResult = getSop().decrypt()
|
2023-01-21 20:31:49 +01:00
|
|
|
.withKey(TestData.ALICE_KEY.getBytes(StandardCharsets.UTF_8))
|
2023-01-12 14:40:00 +01:00
|
|
|
.ciphertext(ciphertext)
|
|
|
|
.toByteArrayAndResult();
|
|
|
|
|
|
|
|
byte[] plaintext = bytesAndResult.getBytes();
|
|
|
|
assertArrayEquals(message, plaintext);
|
|
|
|
|
|
|
|
DecryptionResult result = bytesAndResult.getResult();
|
|
|
|
assertNotNull(result.getSessionKey().get());
|
|
|
|
}
|
|
|
|
|
2023-01-09 19:48:25 +01:00
|
|
|
@Test
|
|
|
|
public void encryptDecryptRoundTripBobTest() throws IOException {
|
2023-01-21 21:17:57 +01:00
|
|
|
byte[] message = TestData.PLAINTEXT.getBytes(StandardCharsets.UTF_8);
|
2023-01-09 19:48:25 +01:00
|
|
|
byte[] ciphertext = getSop().encrypt()
|
2023-01-21 20:31:49 +01:00
|
|
|
.withCert(TestData.BOB_CERT.getBytes(StandardCharsets.UTF_8))
|
2023-01-09 19:48:25 +01:00
|
|
|
.plaintext(message)
|
|
|
|
.getBytes();
|
|
|
|
|
|
|
|
byte[] plaintext = getSop().decrypt()
|
2023-01-21 20:31:49 +01:00
|
|
|
.withKey(TestData.BOB_KEY.getBytes(StandardCharsets.UTF_8))
|
2023-01-09 19:48:25 +01:00
|
|
|
.ciphertext(ciphertext)
|
|
|
|
.toByteArrayAndResult()
|
|
|
|
.getBytes();
|
|
|
|
|
|
|
|
assertArrayEquals(message, plaintext);
|
|
|
|
}
|
|
|
|
|
|
|
|
@Test
|
|
|
|
public void encryptDecryptRoundTripCarolTest() throws IOException {
|
|
|
|
ignoreIf("sqop", Is.geq, "0.0.0"); // sqop reports cert not encryption capable
|
|
|
|
|
2023-01-21 21:17:57 +01:00
|
|
|
byte[] message = TestData.PLAINTEXT.getBytes(StandardCharsets.UTF_8);
|
2023-01-09 19:48:25 +01:00
|
|
|
byte[] ciphertext = getSop().encrypt()
|
2023-01-21 20:31:49 +01:00
|
|
|
.withCert(TestData.CAROL_CERT.getBytes(StandardCharsets.UTF_8))
|
2023-01-09 19:48:25 +01:00
|
|
|
.plaintext(message)
|
|
|
|
.getBytes();
|
|
|
|
|
|
|
|
byte[] plaintext = getSop().decrypt()
|
2023-01-21 20:31:49 +01:00
|
|
|
.withKey(TestData.CAROL_KEY.getBytes(StandardCharsets.UTF_8))
|
2023-01-09 19:48:25 +01:00
|
|
|
.ciphertext(ciphertext)
|
|
|
|
.toByteArrayAndResult()
|
|
|
|
.getBytes();
|
|
|
|
|
|
|
|
assertArrayEquals(message, plaintext);
|
|
|
|
}
|
2023-01-12 14:40:00 +01:00
|
|
|
|
2023-01-13 18:50:19 +01:00
|
|
|
@Test
|
|
|
|
public void encryptNoArmorThenArmorThenDecryptRoundTrip() throws IOException {
|
|
|
|
ignoreIf("sqop", Is.leq, "0.26.1"); // Invalid data type
|
|
|
|
|
2023-01-21 21:17:57 +01:00
|
|
|
byte[] message = TestData.PLAINTEXT.getBytes(StandardCharsets.UTF_8);
|
2023-01-13 18:50:19 +01:00
|
|
|
byte[] ciphertext = getSop().encrypt()
|
2023-01-21 20:31:49 +01:00
|
|
|
.withCert(TestData.ALICE_CERT.getBytes(StandardCharsets.UTF_8))
|
2023-01-13 18:50:19 +01:00
|
|
|
.noArmor()
|
|
|
|
.plaintext(message)
|
|
|
|
.getBytes();
|
|
|
|
|
|
|
|
byte[] armored = getSop().armor()
|
|
|
|
.data(ciphertext)
|
|
|
|
.getBytes();
|
|
|
|
|
|
|
|
ByteArrayAndResult<DecryptionResult> bytesAndResult = getSop().decrypt()
