You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by br...@apache.org on 2008/07/10 06:16:53 UTC
svn commit: r675435 - in /commons/sandbox/openpgp/trunk: ./
src/main/java/org/apache/commons/openpgp/
src/test/java/org/apache/commons/openpgp/ src/test/resources/
Author: brett
Date: Wed Jul 9 21:16:51 2008
New Revision: 675435
URL: http://svn.apache.org/viewvc?rev=675435&view=rev
Log:
updating to work with ASCII armoured signatures, add more tests
Added:
commons/sandbox/openpgp/trunk/src/test/java/org/apache/commons/openpgp/BouncyCastleOpenPgpStreamingSignerTest.java (with props)
commons/sandbox/openpgp/trunk/src/test/resources/test-input.asc
- copied, changed from r675341, commons/sandbox/openpgp/trunk/src/test/resources/test-signature.asc
commons/sandbox/openpgp/trunk/src/test/resources/test-input.bpg
- copied unchanged from r675341, commons/sandbox/openpgp/trunk/src/test/resources/test-signature.bpg
commons/sandbox/openpgp/trunk/src/test/resources/test-input.sig (with props)
Removed:
commons/sandbox/openpgp/trunk/src/test/resources/test-signature.asc
commons/sandbox/openpgp/trunk/src/test/resources/test-signature.bpg
Modified:
commons/sandbox/openpgp/trunk/pom.xml
commons/sandbox/openpgp/trunk/src/main/java/org/apache/commons/openpgp/BouncyCastleOpenPgpSignatureVerifier.java
commons/sandbox/openpgp/trunk/src/main/java/org/apache/commons/openpgp/BouncyCastleOpenPgpStreamingSignatureVerifier.java
commons/sandbox/openpgp/trunk/src/main/java/org/apache/commons/openpgp/OpenPgpSignatureVerifier.java
commons/sandbox/openpgp/trunk/src/test/java/org/apache/commons/openpgp/BouncyCastleOpenPgpSignerTest.java
Modified: commons/sandbox/openpgp/trunk/pom.xml
URL: http://svn.apache.org/viewvc/commons/sandbox/openpgp/trunk/pom.xml?rev=675435&r1=675434&r2=675435&view=diff
==============================================================================
--- commons/sandbox/openpgp/trunk/pom.xml (original)
+++ commons/sandbox/openpgp/trunk/pom.xml Wed Jul 9 21:16:51 2008
@@ -28,13 +28,7 @@
<groupId>ant</groupId>
<artifactId>ant</artifactId>
<version>1.6.5</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>ant</groupId>
- <artifactId>ant-launcher</artifactId>
- <version>1.6.5</version>
- <scope>runtime</scope>
+ <scope>provided</scope>
</dependency>
</dependencies>
<build>
Modified: commons/sandbox/openpgp/trunk/src/main/java/org/apache/commons/openpgp/BouncyCastleOpenPgpSignatureVerifier.java
URL: http://svn.apache.org/viewvc/commons/sandbox/openpgp/trunk/src/main/java/org/apache/commons/openpgp/BouncyCastleOpenPgpSignatureVerifier.java?rev=675435&r1=675434&r2=675435&view=diff
==============================================================================
--- commons/sandbox/openpgp/trunk/src/main/java/org/apache/commons/openpgp/BouncyCastleOpenPgpSignatureVerifier.java (original)
+++ commons/sandbox/openpgp/trunk/src/main/java/org/apache/commons/openpgp/BouncyCastleOpenPgpSignatureVerifier.java Wed Jul 9 21:16:51 2008
@@ -37,12 +37,11 @@
return null; //To change body of implemented methods use File | Settings | File Templates.
