aboutsummaryrefslogtreecommitdiffstats
path: root/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringTest.java')
-rw-r--r--OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringTest.java123
1 files changed, 115 insertions, 8 deletions
diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringTest.java
index 66e31c272..496850eb7 100644
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringTest.java
@@ -31,6 +31,7 @@ import java.util.Iterator;
public class UncachedKeyringTest {
static UncachedKeyRing staticRing;
+ static int totalPackets;
UncachedKeyRing ring;
ArrayList<RawPacket> onlyA = new ArrayList<RawPacket>();
ArrayList<RawPacket> onlyB = new ArrayList<RawPacket>();
@@ -59,6 +60,9 @@ public class UncachedKeyringTest {
Assert.assertNotNull("initial test key creation must succeed", staticRing);
+ // just for later reference
+ totalPackets = 9;
+
// we sleep here for a second, to make sure all new certificates have different timestamps
Thread.sleep(1000);
}
@@ -76,24 +80,24 @@ public class UncachedKeyringTest {
Assert.assertEquals("packet #1 should be secret key",
PacketTags.SECRET_KEY, it.next().tag);
- Assert.assertEquals("packet #2 should be secret key",
+ Assert.assertEquals("packet #2 should be user id",
PacketTags.USER_ID, it.next().tag);
- Assert.assertEquals("packet #3 should be secret key",
+ Assert.assertEquals("packet #3 should be signature",
PacketTags.SIGNATURE, it.next().tag);
- Assert.assertEquals("packet #4 should be secret key",
+ Assert.assertEquals("packet #4 should be user id",
PacketTags.USER_ID, it.next().tag);
- Assert.assertEquals("packet #5 should be secret key",
+ Assert.assertEquals("packet #5 should be signature",
PacketTags.SIGNATURE, it.next().tag);
- Assert.assertEquals("packet #6 should be secret key",
+ Assert.assertEquals("packet #6 should be secret subkey",
PacketTags.SECRET_SUBKEY, it.next().tag);
- Assert.assertEquals("packet #7 should be secret key",
+ Assert.assertEquals("packet #7 should be signature",
PacketTags.SIGNATURE, it.next().tag);
- Assert.assertEquals("packet #8 should be secret key",
+ Assert.assertEquals("packet #8 should be secret subkey",
PacketTags.SECRET_SUBKEY, it.next().tag);
- Assert.assertEquals("packet #9 should be secret key",
+ Assert.assertEquals("packet #9 should be signature",
PacketTags.SIGNATURE, it.next().tag);
Assert.assertFalse("exactly 9 packets total", it.hasNext());
@@ -103,4 +107,107 @@ public class UncachedKeyringTest {
}
+ @Test public void testBrokenSignature() throws Exception {
+
+ byte[] brokenSig;
+ {
+ UncachedPublicKey masterKey = ring.getPublicKey();
+ WrappedSignature sig = masterKey.getSignaturesForId("twi").next();
+ brokenSig = sig.getEncoded();
+ // break the signature
+ brokenSig[brokenSig.length - 5] += 1;
+ }
+
+ byte[] reng = ring.getEncoded();
+ for(int i = 0; i < totalPackets; i++) {
+
+ byte[] brokenBytes = KeyringTestingHelper.injectPacket(reng, brokenSig, i);
+ Assert.assertEquals("broken ring must be original + injected size",
+ reng.length + brokenSig.length, brokenBytes.length);
+
+ try {
+ UncachedKeyRing brokenRing = UncachedKeyRing.decodeFromData(brokenBytes);
+
+ brokenRing = brokenRing.canonicalize(log, 0);
+ if (brokenRing == null) {
+ System.out.println("ok, canonicalization failed.");
+ continue;
+ }
+
+ Assert.assertArrayEquals("injected bad signature must be gone after canonicalization",
+ ring.getEncoded(), brokenRing.getEncoded());
+
+ } catch (Exception e) {
+ System.out.println("ok, rejected with: " + e.getMessage());
+ }
+ }
+
+ }
+
+ @Test public void testUidSignature() throws Exception {
+
+ UncachedPublicKey masterKey = ring.getPublicKey();
+ final WrappedSignature sig = masterKey.getSignaturesForId("twi").next();
+
+ byte[] raw = sig.getEncoded();
+ // destroy the signature
+ raw[raw.length - 5] += 1;
+ final WrappedSignature brokenSig = WrappedSignature.fromBytes(raw);
+
+ { // bad certificates get stripped
+ UncachedKeyRing modified = KeyringTestingHelper.injectPacket(ring, brokenSig.getEncoded(), 3);
+ modified = modified.canonicalize(log, 0);
+
+ Assert.assertTrue("canonicalized keyring with invalid extra sig must be same as original one",
+ !KeyringTestingHelper.diffKeyrings(
+ ring.getEncoded(), modified.getEncoded(), onlyA, onlyB));
+ }
+
+ // remove user id certificate for one user
+ final UncachedKeyRing base = KeyringTestingHelper.removePacket(ring, 2);
+
+ { // user id without certificate should be removed
+ UncachedKeyRing modified = base.canonicalize(log, 0);
+ Assert.assertTrue("canonicalized keyring must differ", KeyringTestingHelper.diffKeyrings(
+ ring.getEncoded(), modified.getEncoded(), onlyA, onlyB));
+
+ Assert.assertEquals("two packets should be stripped after canonicalization", 2, onlyA.size());
+ Assert.assertEquals("no new packets after canonicalization", 0, onlyB.size());
+
+ Packet p;
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyA.get(0).buf)).readPacket();
+ Assert.assertTrue("first stripped packet must be user id", p instanceof UserIDPacket);
+ Assert.assertEquals("missing user id must be the expected one",
+ "twi", ((UserIDPacket) p).getID());
+
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyA.get(1).buf)).readPacket();
+ Assert.assertArrayEquals("second stripped packet must be signature we removed",
+ sig.getEncoded(), onlyA.get(1).buf);
+
+ }
+
+ { // add error to signature
+
+ UncachedKeyRing modified = KeyringTestingHelper.injectPacket(base, brokenSig.getEncoded(), 3);
+ modified = modified.canonicalize(log, 0);
+
+ Assert.assertTrue("canonicalized keyring must differ", KeyringTestingHelper.diffKeyrings(
+ ring.getEncoded(), modified.getEncoded(), onlyA, onlyB));
+
+ Assert.assertEquals("two packets should be missing after canonicalization", 2, onlyA.size());
+ Assert.assertEquals("no new packets after canonicalization", 0, onlyB.size());
+
+ Packet p;
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyA.get(0).buf)).readPacket();
+ Assert.assertTrue("first stripped packet must be user id", p instanceof UserIDPacket);
+ Assert.assertEquals("missing user id must be the expected one",
+ "twi", ((UserIDPacket) p).getID());
+
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyA.get(1).buf)).readPacket();
+ Assert.assertArrayEquals("second stripped packet must be signature we removed",
+ sig.getEncoded(), onlyA.get(1).buf);
+ }
+
+ }
+
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 20:17:46 +0000