|
2023-01-21 20:31:49 +01:00
|
|
|
.withKey(TestData.ALICE_KEY.getBytes(StandardCharsets.UTF_8))
|
2023-01-13 18:50:19 +01:00
|
|
|
.ciphertext(armored)
|
|
|
|
.toByteArrayAndResult();
|
|
|
|
|
|
|
|
byte[] plaintext = bytesAndResult.getBytes();
|
|
|
|
assertArrayEquals(message, plaintext);
|
|
|
|
}
|
|
|
|
|
2023-01-12 14:40:00 +01:00
|
|
|
@Test
|
|
|
|
public void encryptSignDecryptVerifyRoundTripAliceTest() throws IOException {
|
2023-01-21 21:17:57 +01:00
|
|
|
byte[] message = TestData.PLAINTEXT.getBytes(StandardCharsets.UTF_8);
|
2023-01-12 14:40:00 +01:00
|
|
|
byte[] ciphertext = getSop().encrypt()
|
2023-01-21 20:31:49 +01:00
|
|
|
.withCert(TestData.ALICE_CERT.getBytes(StandardCharsets.UTF_8))
|
|
|
|
.signWith(TestData.ALICE_KEY.getBytes(StandardCharsets.UTF_8))
|
2023-01-12 14:40:00 +01:00
|
|
|
.plaintext(message)
|
|
|
|
.getBytes();
|
|
|
|
|
|
|
|
ByteArrayAndResult<DecryptionResult> bytesAndResult = getSop().decrypt()
|
2023-01-21 20:31:49 +01:00
|
|
|
.withKey(TestData.ALICE_KEY.getBytes(StandardCharsets.UTF_8))
|
|
|
|
.verifyWithCert(TestData.ALICE_CERT.getBytes(StandardCharsets.UTF_8))
|
2023-01-12 14:40:00 +01:00
|
|
|
.ciphertext(ciphertext)
|
|
|
|
.toByteArrayAndResult();
|
|
|
|
|
|
|
|
byte[] plaintext = bytesAndResult.getBytes();
|
|
|
|
assertArrayEquals(message, plaintext);
|
|
|
|
|
|
|
|
DecryptionResult result = bytesAndResult.getResult();
|
|
|
|
assertNotNull(result.getSessionKey().get());
|
|
|
|
List<Verification> verificationList = result.getVerifications();
|
|
|
|
assertEquals(1, verificationList.size());
|
|
|
|
assertTrue(verificationList.get(0).toString().contains("EB85BB5FA33A75E15E944E63F231550C4F47E38E EB85BB5FA33A75E15E944E63F231550C4F47E38E"));
|
|
|
|
}
|
2023-01-12 16:55:47 +01:00
|
|
|
|
2023-01-13 18:50:19 +01:00
|
|
|
@Test
|
|
|
|
public void encryptSignAsTextDecryptVerifyRoundTripAliceTest() throws IOException {
|
2023-01-21 21:17:57 +01:00
|
|
|
byte[] message = TestData.PLAINTEXT.getBytes(StandardCharsets.UTF_8);
|
2023-01-13 18:50:19 +01:00
|
|
|
byte[] ciphertext = getSop().encrypt()
|
2023-01-21 20:31:49 +01:00
|
|
|
.withCert(TestData.ALICE_CERT.getBytes(StandardCharsets.UTF_8))
|
|
|
|
.signWith(TestData.ALICE_KEY.getBytes(StandardCharsets.UTF_8))
|
2023-01-13 18:50:19 +01:00
|
|
|
.mode(EncryptAs.Text)
|
|
|
|
.plaintext(message)
|
|
|
|
.getBytes();
|
|
|
|
|
|
|
|
ByteArrayAndResult<DecryptionResult> bytesAndResult = getSop().decrypt()
|
2023-01-21 20:31:49 +01:00
|
|
|
.withKey(TestData.ALICE_KEY.getBytes(StandardCharsets.UTF_8))
|
|
|
|
.verifyWithCert(TestData.ALICE_CERT.getBytes(StandardCharsets.UTF_8))
|
2023-01-13 18:50:19 +01:00
|
|
|
.ciphertext(ciphertext)
|
|
|
|
.toByteArrayAndResult();
|
|
|
|
|
|
|
|
byte[] plaintext = bytesAndResult.getBytes();
|
|
|
|
assertArrayEquals(message, plaintext);
|
|
|
|
|
|
|
|
DecryptionResult result = bytesAndResult.getResult();