}
- public SignatureStatus verifyDetachedSignature( InputStream data, InputStream signature, KeyRing keyRing,
- boolean asciiArmored )
+ public SignatureStatus verifyDetachedSignature( InputStream data, InputStream signature, KeyRing keyRing )
throws OpenPgpException, UnknownKeyException, IOException
{
OpenPgpStreamingSignatureVerifier verifier =
- new BouncyCastleOpenPgpStreamingSignatureVerifier( signature, keyRing, asciiArmored );
+ new BouncyCastleOpenPgpStreamingSignatureVerifier( signature, keyRing );
byte[] buf = new byte[BUFFER_SIZE];
Modified: commons/sandbox/openpgp/trunk/src/main/java/org/apache/commons/openpgp/BouncyCastleOpenPgpStreamingSignatureVerifier.java
URL: http://svn.apache.org/viewvc/commons/sandbox/openpgp/trunk/src/main/java/org/apache/commons/openpgp/BouncyCastleOpenPgpStreamingSignatureVerifier.java?rev=675435&r1=675434&r2=675435&view=diff
==============================================================================
--- commons/sandbox/openpgp/trunk/src/main/java/org/apache/commons/openpgp/BouncyCastleOpenPgpStreamingSignatureVerifier.java (original)
+++ commons/sandbox/openpgp/trunk/src/main/java/org/apache/commons/openpgp/BouncyCastleOpenPgpStreamingSignatureVerifier.java Wed Jul 9 21:16:51 2008
@@ -17,26 +17,21 @@
* limitations under the License.
*/
-import org.bouncycastle.bcpg.BCPGOutputStream;
-import org.bouncycastle.bcpg.ArmoredInputStream;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.openpgp.PGPException;
-import org.bouncycastle.openpgp.PGPSignature;
-import org.bouncycastle.openpgp.PGPSignatureGenerator;
-import org.bouncycastle.openpgp.PGPUtil;
-import org.bouncycastle.openpgp.PGPObjectFactory;
-import org.bouncycastle.openpgp.PGPSignatureList;
-import org.bouncycastle.openpgp.PGPCompressedData;
-import org.bouncycastle.openpgp.PGPPublicKey;
-
-import java.io.ByteArrayOutputStream;
import java.io.IOException;
-import java.io.OutputStream;
import java.io.InputStream;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.SignatureException;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openpgp.PGPCompressedData;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPObjectFactory;
+import org.bouncycastle.openpgp.PGPPublicKey;
+import org.bouncycastle.openpgp.PGPSignature;
+import org.bouncycastle.openpgp.PGPSignatureList;
+import org.bouncycastle.openpgp.PGPUtil;
+
/**
* Bouncy Castle implementation of the OpenPGP signer.
*
@@ -45,17 +40,15 @@
public class BouncyCastleOpenPgpStreamingSignatureVerifier
implements OpenPgpStreamingSignatureVerifier
{
- private static final String PROVIDER = "BC";
-
private PGPSignature sig;
-
- public BouncyCastleOpenPgpStreamingSignatureVerifier( InputStream signature, KeyRing keyRing, boolean asciiArmor )
+
+ public BouncyCastleOpenPgpStreamingSignatureVerifier( InputStream signature, KeyRing keyRing )
throws OpenPgpException, IOException
{
- init( asciiArmor, signature, keyRing );
+ init( signature, keyRing );
}
- private void init( boolean asciiArmor, InputStream signature, KeyRing keyRing )
+ private void init( InputStream signature, KeyRing keyRing )
throws OpenPgpException, IOException
{
// TODO: better location for this?
