zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-05 14:37:52 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/javatests/google/registry/rde/RydeGpgIntegrationTest.java
guyben 8ec2eaf39c Simplify the RyDE API 
Second step of RDE encoding refactoring.

Creates a single OutputStream encode RyDE files.
This replaces the 5 OutputStreams that were needed before.

Also removes all the factories that were injected. It's an encoding, there's no point in injecting it.

Finally, removed the buffer-size configuration and replaced with a static final
const value in each individual OutputStream.

This doesn't yet include a decoder (InputStream). And there's still a lot of overlap between the Ryde and the Ghostryde code. Both of those are left for the next CLs.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=204898369
2018-07-17 22:03:53 -04:00

254 lines
9.3 KiB
Java
Raw Blame History

// Copyright 2017 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.rde;
import static com.google.common.base.Strings.repeat;
import static com.google.common.truth.Truth.assertThat;
import static com.google.common.truth.Truth.assertWithMessage;
import static google.registry.testing.SystemInfo.hasCommand;
import static java.nio.charset.StandardCharsets.UTF_8;
import static org.junit.Assume.assumeTrue;
import com.google.common.flogger.FluentLogger;
import com.google.common.io.CharStreams;
import google.registry.keyring.api.Keyring;
import google.registry.testing.BouncyCastleProviderRule;
import google.registry.testing.FakeKeyringModule;
import google.registry.testing.GpgSystemCommandRule;
import google.registry.testing.ShardableTestCase;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import org.bouncycastle.openpgp.PGPKeyPair;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.joda.time.DateTime;
import org.junit.Rule;
import org.junit.experimental.theories.DataPoints;
import org.junit.experimental.theories.Theories;
import org.junit.experimental.theories.Theory;
import org.junit.runner.RunWith;
/** GPG combinatorial integration tests for the Ryde classes. */
@RunWith(Theories.class)
@SuppressWarnings("resource")
public class RydeGpgIntegrationTest extends ShardableTestCase {
private static final FluentLogger logger = FluentLogger.forEnclosingClass();
@Rule
public final BouncyCastleProviderRule bouncy = new BouncyCastleProviderRule();
@Rule
public final GpgSystemCommandRule gpg = new GpgSystemCommandRule(
RdeTestData.loadBytes("pgp-public-keyring.asc"),
RdeTestData.loadBytes("pgp-private-keyring-escrow.asc"));
private final FakeKeyringModule keyringFactory = new FakeKeyringModule();
@DataPoints
public static GpgCommand[] commands = new GpgCommand[] {
new GpgCommand("gpg"),
new GpgCommand("gpg2"),
};
@DataPoints
public static Filename[] filenames = new Filename[] {
new Filename("sloth"),
};
@DataPoints
public static Content[] contents = new Content[] {
new Content("(◕‿◕)"),
new Content(repeat("Fanatics have their dreams, wherewith they weave.\n", 1000)),
new Content("\0yolo"),
new Content(""),
};
@Theory
public void test(GpgCommand cmd, Filename name, Content content)
throws Exception {
assumeTrue(hasCommand("tar"));
assumeTrue(hasCommand(cmd.get() + " --version"));
Keyring keyring = keyringFactory.get();
PGPKeyPair signingKey = keyring.getRdeSigningKey();
PGPPublicKey receiverKey = keyring.getRdeReceiverKey();
DateTime modified = DateTime.parse("1984-01-01T00:00:00Z");
File home = gpg.getCwd();
File rydeFile = new File(home, name.get() + ".ryde");
File sigFile = new File(home, name.get() + ".sig");
File tarFile = new File(home, name.get() + ".tar");
File xmlFile = new File(home, name.get() + ".xml");
byte[] data = content.get().getBytes(UTF_8);