|
|
|
|
assertNotNull(result.getSessionKey().get());
|
|
|
|
List<Verification> verificationList = result.getVerifications();
|
|
|
|
assertEquals(1, verificationList.size());
|
|
|
|
assertTrue(verificationList.get(0).toString().contains("EB85BB5FA33A75E15E944E63F231550C4F47E38E EB85BB5FA33A75E15E944E63F231550C4F47E38E"));
|
|
|
|
}
|
|
|
|
|
2023-01-12 16:55:47 +01:00
|
|
|
@Test
|
|
|
|
public void encryptSignDecryptVerifyRoundTripWithFreshEncryptedKeyTest() throws IOException {
|
2023-01-13 18:50:19 +01:00
|
|
|
ignoreIf("sqop", Is.leq, "0.26.1");
|
|
|
|
|
2023-01-12 16:55:47 +01:00
|
|
|
byte[] keyPassword = "sw0rdf1sh".getBytes(StandardCharsets.UTF_8);
|
|
|
|
byte[] key = getSop().generateKey()
|
|
|
|
.withKeyPassword(keyPassword)
|
|
|
|
.userId("Alice <alice@openpgp.org>")
|
|
|
|
.generate()
|
|
|
|
.getBytes();
|
|
|
|
byte[] cert = getSop().extractCert()
|
|
|
|
.key(key)
|
|
|
|
.getBytes();
|
|
|
|
|
|
|
|
byte[] message = "Hello, World!\n".getBytes(StandardCharsets.UTF_8);
|
|
|
|
byte[] ciphertext = getSop().encrypt()
|
|
|
|
.withCert(cert)
|
|
|
|
.signWith(key)
|
|
|
|
.withKeyPassword(keyPassword)
|
|
|
|
.plaintext(message)
|
|
|
|
.getBytes();
|
|
|
|
|
|
|
|
ByteArrayAndResult<DecryptionResult> bytesAndResult = getSop().decrypt()
|
|
|
|
.withKey(key)
|
|
|
|
.withKeyPassword(keyPassword)
|
|
|
|
.verifyWithCert(cert)
|
|
|
|
.ciphertext(ciphertext)
|
|
|
|
.toByteArrayAndResult();
|
|
|
|
|
|
|
|
assertFalse(bytesAndResult.getResult().getVerifications().isEmpty());
|
|
|
|
assertArrayEquals(message, bytesAndResult.getBytes());
|
|
|
|
}
|
2023-01-13 17:54:37 +01:00
|
|
|
|
|
|
|
@Test
|
|
|
|
public void decryptVerifyNotAfterTest() {
|
|
|
|
ignoreIf("PGPainless-SOP", Is.le, "1.4.2"); // does not recognize --verify-not-after
|
|
|
|
ignoreIf("sqop", Is.leq, "0.27.2"); // does not throw NoSignature
|
|
|
|
|
|
|
|
byte[] message = ("-----BEGIN PGP MESSAGE-----\n" +
|
|
|
|
"\n" +
|
|
|
|
"wV4DR2b2udXyHrYSAQdAwlOwwyxFDJta5+H9abgSj8jum9v7etUc9usdrElESmow\n" +
|
|
|
|
"2Hka48AFVfOezYh0OFn9R8+DMcpuE+e4nw3XnnX5nKs/j3AC2IW6zRHUkRcF3ZCq\n" +
|
|
|
|
"0sBNAfjnTYCMjuBmqdcCLzaZT4Hadnpg6neP1UecT/jP14maGfv8nwt0IDGR0Bik\n" +
|
|
|
|
"0WC/UJLpWyJ/6TgRrA5hNfANVnfiFBzIiThiVBRWPT2StHr2cOAvFxQK4Uk07rK9\n" +
|
|
|
|
"9aTUak8FpML+QA83U8I3qOk4QbzGVBP+IDJ+AKmvDz+0V+9kUhKp+8vyXsBmo9c3\n" +
|
|
|
|
"SAXjhFSiPQkU7ORsc6gQHL9+KPOU+W2poPK87H3cmaGiusnXMeLXLIUbkBUJTswd\n" +
|
|
|
|
"JNrA2yAkTTFP9QabsdcdTGoeYamq1c29kHF3GOTTcEqXw4WWXngcF7Kbcf435kkL\n" +
|
|
|
|
"4iSJnCaxTPftKUxmiGqMqLef7ICVnq/lz3HrH1VD54s=\n" +
|
|
|
|
"=Ebi3\n" +
|
|
|
|
"-----END PGP MESSAGE-----").getBytes(StandardCharsets.UTF_8);
|
|
|
|
Date signatureDate = UTCUtil.parseUTCDate("2023-01-13T16:09:32Z");
|
|
|
|
|
|
|
|
Date beforeSignature = new Date(signatureDate.getTime() - 1000); // 1 sec before signing date
|
|
|
|
|
|
|
|
assertThrows(SOPGPException.NoSignature.class, () -> {
|
|
|
|