@@ -64,10 +57,6 @@
try
{
signature = PGPUtil.getDecoderStream( signature );
- if ( asciiArmor )
- {
- signature = new ArmoredInputStream( signature );
- }
PGPObjectFactory pgpFact = new PGPObjectFactory( signature );
PGPSignatureList p3;
@@ -79,7 +68,7 @@
pgpFact = new PGPObjectFactory( c1.getDataStream() );
- p3 = (PGPSignatureList) pgpFact.nextObject();
+ p3 = (PGPSignatureList) pgpFact.nextObject();
}
else
{
Modified: commons/sandbox/openpgp/trunk/src/main/java/org/apache/commons/openpgp/OpenPgpSignatureVerifier.java
URL: http://svn.apache.org/viewvc/commons/sandbox/openpgp/trunk/src/main/java/org/apache/commons/openpgp/OpenPgpSignatureVerifier.java?rev=675435&r1=675434&r2=675435&view=diff
==============================================================================
--- commons/sandbox/openpgp/trunk/src/main/java/org/apache/commons/openpgp/OpenPgpSignatureVerifier.java (original)
+++ commons/sandbox/openpgp/trunk/src/main/java/org/apache/commons/openpgp/OpenPgpSignatureVerifier.java Wed Jul 9 21:16:51 2008
@@ -46,9 +46,7 @@
* @param data the data to that was signed
* @param signature the detached signature to verify against the data
* @param keyRing the keyring containing the key used to sign the data
- * @param asciiArmored whether the signature is ascii armored
*/
- SignatureStatus verifyDetachedSignature( InputStream data, InputStream signature, KeyRing keyRing,
- boolean asciiArmored )
+ SignatureStatus verifyDetachedSignature( InputStream data, InputStream signature, KeyRing keyRing )
throws OpenPgpException, UnknownKeyException, IOException;
}
Modified: commons/sandbox/openpgp/trunk/src/test/java/org/apache/commons/openpgp/BouncyCastleOpenPgpSignerTest.java
URL: http://svn.apache.org/viewvc/commons/sandbox/openpgp/trunk/src/test/java/org/apache/commons/openpgp/BouncyCastleOpenPgpSignerTest.java?rev=675435&r1=675434&r2=675435&view=diff
==============================================================================
--- commons/sandbox/openpgp/trunk/src/test/java/org/apache/commons/openpgp/BouncyCastleOpenPgpSignerTest.java (original)
+++ commons/sandbox/openpgp/trunk/src/test/java/org/apache/commons/openpgp/BouncyCastleOpenPgpSignerTest.java Wed Jul 9 21:16:51 2008
@@ -57,10 +57,9 @@
ByteArrayOutputStream signature = new ByteArrayOutputStream();
signer.detachedSign( getClass().getResourceAsStream( "/test-input" ), signature, keyId, keyRing, false );
- // TODO: can we get it to verify an ascii armored one?
- SignatureStatus status = verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
- new ByteArrayInputStream( signature.toByteArray() ),
- keyRing, false );
+ SignatureStatus status =
+ verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
+ new ByteArrayInputStream( signature.toByteArray() ), keyRing );
assertNotNull( "check we got a status", status );
assertTrue( "check it was successful", status.isValid() );
}
@@ -68,10 +67,44 @@
public void testVerifySignatureDetachedBinary()
throws IOException, OpenPgpException
{
- // TODO: can we get it to verify an ascii armored one?
- SignatureStatus status = verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
- getClass().getResourceAsStream(
- "/test-signature.bpg" ), keyRing, false );
+ SignatureStatus status =
+ verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
+ getClass().getResourceAsStream( "/test-input.bpg" ), keyRing );
+
+ assertNotNull( "check we got a status", status );
+ assertTrue( "check it was successful", status.isValid() );
+ }
+
+ public void testVerifySignatureDetachedBinaryGpg()
+ throws IOException, OpenPgpException
+ {
+ SignatureStatus status =
+ verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
+ getClass().getResourceAsStream( "/test-input.sig" ), keyRing );
+
+ assertNotNull( "check we got a status", status );
+ assertTrue( "check it was successful", status.isValid() );
+ }
+
+ public void testSignDataDetachedAscii()
+ throws OpenPgpException, IOException
+ {
+ ByteArrayOutputStream signature = new ByteArrayOutputStream();
+ signer.detachedSign( getClass().getResourceAsStream( "/test-input" ), signature, keyId, keyRing, true );
+
+ SignatureStatus status =
+ verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
+ new ByteArrayInputStream( signature.toByteArray() ), keyRing );
+ assertNotNull( "check we got a status", status );
+ assertTrue( "check it was successful", status.isValid() );
+ }
+
+ public void testVerifySignatureDetachedAscii()
+ throws IOException, OpenPgpException
+ {
+ SignatureStatus status =
+ verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
+ getClass().getResourceAsStream( "/test-input.asc" ), keyRing );
assertNotNull( "check we got a status", status );
assertTrue( "check it was successful", status.isValid() );
Added: commons/sandbox/openpgp/trunk/src/test/java/org/apache/commons/openpgp/BouncyCastleOpenPgpStreamingSignerTest.java
URL: http://svn.apache.org/viewvc/commons/sandbox/openpgp/trunk/src/test/java/org/apache/commons/openpgp/BouncyCastleOpenPgpStreamingSignerTest.java?rev=675435&view=auto
==============================================================================
--- commons/sandbox/openpgp/trunk/src/test/java/org/apache/commons/openpgp/BouncyCastleOpenPgpStreamingSignerTest.java (added)
+++ commons/sandbox/openpgp/trunk/src/test/java/org/apache/commons/openpgp/BouncyCastleOpenPgpStreamingSignerTest.java Wed Jul 9 21:16:51 2008
@@ -0,0 +1,220 @@
+package org.apache.commons.openpgp;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import junit.framework.TestCase;
+
+/**
+ * Test the open pgp signer.
