PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-12-05 03:41:07 +01:00
Code Issues Releases Wiki Activity

Add test demonstrating how to verify sigs made in the future

Browse source
This commit is contained in:
Paul Schaub 2025-10-22 12:52:58 +02:00
parent 3fc5669e56
commit 3f7b4920f4
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
1 changed files with 50 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

50
pgpainless-core/src/test/java/investigations/SignMessageWithCreationTimeOffsetTest.java
View file

@ -27,6 +27,7 @@ import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class SignMessageWithCreationTimeOffsetTest {
@ -74,4 +75,53 @@ public class SignMessageWithCreationTimeOffsetTest {
MessageMetadata metadata = decIn.getMetadata();
assertTrue(metadata.isVerifiedSignedBy(key.toCertificate()));
}
@Test
public void testSignMessageInFuture() throws PGPException, IOException {
PGPainless api = PGPainless.getInstance();
Date now = new Date();
Date inOneHour = new Date(now.getTime() + 1000 * 60 * 60);
OpenPGPKey key = api.generateKey().modernKeyRing("Alice <alice@pgpainless.org>");
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
EncryptionStream encOut = api.generateMessage()
.onOutputStream(bOut)
.withOptions(ProducerOptions.sign(SigningOptions.get()
.addInlineSignature(SecretKeyRingProtector.unprotectedKeys(), key, null, DocumentSignatureType.BINARY_DOCUMENT, new BaseSignatureSubpackets.Callback() {
@Override
public void modifyHashedSubpackets(@NotNull BaseSignatureSubpackets hashedSubpackets) {
hashedSubpackets.setSignatureCreationTime(inOneHour);
}
})));
encOut.write("Hello, World!\n".getBytes(StandardCharsets.UTF_8));
encOut.close();
ByteArrayInputStream bIn = new ByteArrayInputStream(bOut.toByteArray());
DecryptionStream decIn = api.processMessage()
.onInputStream(bIn)
.withOptions(ConsumerOptions.get()
.addVerificationCert(key.toCertificate()));
Streams.drain(decIn);
decIn.close();
MessageMetadata metadata = decIn.getMetadata();
assertFalse(metadata.isVerifiedSignedBy(key.toCertificate()));
// Try again, adjusting validity period
bIn = new ByteArrayInputStream(bOut.toByteArray());
decIn = api.processMessage()
.onInputStream(bIn)
.withOptions(ConsumerOptions.get()
.verifyNotAfter(inOneHour) // is set to 'now' by default, so to allow verifying future sigs, we need to adjust
.addVerificationCert(key.toCertificate()));
Streams.drain(decIn);
decIn.close();
metadata = decIn.getMetadata();
assertTrue(metadata.isVerifiedSignedBy(key.toCertificate()));
}
}