001 package org.apache.commons.openpgp;
002
003 /*
004 * Licensed to the Apache Software Foundation (ASF) under one or more
005 * contributor license agreements. See the NOTICE file distributed with
006 * this work for additional information regarding copyright ownership.
007 * The ASF licenses this file to You under the Apache License, Version 2.0
008 * (the "License"); you may not use this file except in compliance with
009 * the License. You may obtain a copy of the License at
010 *
011 * http://www.apache.org/licenses/LICENSE-2.0
012 *
013 * Unless required by applicable law or agreed to in writing, software
014 * distributed under the License is distributed on an "AS IS" BASIS,
015 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
016 * See the License for the specific language governing permissions and
017 * limitations under the License.
018 */
019
020 import static org.junit.Assert.assertFalse;
021 import static org.junit.Assert.assertNotNull;
022 import static org.junit.Assert.assertTrue;
023
024 import java.io.ByteArrayInputStream;
025 import java.io.ByteArrayOutputStream;
026 import java.io.IOException;
027
028 import org.junit.Before;
029 import org.junit.Test;
030
031 /**
032 * Test the open pgp signer.
033 *
034 * @author <a href="mailto:brett@apache.org">Brett Porter</a>
035 * @todo test text input as well as binary - apparently it fails cross platform
036 */
037 public class BouncyCastleOpenPgpSignerTest
038 {
039 private OpenPgpSigner signer = new BouncyCastleOpenPgpSigner();
040
041 private OpenPgpSignatureVerifier verifier = new BouncyCastleOpenPgpSignatureVerifier();
042
043 private String keyId = "A7D16BD4";
044
045 private KeyRing keyRing;
046
047 private static final String PASSWORD = "cop";
048
049 @Before
050 public void setUp()
051 throws Exception
052 {
053 keyRing =
054 new BouncyCastleKeyRing( getClass().getResourceAsStream( "/secring.gpg" ),
055 getClass().getResourceAsStream( "/pubring.gpg" ), PASSWORD.toCharArray() );
056 }
057
058 @Test
059 public void testSignDataDetachedBinary()
060 throws OpenPgpException, IOException
061 {
062 ByteArrayOutputStream signature = new ByteArrayOutputStream();
063 signer.detachedSign( getClass().getResourceAsStream( "/test-input" ), signature, keyId, keyRing, false );
064
065 SignatureStatus status =
066 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
067 new ByteArrayInputStream( signature.toByteArray() ), keyRing );
068 assertNotNull( "check we got a status", status );
069 assertTrue( "check it was successful", status.isValid() );
070 }
071
072 @Test
073 public void testVerifySignatureDetachedBinary()
074 throws IOException, OpenPgpException
075 {
076 SignatureStatus status =
077 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
078 getClass().getResourceAsStream( "/test-input.bpg" ), keyRing );
079
080 assertNotNull( "check we got a status", status );
081 assertTrue( "check it was successful", status.isValid() );
082 }
083
084 @Test
085 public void testVerifySignatureDetachedBinaryGpg()
086 throws IOException, OpenPgpException
087 {
088 SignatureStatus status =
089 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
090 getClass().getResourceAsStream( "/test-input.sig" ), keyRing );
091
092 assertNotNull( "check we got a status", status );
093 assertTrue( "check it was successful", status.isValid() );
094 }
095
096 @Test
097 public void testSignDataDetachedAscii()
098 throws OpenPgpException, IOException
099 {
100 ByteArrayOutputStream signature = new ByteArrayOutputStream();
101 signer.detachedSign( getClass().getResourceAsStream( "/test-input" ), signature, keyId, keyRing, true );
102
103 SignatureStatus status =
104 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
105 new ByteArrayInputStream( signature.toByteArray() ), keyRing );
106 assertNotNull( "check we got a status", status );
107 assertTrue( "check it was successful", status.isValid() );
108 }
109
110 @Test
111 public void testVerifySignatureDetachedAscii()
112 throws IOException, OpenPgpException
113 {
114 SignatureStatus status =
115 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
116 getClass().getResourceAsStream( "/test-input.asc" ), keyRing );
117
118 assertNotNull( "check we got a status", status );
119 assertTrue( "check it was successful", status.isValid() );
120 }
121
122 @Test
123 public void testVerifyMultipleSignatureDetachedAsciiBothGood()
124 throws IOException, OpenPgpException
125 {