+ *
+ * @author <a href="mailto:brett@apache.org">Brett Porter</a>
+ * @todo test text input as well as binary - apparently it fails cross platform
+ */
+public class BouncyCastleOpenPgpStreamingSignerTest
+ extends TestCase
+{
+ private String keyId = "A7D16BD4";
+
+ private KeyRing keyRing;
+
+ private static final String PASSWORD = "cop";
+
+ protected void setUp()
+ throws Exception
+ {
+ super.setUp();
+
+ keyRing = new BouncyCastleKeyRing( getClass().getResourceAsStream( "/secring.gpg" ),
+ getClass().getResourceAsStream( "/pubring.gpg" ), PASSWORD.toCharArray() );
+ }
+
+ public void testSignDataDetachedBinary()
+ throws OpenPgpException, IOException
+ {
+ OpenPgpStreamingSigner signer = new BouncyCastleOpenPgpStreamingSigner( keyId, keyRing, false );
+
+ InputStream in = getClass().getResourceAsStream( "/test-input" );
+ byte[] buf = new byte[8192];
+ int len;
+ try
+ {
+ do
+ {
+ len = in.read( buf, 0, 8192 );
+ if ( len > 0 )
+ {
+ signer.update( buf, 0, len );
+ }
+ }
+ while ( len >= 0 );
+ }
+ finally
+ {
+ in.close();
+ }
+
+ byte[] signature = signer.finish();
+
+ OpenPgpSignatureVerifier verifier = new BouncyCastleOpenPgpSignatureVerifier();
+
+ SignatureStatus status =
+ verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
+ new ByteArrayInputStream( signature ), keyRing );
+ assertNotNull( "check we got a status", status );
+ assertTrue( "check it was successful", status.isValid() );
+ }
+
+ public void testVerifySignatureDetachedBinary()
+ throws IOException, OpenPgpException
+ {
+ InputStream signature = getClass().getResourceAsStream( "/test-input.bpg" );
+ OpenPgpStreamingSignatureVerifier verifier =
+ new BouncyCastleOpenPgpStreamingSignatureVerifier( signature, keyRing );
+
+ InputStream in = getClass().getResourceAsStream( "/test-input" );
+ byte[] buf = new byte[8192];
+ int len;
+ try
+ {
+ do
+ {
+ len = in.read( buf, 0, 8192 );
+ if ( len > 0 )
+ {
+ verifier.update( buf, 0, len );
+ }
+ }
+ while ( len >= 0 );
+ }
+ finally
+ {
+ in.close();
+ }
+
+ SignatureStatus status = verifier.finish();
+
+ assertNotNull( "check we got a status", status );
+ assertTrue( "check it was successful", status.isValid() );
+ }
+
+ public void testVerifySignatureDetachedBinaryGpg()
+ throws IOException, OpenPgpException
+ {
+ InputStream signature = getClass().getResourceAsStream( "/test-input.sig" );
+ OpenPgpStreamingSignatureVerifier verifier =
+ new BouncyCastleOpenPgpStreamingSignatureVerifier( signature, keyRing );
+
+ InputStream in = getClass().getResourceAsStream( "/test-input" );
+ byte[] buf = new byte[8192];
+ int len;
+ try
+ {
+ do
+ {
+ len = in.read( buf, 0, 8192 );
+ if ( len > 0 )
+ {
+ verifier.update( buf, 0, len );
+ }
+ }
+ while ( len >= 0 );
+ }
+ finally
+ {
+ in.close();
+ }
+
+ SignatureStatus status = verifier.finish();
+
+ assertNotNull( "check we got a status", status );
+ assertTrue( "check it was successful", status.isValid() );
+ }
+
+ public void testSignDataDetachedAscii()
+ throws OpenPgpException, IOException
+ {
+ OpenPgpStreamingSigner signer = new BouncyCastleOpenPgpStreamingSigner( keyId, keyRing, true );
