PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-09-10 18:59:39 +02:00
Code Issues Releases Wiki Activity

SOP: Add convenience methods to deal with byte arrays

Browse source
This commit is contained in:
Paul Schaub 2021-10-10 16:34:17 +02:00
parent 32f3f0246e
commit 15736586dd
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
25 changed files with 451 additions and 128 deletions
Download patch file Download diff file Expand all files Collapse all files

5
pgpainless-sop/src/test/java/org/pgpainless/sop/ArmorTest.java
View file

@ -7,7 +7,6 @@ package org.pgpainless.sop;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
@ -33,13 +32,13 @@ public class ArmorTest {
byte[] knownGoodArmor = ArmorUtils.toAsciiArmoredString(data).getBytes(StandardCharsets.UTF_8);
byte[] armored = new SOPImpl()
.armor()
.data(new ByteArrayInputStream(data))
.data(data)
.getBytes();
assertArrayEquals(knownGoodArmor, armored);
byte[] dearmored = new SOPImpl().dearmor()
.data(new ByteArrayInputStream(knownGoodArmor))
.data(knownGoodArmor)
.getBytes();
assertArrayEquals(data, dearmored);

78
pgpainless-sop/src/test/java/org/pgpainless/sop/DetachInbandSignatureAndMessageTest.java Normal file
View file

@ -0,0 +1,78 @@
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.sop;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.List;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.util.io.Streams;
import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.DocumentSignatureType;
import org.pgpainless.encryption_signing.EncryptionStream;
import org.pgpainless.encryption_signing.ProducerOptions;
import org.pgpainless.encryption_signing.SigningOptions;
import org.pgpainless.key.OpenPgpV4Fingerprint;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import sop.ByteArrayAndResult;
import sop.SOP;
import sop.Signatures;
import sop.Verification;
public class DetachInbandSignatureAndMessageTest {
@Test
public void testDetachingOfInbandSignaturesAndMessage() throws IOException, PGPException {
SOP sop = new SOPImpl();
byte[] key = sop.generateKey()
.userId("Alice <alice@pgpainless.org>")
.generate()
.getBytes();
byte[] cert = sop.extractCert().key(key).getBytes();
PGPSecretKeyRing secretKey = PGPainless.readKeyRing().secretKeyRing(key);
// Create a cleartext signed message
byte[] data = "Hello, World\n".getBytes(StandardCharsets.UTF_8);
ByteArrayOutputStream out = new ByteArrayOutputStream();
EncryptionStream signingStream = PGPainless.encryptAndOrSign()
.onOutputStream(out)
.withOptions(
ProducerOptions.sign(
SigningOptions.get()
.addDetachedSignature(SecretKeyRingProtector.unprotectedKeys(),
secretKey, DocumentSignatureType.BINARY_DOCUMENT)
).setCleartextSigned());
Streams.pipeAll(new ByteArrayInputStream(data), signingStream);
signingStream.close();
// actually detach the message
ByteArrayAndResult<Signatures> detachedMsg = sop.detachInbandSignatureAndMessage()
.message(out.toByteArray())
.toByteArrayAndResult();
byte[] message = detachedMsg.getBytes();
byte[] signature = detachedMsg.getResult().getBytes();
List<Verification> verificationList = sop.verify()
.cert(cert)
.signatures(signature)
.data(message);
assertFalse(verificationList.isEmpty());
assertEquals(1, verificationList.size());
assertEquals(new OpenPgpV4Fingerprint(secretKey).toString(), verificationList.get(0).getSigningCertFingerprint());
assertArrayEquals(data, message);
}
}

96
pgpainless-sop/src/test/java/org/pgpainless/sop/EncryptDecryptRoundTripTest.java
View file

@ -8,10 +8,11 @@ import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import org.bouncycastle.util.io.Streams;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import sop.ByteArrayAndResult;
@ -36,34 +37,35 @@ public class EncryptDecryptRoundTripTest {
.generate()
.getBytes();
aliceCert = sop.extractCert()
.key(new ByteArrayInputStream(aliceKey))
.key(aliceKey)
.getBytes();
bobKey = sop.generateKey()
.userId("Bob <bob@pgpainless.org>")
.generate()
.getBytes();
bobCert = sop.extractCert()
.key(new ByteArrayInputStream(bobKey))
.key(bobKey)
.getBytes();
}
@Test
public void basicRoundTripWithKey() throws IOException, SOPGPException.CertCannotSign {
byte[] encrypted = sop.encrypt()
.signWith(new ByteArrayInputStream(aliceKey))
.withCert(new ByteArrayInputStream(aliceCert))
.withCert(new ByteArrayInputStream(bobCert))
.plaintext(new ByteArrayInputStream(message))
.signWith(aliceKey)
.withCert(aliceCert)
.withCert(bobCert)
.plaintext(message)
.getBytes();
ByteArrayAndResult<DecryptionResult> bytesAndResult = sop.decrypt()
.withKey(new ByteArrayInputStream(bobKey))
.verifyWithCert(new ByteArrayInputStream(aliceCert))
.ciphertext(new ByteArrayInputStream(encrypted))
.toBytes();
.withKey(bobKey)
.verifyWithCert(aliceCert)
.ciphertext(encrypted)
.toByteArrayAndResult();
byte[] decrypted = bytesAndResult.getBytes();
assertArrayEquals(message, decrypted);
ByteArrayOutputStream decrypted = new ByteArrayOutputStream();
Streams.pipeAll(bytesAndResult.getInputStream(), decrypted);
assertArrayEquals(message, decrypted.toByteArray());
DecryptionResult result = bytesAndResult.getResult();
assertEquals(1, result.getVerifications().size());
@ -78,20 +80,20 @@ public class EncryptDecryptRoundTripTest {
.getBytes();
byte[] aliceCertNoArmor = sop.extractCert()
.noArmor()
.key(new ByteArrayInputStream(aliceKeyNoArmor))
.key(aliceKeyNoArmor)
.getBytes();
byte[] encrypted = sop.encrypt()
.signWith(new ByteArrayInputStream(aliceKeyNoArmor))
.withCert(new ByteArrayInputStream(aliceCertNoArmor))
.signWith(aliceKeyNoArmor)
.withCert(aliceCertNoArmor)
.noArmor()
.plaintext(new ByteArrayInputStream(message))
.plaintext(message)
.getBytes();
ByteArrayAndResult<DecryptionResult> bytesAndResult = sop.decrypt()
.withKey(new ByteArrayInputStream(aliceKeyNoArmor))
.verifyWithCert(new ByteArrayInputStream(aliceCertNoArmor))
.ciphertext(new ByteArrayInputStream(encrypted))
.toBytes();
.withKey(aliceKeyNoArmor)
.verifyWithCert(aliceCertNoArmor)
.ciphertext(encrypted)
.toByteArrayAndResult();
byte[] decrypted = bytesAndResult.getBytes();
assertArrayEquals(message, decrypted);
@ -104,13 +106,13 @@ public class EncryptDecryptRoundTripTest {
public void basicRoundTripWithPassword() throws IOException {
byte[] encrypted = sop.encrypt()
.withPassword("passphr4s3")
.plaintext(new ByteArrayInputStream(message))
.plaintext(message)
.getBytes();
ByteArrayAndResult<DecryptionResult> bytesAndResult = sop.decrypt()
.withPassword("passphr4s3")
.ciphertext(new ByteArrayInputStream(encrypted))
.toBytes();
.ciphertext(encrypted)
.toByteArrayAndResult();
byte[] decrypted = bytesAndResult.getBytes();
assertArrayEquals(message, decrypted);
@ -121,15 +123,15 @@ public class EncryptDecryptRoundTripTest {
@Test
public void roundTripWithDecryptionPasswordContainingWhitespace() throws IOException {
byte[] encrypted = sop.encrypt()
.withPassword("passphr4s3")
.plaintext(new ByteArrayInputStream(message))
.getBytes();
ByteArrayAndResult<DecryptionResult> bytesAndResult = sop.decrypt()
.withPassword("passphr4s3 ") // whitespace is removed
.ciphertext(new ByteArrayInputStream(encrypted))
.toBytes();
.ciphertext(
sop.encrypt()
.withPassword("passphr4s3")
.plaintext(message)
.getInputStream()
)
.toByteArrayAndResult();
byte[] decrypted = bytesAndResult.getBytes();
assertArrayEquals(message, decrypted);
@ -142,13 +144,13 @@ public class EncryptDecryptRoundTripTest {
public void roundTripWithEncryptionPasswordContainingWhitespace() throws IOException {
byte[] encrypted = sop.encrypt()
.withPassword("passphr4s3 ")
.plaintext(new ByteArrayInputStream(message))
.plaintext(message)
.getBytes();
ByteArrayAndResult<DecryptionResult> bytesAndResult = sop.decrypt()
.withPassword("passphr4s3 ")
.ciphertext(new ByteArrayInputStream(encrypted))
.toBytes();
.ciphertext(encrypted)
.toByteArrayAndResult();
byte[] decrypted = bytesAndResult.getBytes();
assertArrayEquals(message, decrypted);
@ -160,29 +162,29 @@ public class EncryptDecryptRoundTripTest {
@Test
public void encrypt_decryptAndVerifyYieldsNoSignatureException() throws IOException {
byte[] encrypted = sop.encrypt()
.withCert(new ByteArrayInputStream(bobCert))
.plaintext(new ByteArrayInputStream(message))
.withCert(bobCert)
.plaintext(message)
.getBytes();
assertThrows(SOPGPException.NoSignature.class, () -> sop
.decrypt()
.withKey(new ByteArrayInputStream(bobKey))
.verifyWithCert(new ByteArrayInputStream(aliceCert))
.ciphertext(new ByteArrayInputStream(encrypted))
.toBytes());
.withKey(bobKey)
.verifyWithCert(aliceCert)
.ciphertext(encrypted)
.toByteArrayAndResult());
}
@Test
public void encrypt_decryptWithoutKeyOrPassphraseYieldsMissingArgException() throws IOException {
byte[] encrypted = sop.encrypt()
.withCert(new ByteArrayInputStream(bobCert))
.plaintext(new ByteArrayInputStream(message))
.withCert(bobCert)
.plaintext(message)
.getBytes();
assertThrows(SOPGPException.MissingArg.class, () -> sop
.decrypt()
.ciphertext(new ByteArrayInputStream(encrypted))
.toBytes());
.ciphertext(encrypted)
.toByteArrayAndResult());
}
@Test
@ -192,7 +194,7 @@ public class EncryptDecryptRoundTripTest {
System.arraycopy(bobKey, 0, keys, aliceKey.length, bobKey.length);
assertThrows(SOPGPException.BadData.class, () -> sop.decrypt()
.withKey(new ByteArrayInputStream(keys)));
.withKey(keys));
}
@Test
@ -225,12 +227,12 @@ public class EncryptDecryptRoundTripTest {
"-----END PGP PRIVATE KEY BLOCK-----";
assertThrows(SOPGPException.KeyIsProtected.class, () -> sop.decrypt()
.withKey(new ByteArrayInputStream(passwordProtectedKey.getBytes(StandardCharsets.UTF_8))));
.withKey(passwordProtectedKey.getBytes(StandardCharsets.UTF_8)));
}
@Test
public void verifyWith_noDataThrowsBadData() {
assertThrows(SOPGPException.BadData.class, () -> sop.decrypt()
.verifyWithCert(new ByteArrayInputStream(new byte[0])));
.verifyWithCert(new byte[0]));
}
}