126 SignatureStatus status =
127 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
128 getClass().getResourceAsStream( "/test-input-both-good.asc" ), keyRing );
129
130 assertNotNull( "check we got a status", status );
131 assertTrue( "check it was successful", status.isValid() );
132 }
133
134 @Test
135 public void testVerifyMultipleSignatureDetachedAsciiOneGoodOneBad()
136 throws IOException, OpenPgpException
137 {
138 SignatureStatus status =
139 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
140 getClass().getResourceAsStream( "/test-input-one-good-one-bad.asc" ),
141 keyRing );
142
143 assertNotNull( "check we got a status", status );
144 assertTrue( "check it was successful", status.isValid() );
145 }
146
147 @Test
148 public void testVerifyMultipleSignatureDetachedAsciiOneGoodOneMissing()
149 throws IOException, OpenPgpException
150 {
151 SignatureStatus status =
152 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
153 getClass().getResourceAsStream( "/test-input-one-good-one-missing.asc" ),
154 keyRing );
155
156 assertNotNull( "check we got a status", status );
157 assertTrue( "check it was successful", status.isValid() );
158 }
159
160 @Test
161 public void testVerifyMultipleSignatureDetachedAsciiOneBadOneGood()
162 throws IOException, OpenPgpException
163 {
164 SignatureStatus status =
165 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
166 getClass().getResourceAsStream( "/test-input-one-bad-one-good.asc" ),
167 keyRing );
168
169 assertNotNull( "check we got a status", status );
170 assertFalse( "check it was not successful", status.isValid() );
171 }
172 /* Requires Bouncycastle 140 to work
173 public void testVerifyMultipleSignatureDetachedAsciiOneMissingOneGood()
174 throws IOException, OpenPgpException
175 {
176 SignatureStatus status =
177 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
178 getClass().getResourceAsStream( "/test-input-one-missing-one-good.asc" ),
179 keyRing );
180
181 assertNotNull( "check we got a status", status );
182 assertTrue( "check it was successful", status.isValid() );
183 }*/
184
185 @Test( expected = UnknownKeyException.class )
186 public void testVerifyMultipleSignatureDetachedAsciiBothMissing()
187 throws IOException, OpenPgpException
188 {
189 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
190 getClass().getResourceAsStream( "/test-input-both-missing.asc" ), keyRing );
191 }
192
193 @Test
194 public void testVerifyDualSignatureDetachedAsciiBothGood()
195 throws IOException, OpenPgpException
196 {
197 SignatureStatus status =
198 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
199 getClass().getResourceAsStream( "/test-input-dual-both-good.asc" ), keyRing );
200
201 assertNotNull( "check we got a status", status );
202 assertTrue( "check it was successful", status.isValid() );
203 }
204
205 @Test
206 public void testVerifyDualSignatureDetachedAsciiOneGoodOneMissing()
207 throws IOException, OpenPgpException
208 {
209 SignatureStatus status =
210 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
211 getClass().getResourceAsStream( "/test-input-dual-one-good-one-missing.asc" ),
212 keyRing );
213
214 assertNotNull( "check we got a status", status );
215 assertTrue( "check it was successful", status.isValid() );
216 }
217
218 @Test
219 public void testVerifyDualSignatureDetachedAsciiBad()
220 throws IOException, OpenPgpException
221 {
222 SignatureStatus status =
223 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
224 getClass().getResourceAsStream( "/test-input-dual-bad.asc" ),
225 keyRing );
226
227 assertNotNull( "check we got a status", status );
228 assertFalse( "check it was not successful", status.isValid() );
229 }
230
231 @Test
232 public void testVerifyDualSignatureDetachedAsciiOneMissingOneGood()
233 throws IOException, OpenPgpException
234 {
235 SignatureStatus status =
236 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
237 getClass().getResourceAsStream( "/test-input-dual-one-missing-one-good.asc" ),
238 keyRing );
239
240 assertNotNull( "check we got a status", status );
241 assertTrue( "check it was successful", status.isValid() );
242 }
243
244 @Test( expected = UnknownKeyException.class )
245 public void testVerifyDualSignatureDetachedAsciiBothMissing()
246 throws IOException, OpenPgpException
247 {
248 verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
249 getClass().getResourceAsStream( "/test-input-dual-both-missing.asc" ), keyRing );
250 }
251 }