+
+ InputStream in = getClass().getResourceAsStream( "/test-input" );
+ byte[] buf = new byte[8192];
+ int len;
+ try
+ {
+ do
+ {
+ len = in.read( buf, 0, 8192 );
+ if ( len > 0 )
+ {
+ signer.update( buf, 0, len );
+ }
+ }
+ while ( len >= 0 );
+ }
+ finally
+ {
+ in.close();
+ }
+
+ byte[] signature = signer.finish();
+
+ OpenPgpSignatureVerifier verifier = new BouncyCastleOpenPgpSignatureVerifier();
+
+ SignatureStatus status =
+ verifier.verifyDetachedSignature( getClass().getResourceAsStream( "/test-input" ),
+ new ByteArrayInputStream( signature ), keyRing );
+ assertNotNull( "check we got a status", status );
+ assertTrue( "check it was successful", status.isValid() );
+ }
+
+ public void testVerifySignatureDetachedAscii()
+ throws IOException, OpenPgpException
+ {
+ InputStream signature = getClass().getResourceAsStream( "/test-input.asc" );
+ OpenPgpStreamingSignatureVerifier verifier =
+ new BouncyCastleOpenPgpStreamingSignatureVerifier( signature, keyRing );
+
+ InputStream in = getClass().getResourceAsStream( "/test-input" );
+ byte[] buf = new byte[8192];
+ int len;
+ try
+ {
+ do
+ {
+ len = in.read( buf, 0, 8192 );
+ if ( len > 0 )
+ {
+ verifier.update( buf, 0, len );
+ }
+ }
+ while ( len >= 0 );
+ }
+ finally
+ {
+ in.close();
+ }
+
+ SignatureStatus status = verifier.finish();
+
+ assertNotNull( "check we got a status", status );
+ assertTrue( "check it was successful", status.isValid() );
+ }
+}
Propchange: commons/sandbox/openpgp/trunk/src/test/java/org/apache/commons/openpgp/BouncyCastleOpenPgpStreamingSignerTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Copied: commons/sandbox/openpgp/trunk/src/test/resources/test-input.asc (from r675341, commons/sandbox/openpgp/trunk/src/test/resources/test-signature.asc)
URL: http://svn.apache.org/viewvc/commons/sandbox/openpgp/trunk/src/test/resources/test-input.asc?p2=commons/sandbox/openpgp/trunk/src/test/resources/test-input.asc&p1=commons/sandbox/openpgp/trunk/src/test/resources/test-signature.asc&r1=675341&r2=675435&rev=675435&view=diff
==============================================================================
--- commons/sandbox/openpgp/trunk/src/test/resources/test-signature.asc (original)
+++ commons/sandbox/openpgp/trunk/src/test/resources/test-input.asc Wed Jul 9 21:16:51 2008
@@ -1,7 +1,7 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.1 (Cygwin)
+Version: GnuPG v1.4.8 (Darwin)
-iD8DBQBDlVJdTusOMqfRa9QRAuxXAJ9k0G+f2tbO6eTuBQS1uim44aADVwCgxS3i
-MH8RP0v17V5sM1WN8ih97n8=
-=gPJ5
+iEYEABECAAYFAkh1iI4ACgkQTusOMqfRa9TqvwCggGd9MXU4+9YKAohx+n2HIvKZ
+8S4An1yw871Lq44DnNaI6U4BXTnD6knm
+=84SX
-----END PGP SIGNATURE-----
Added: commons/sandbox/openpgp/trunk/src/test/resources/test-input.sig
URL: http://svn.apache.org/viewvc/commons/sandbox/openpgp/trunk/src/test/resources/test-input.sig?rev=675435&view=auto
==============================================================================
Binary file - no diff available.
Propchange: commons/sandbox/openpgp/trunk/src/test/resources/test-input.sig
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream