View Javadoc

1   package org.apache.commons.openpgp;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one or more
5    * contributor license agreements.  See the NOTICE file distributed with
6    * this work for additional information regarding copyright ownership.
7    * The ASF licenses this file to You under the Apache License, Version 2.0
8    * (the "License"); you may not use this file except in compliance with
9    * the License.  You may obtain a copy of the License at
10   *
11   *      http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing, software
14   * distributed under the License is distributed on an "AS IS" BASIS,
15   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16   * See the License for the specific language governing permissions and
17   * limitations under the License.
18   */
19  
20  import static org.junit.Assert.assertFalse;
21  import static org.junit.Assert.assertNotNull;
22  import static org.junit.Assert.assertTrue;
23  
24  import java.io.ByteArrayInputStream;
25  import java.io.ByteArrayOutputStream;
26  import java.io.IOException;
27  
28  import org.junit.Before;
29  import org.junit.Test;
30  
31  /**
32   * Test the open pgp signer.
33   *
34   * @author <a href="mailto:brett@apache.org">Brett Porter</a>
35   * @todo test text input as well as binary - apparently it fails cross platform
36   */
37  public class BouncyCastleOpenPgpSignerTest
38  {
39      private OpenPgpSigner signer = new BouncyCastleOpenPgpSigner();
40  
41      private OpenPgpSignatureVerifier verifier = new BouncyCastleOpenPgpSignatureVerifier();
42  
43      private String keyId = "A7D16BD4";
44  
45      private KeyRing keyRing;
46  
47      private static final String PASSWORD = "cop";
48  
49      @Before
50      public void setUp()
51          throws Exception
52      {
53          keyRing =
54              new BouncyCastleKeyRing( getClass().getResourceAsStream( "/secring.gpg" ),
55                                       getClass().getResourceAsStream( "/pubring.gpg" ), PASSWORD.toCharArray() );
56      }
57  
58      @Test
59      public void testSignDataDetachedBinary()
60          throws OpenPgpException, IOException
61      {
62          ByteArrayOutputStream signature = new ByteArrayOutputStream();
63          signer.detachedSign( getClass().getResourceAsStream( "/test-input" ), signature, keyId, keyRing, false );
64  
65          SignatureStatus status =
66              verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
67                                                new ByteArrayInputStream( signature.toByteArray() ), keyRing );
68          assertNotNull( "check we got a status", status );
69          assertTrue( "check it was successful", status.isValid() );
70      }
71  
72      @Test
73      public void testVerifySignatureDetachedBinary()
74          throws IOException, OpenPgpException
75      {
76          SignatureStatus status =
77              verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
78                                                getClass().getResourceAsStream( "/test-input.bpg" ), keyRing );
79  
80          assertNotNull( "check we got a status", status );
81          assertTrue( "check it was successful", status.isValid() );
82      }
83  
84      @Test
85      public void testVerifySignatureDetachedBinaryGpg()
86          throws IOException, OpenPgpException
87      {
88          SignatureStatus status =
89              verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
90                                                getClass().getResourceAsStream( "/test-input.sig" ), keyRing );
91  
92          assertNotNull( "check we got a status", status );
93          assertTrue( "check it was successful", status.isValid() );
94      }
95  
96      @Test
97      public void testSignDataDetachedAscii()
98          throws OpenPgpException, IOException
99      {
100         ByteArrayOutputStream signature = new ByteArrayOutputStream();
101         signer.detachedSign( getClass().getResourceAsStream( "/test-input" ), signature, keyId, keyRing, true );
102 
103         SignatureStatus status =
104             verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
105                                               new ByteArrayInputStream( signature.toByteArray() ), keyRing );
106         assertNotNull( "check we got a status", status );
107         assertTrue( "check it was successful", status.isValid() );
108     }
109 
110     @Test
111     public void testVerifySignatureDetachedAscii()
112         throws IOException, OpenPgpException
113     {
114         SignatureStatus status =
115             verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
116                                               getClass().getResourceAsStream( "/test-input.asc" ), keyRing );
117 
118         assertNotNull( "check we got a status", status );
119         assertTrue( "check it was successful", status.isValid() );
120     }
121 
122     @Test
123     public void testVerifyMultipleSignatureDetachedAsciiBothGood()
124         throws IOException, OpenPgpException
125     {
126         SignatureStatus status =
127             verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
128                                               getClass().getResourceAsStream( "/test-input-both-good.asc" ), keyRing );
129 
130         assertNotNull( "check we got a status", status );
131         assertTrue( "check it was successful", status.isValid() );
132     }
133 
134     @Test
135     public void testVerifyMultipleSignatureDetachedAsciiOneGoodOneBad()
136         throws IOException, OpenPgpException
137     {
138         SignatureStatus status =
139             verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
140                                               getClass().getResourceAsStream( "/test-input-one-good-one-bad.asc" ),
141                                               keyRing );
142 
143         assertNotNull( "check we got a status", status );
144         assertTrue( "check it was successful", status.isValid() );
145     }
146 
147     @Test
148     public void testVerifyMultipleSignatureDetachedAsciiOneGoodOneMissing()
149         throws IOException, OpenPgpException
150     {
151         SignatureStatus status =
152             verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
153                                               getClass().getResourceAsStream( "/test-input-one-good-one-missing.asc" ),
154                                               keyRing );
155 
156         assertNotNull( "check we got a status", status );
157         assertTrue( "check it was successful", status.isValid() );
158     }
159 
160     @Test
161     public void testVerifyMultipleSignatureDetachedAsciiOneBadOneGood()
162         throws IOException, OpenPgpException
163     {
164         SignatureStatus status =
165             verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
166                                               getClass().getResourceAsStream( "/test-input-one-bad-one-good.asc" ),
167                                               keyRing );
168 
169         assertNotNull( "check we got a status", status );
170         assertFalse( "check it was not successful", status.isValid() );
171     }
172 /* Requires Bouncycastle 140 to work
173     public void testVerifyMultipleSignatureDetachedAsciiOneMissingOneGood()
174         throws IOException, OpenPgpException
175     {
176         SignatureStatus status =
177             verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
178                                               getClass().getResourceAsStream( "/test-input-one-missing-one-good.asc" ),
179                                               keyRing );
180 
181         assertNotNull( "check we got a status", status );
182         assertTrue( "check it was successful", status.isValid() );
183     }*/
184 
185     @Test( expected = UnknownKeyException.class )
186     public void testVerifyMultipleSignatureDetachedAsciiBothMissing()
187         throws IOException, OpenPgpException
188     {
189         verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
190                                               getClass().getResourceAsStream( "/test-input-both-missing.asc" ), keyRing );
191     }
192 
193     @Test
194     public void testVerifyDualSignatureDetachedAsciiBothGood()
195         throws IOException, OpenPgpException
196     {
197         SignatureStatus status =
198             verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
199                                               getClass().getResourceAsStream( "/test-input-dual-both-good.asc" ), keyRing );
200 
201         assertNotNull( "check we got a status", status );
202         assertTrue( "check it was successful", status.isValid() );
203     }
204 
205     @Test
206     public void testVerifyDualSignatureDetachedAsciiOneGoodOneMissing()
207         throws IOException, OpenPgpException
208     {
209         SignatureStatus status =
210             verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
211                                               getClass().getResourceAsStream( "/test-input-dual-one-good-one-missing.asc" ),
212                                               keyRing );
213 
214         assertNotNull( "check we got a status", status );
215         assertTrue( "check it was successful", status.isValid() );
216     }
217 
218     @Test
219     public void testVerifyDualSignatureDetachedAsciiBad()
220         throws IOException, OpenPgpException
221     {
222         SignatureStatus status =
223             verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
224                                               getClass().getResourceAsStream( "/test-input-dual-bad.asc" ),
225                                               keyRing );
226 
227         assertNotNull( "check we got a status", status );
228         assertFalse( "check it was not successful", status.isValid() );
229     }
230 
231     @Test
232     public void testVerifyDualSignatureDetachedAsciiOneMissingOneGood()
233         throws IOException, OpenPgpException
234     {
235         SignatureStatus status =
236             verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
237                                               getClass().getResourceAsStream( "/test-input-dual-one-missing-one-good.asc" ),
238                                               keyRing );
239 
240         assertNotNull( "check we got a status", status );
241         assertTrue( "check it was successful", status.isValid() );
242     }
243 
244     @Test( expected = UnknownKeyException.class )
245     public void testVerifyDualSignatureDetachedAsciiBothMissing()
246         throws IOException, OpenPgpException
247     {
248         verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
249                                           getClass().getResourceAsStream( "/test-input-dual-both-missing.asc" ), keyRing );
250     }
251 }