ByteArrayAndResult<DecryptionResult> bytesAndResult = getSop().decrypt()
|
2023-01-21 20:31:49 +01:00
|
|
|
.withKey(TestData.ALICE_KEY.getBytes(StandardCharsets.UTF_8))
|
|
|
|
.verifyWithCert(TestData.ALICE_CERT.getBytes(StandardCharsets.UTF_8))
|
2023-01-13 17:54:37 +01:00
|
|
|
.verifyNotAfter(beforeSignature)
|
|
|
|
.ciphertext(message)
|
|
|
|
.toByteArrayAndResult();
|
|
|
|
|
|
|
|
if (bytesAndResult.getResult().getVerifications().isEmpty()) {
|
|
|
|
throw new SOPGPException.NoSignature("No verifiable signature found.");
|
|
|
|
}
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
@Test
|
|
|
|
public void decryptVerifyNotBeforeTest() {
|
|
|
|
ignoreIf("PGPainless-SOP", Is.le, "1.4.2"); // does not recognize --verify-not-after
|
|
|
|
ignoreIf("sqop", Is.leq, "0.27.2"); // does not throw NoSignature
|
|
|
|
|
|
|
|
byte[] message = ("-----BEGIN PGP MESSAGE-----\n" +
|
|
|
|
"\n" +
|
|
|
|
"wV4DR2b2udXyHrYSAQdAwlOwwyxFDJta5+H9abgSj8jum9v7etUc9usdrElESmow\n" +
|
|
|
|
"2Hka48AFVfOezYh0OFn9R8+DMcpuE+e4nw3XnnX5nKs/j3AC2IW6zRHUkRcF3ZCq\n" +
|
|
|
|
"0sBNAfjnTYCMjuBmqdcCLzaZT4Hadnpg6neP1UecT/jP14maGfv8nwt0IDGR0Bik\n" +
|
|
|
|
"0WC/UJLpWyJ/6TgRrA5hNfANVnfiFBzIiThiVBRWPT2StHr2cOAvFxQK4Uk07rK9\n" +
|
|
|
|
"9aTUak8FpML+QA83U8I3qOk4QbzGVBP+IDJ+AKmvDz+0V+9kUhKp+8vyXsBmo9c3\n" +
|
|
|
|
"SAXjhFSiPQkU7ORsc6gQHL9+KPOU+W2poPK87H3cmaGiusnXMeLXLIUbkBUJTswd\n" +
|
|
|
|
"JNrA2yAkTTFP9QabsdcdTGoeYamq1c29kHF3GOTTcEqXw4WWXngcF7Kbcf435kkL\n" +
|
|
|
|
"4iSJnCaxTPftKUxmiGqMqLef7ICVnq/lz3HrH1VD54s=\n" +
|
|
|
|
"=Ebi3\n" +
|
|
|
|
"-----END PGP MESSAGE-----").getBytes(StandardCharsets.UTF_8);
|
|
|
|
Date signatureDate = UTCUtil.parseUTCDate("2023-01-13T16:09:32Z");
|
|
|
|
|
|
|
|
Date afterSignature = new Date(signatureDate.getTime() + 1000); // 1 sec after signing date
|
|
|
|
|
|
|
|
assertThrows(SOPGPException.NoSignature.class, () -> {
|
|
|
|
ByteArrayAndResult<DecryptionResult> bytesAndResult = getSop().decrypt()
|
2023-01-21 20:31:49 +01:00
|
|
|
.withKey(TestData.ALICE_KEY.getBytes(StandardCharsets.UTF_8))
|
|
|
|
.verifyWithCert(TestData.ALICE_CERT.getBytes(StandardCharsets.UTF_8))
|
2023-01-13 17:54:37 +01:00
|
|
|
.verifyNotBefore(afterSignature)
|
|
|
|
.ciphertext(message)
|
|
|
|
.toByteArrayAndResult();
|
|
|
|
|
|
|
|
if (bytesAndResult.getResult().getVerifications().isEmpty()) {
|
|
|
|
throw new SOPGPException.NoSignature("No verifiable signature found.");
|
|
|
|
}
|
|
|
|
});
|
|
|
|
}
|
2023-01-21 21:17:57 +01:00
|
|
|
|
|
|
|
@Test
|
|
|
|
public void missingArgsTest() throws IOException {
|
2023-01-22 15:07:17 +01:00
|
|
|
ignoreIf("sqop", Is.leq, "0.27.3");
|
2023-01-21 21:17:57 +01:00
|
|
|
byte[] message = TestData.PLAINTEXT.getBytes(StandardCharsets.UTF_8);
|
|
|
|
|
|
|
|
assertThrows(SOPGPException.MissingArg.class, () -> getSop().encrypt()
|
|
|
|
.plaintext(message)
|
|
|
|
.getBytes());
|
|
|
|
}
|
2023-01-09 19:48:25 +01:00
|
|
|
}
|