5
pgpainless-sop/src/test/java/org/pgpainless/sop/ExtractCertTest.java
View file

@ -7,7 +7,6 @@ package org.pgpainless.sop;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
@ -76,13 +75,13 @@ public class ExtractCertTest {
assertArrayEquals(
cert.getBytes(StandardCharsets.UTF_8),
sop.extractCert()
.key(new ByteArrayInputStream(key.getBytes(StandardCharsets.UTF_8)))
.key(key.getBytes(StandardCharsets.UTF_8))
.getBytes());
}
@Test
public void emptyKeyDataYieldsBadData() {
assertThrows(SOPGPException.BadData.class, () -> sop.extractCert()
.key(new ByteArrayInputStream(new byte[0])));
.key(new byte[0]));
}
}

53
pgpainless-sop/src/test/java/org/pgpainless/sop/SignTest.java
View file

@ -9,7 +9,6 @@ import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
@ -47,7 +46,7 @@ public class SignTest {
.generate()
.getBytes();
cert = sop.extractCert()
.key(new ByteArrayInputStream(key))
.key(key)
.getBytes();
data = "Hello, World\n".getBytes(StandardCharsets.UTF_8);
}
@ -55,18 +54,18 @@ public class SignTest {
@Test
public void signArmored() throws IOException {
byte[] signature = sop.sign()
.key(new ByteArrayInputStream(key))
.data(new ByteArrayInputStream(data))
.key(key)
.data(data)
.getBytes();
assertTrue(new String(signature).startsWith("-----BEGIN PGP SIGNATURE-----"));
List<Verification> verifications = sop.verify()
.cert(new ByteArrayInputStream(cert))
.cert(cert)
.notAfter(new Date(new Date().getTime() + 10000))
.notBefore(new Date(new Date().getTime() - 10000))
.signatures(new ByteArrayInputStream(signature))
.data(new ByteArrayInputStream(data));
.signatures(signature)
.data(data);
assertEquals(1, verifications.size());
}
@ -74,19 +73,19 @@ public class SignTest {
@Test
public void signUnarmored() throws IOException {
byte[] signature = sop.sign()
.key(new ByteArrayInputStream(key))
.key(key)
.noArmor()
.data(new ByteArrayInputStream(data))
.data(data)
.getBytes();
assertFalse(new String(signature).startsWith("-----BEGIN PGP SIGNATURE-----"));
List<Verification> verifications = sop.verify()
.cert(new ByteArrayInputStream(cert))
.cert(cert)
.notAfter(new Date(new Date().getTime() + 10000))
.notBefore(new Date(new Date().getTime() - 10000))
.signatures(new ByteArrayInputStream(signature))
.data(new ByteArrayInputStream(data));
.signatures(signature)
.data(data);
assertEquals(1, verifications.size());
}
@ -94,40 +93,40 @@ public class SignTest {
@Test
public void rejectSignatureAsTooOld() throws IOException {
byte[] signature = sop.sign()
.key(new ByteArrayInputStream(key))
.data(new ByteArrayInputStream(data))
.key(key)
.data(data)
.getBytes();
assertThrows(SOPGPException.NoSignature.class, () -> sop.verify()
.cert(new ByteArrayInputStream(cert))
.cert(cert)
.notAfter(new Date(new Date().getTime() - 10000)) // Sig is older
.signatures(new ByteArrayInputStream(signature))
.data(new ByteArrayInputStream(data)));
.signatures(signature)
.data(data));
}
@Test
public void rejectSignatureAsTooYoung() throws IOException {
byte[] signature = sop.sign()
.key(new ByteArrayInputStream(key))
.data(new ByteArrayInputStream(data))
.key(key)
.data(data)
.getBytes();
assertThrows(SOPGPException.NoSignature.class, () -> sop.verify()
.cert(new ByteArrayInputStream(cert))
.cert(cert)
.notBefore(new Date(new Date().getTime() + 10000)) // Sig is younger
.signatures(new ByteArrayInputStream(signature))
.data(new ByteArrayInputStream(data)));
.signatures(signature)
.data(data));
}
@Test
public void mode() throws IOException, PGPException {
byte[] signature = sop.sign()
.mode(SignAs.Text)
.key(new ByteArrayInputStream(key))
.data(new ByteArrayInputStream(data))
.key(key)
.data(data)
.getBytes();
PGPSignature sig = SignatureUtils.readSignatures(new ByteArrayInputStream(signature)).get(0);
PGPSignature sig = SignatureUtils.readSignatures(signature).get(0);
assertEquals(SignatureType.CANONICAL_TEXT_DOCUMENT.getCode(), sig.getSignatureType());
}
@ -138,7 +137,7 @@ public class SignTest {
PGPSecretKeyRingCollection collection = new PGPSecretKeyRingCollection(Arrays.asList(key1, key2));
byte[] keys = collection.getEncoded();
assertThrows(SOPGPException.BadData.class, () -> sop.sign().key(new ByteArrayInputStream(keys)));
assertThrows(SOPGPException.BadData.class, () -> sop.sign().key(keys));
}
@Test
@ -147,7 +146,7 @@ public class SignTest {
.modernKeyRing("Alice", "passphrase");
byte[] bytes = key.getEncoded();
assertThrows(SOPGPException.KeyIsProtected.class, () -> sop.sign().key(new ByteArrayInputStream(bytes)));
assertThrows(SOPGPException.KeyIsProtected.class, () -> sop.sign().key(bytes));
}
}