try (OutputStream rydeOut = new FileOutputStream(rydeFile);
OutputStream sigOut = new FileOutputStream(sigFile);
RydeEncoder rydeEncoder = new RydeEncoder.Builder()
.setRydeOutput(rydeOut, receiverKey)
.setSignatureOutput(sigOut, signingKey)
.setFileMetadata(name.get(), data.length, modified)
.build()) {
rydeEncoder.write(data);
}
// Iron Mountain examines the ryde file to see what sort of OpenPGP layers it contains.
//
// :pubkey enc packet: version 3, algo 1, keyid 239F455A2ACEE5C2
// data: [2047 bits]
// :encrypted data packet:
// length: 2005
// gpg: encrypted with 2048-bit RSA key, ID 54E1EB0F, created 2015-04-07
// "Marla Singer <rde-unittest@escrow.test>"
// :compressed packet: algo=1
// :literal data packet:
// mode b (62), created 1287273600, name="lol_2010-10-17_full_S1_R0.tar",
// raw data: 10752 bytes
// gpg: WARNING: message was not integrity protected
logger.atInfo().log("Running GPG to list info about OpenPGP message...");
{
Process pid =
gpg.exec(
cmd.get(),
"--list-packets",
"--ignore-mdc-error",
"--keyid-format",
"long",
rydeFile.toString());
String stdout = slurp(pid.getInputStream());
String stderr = slurp(pid.getErrorStream());
assertWithMessage(stderr).that(pid.waitFor()).isEqualTo(0);
assertWithMessage("OpenPGP message is missing encryption layer")
.that(stdout)
.contains(":pubkey enc packet:");
assertWithMessage("Unexpected symmetric encryption algorithm")
.that(stdout)
.contains(":pubkey enc packet: version 3, algo 1");
assertWithMessage("OpenPGP message is missing compression layer")
.that(stdout)
.contains(":compressed packet:");
assertWithMessage("Expected zip compression algorithm")
.that(stdout)
.contains(":compressed packet: algo=1");
assertWithMessage("OpenPGP message is missing literal data packet")
.that(stdout)
.contains(":literal data packet:");
assertWithMessage("Literal data packet does not contain correct filename")
.that(stdout)
.contains("name=\"" + name.get() + ".tar\"");
assertWithMessage("Literal data packet should be in BINARY mode")
.that(stdout)
.contains("mode b ");
assertWithMessage("Unexpected asymmetric encryption algorithm")
.that(stderr)
.contains("encrypted with 2048-bit RSA key");
assertWithMessage("Unexpected receiver public key")
.that(stderr)
.contains("ID 7F9084EE54E1EB0F");
}
// Iron Mountain now verifies that rydeFile is authentic and was signed appropriately.
//
// jart@jart:/tmp$ gpg --verify /tmp/deposit.sig /tmp/deposit.ryde
// gpg: Signature made Mon 26 Aug 2013 12:04:27 PM EDT using RSA-S key ID 2774D88E
// gpg: Good signature from <rde-unittest@registry.test>
logger.atInfo().log("Running GPG to verify signature...");
{
Process pid = gpg.exec(cmd.get(), "--verify", sigFile.toString(), rydeFile.toString());
String stderr = slurp(pid.getErrorStream());
assertWithMessage(stderr).that(pid.waitFor()).isEqualTo(0);
assertThat(stderr).contains("Good signature");
assertThat(stderr).contains("rde-unittest@registry.test");
}
// Iron Mountain now decrypts the ryde file to produce a tar file.
//
// jart@jart:/tmp$ gpg -v --use-embedded-filename /tmp/deposit.ryde
// gpg: public key is 2ACEE5C2
// gpg: encrypted with 2048-bit RSA key, ID 54E1EB0F, created 2015-04-07
// "Marla Singer <rde-unittest@escrow.test>"
// gpg: AES encrypted data
// gpg: original file name='lol_2010-10-17_full_S1_R0.tar'
// gpg: WARNING: message was not integrity protected
logger.atInfo().log("Running GPG to extract tar...");
{
Process pid =
gpg.exec(cmd.get(), "--use-embedded-filename", "--ignore-mdc-error", rydeFile.toString());
String stderr = slurp(pid.getErrorStream());
assertWithMessage(stderr).that(pid.waitFor()).isEqualTo(0);
}
assertWithMessage("gpg decrypt did not produce expected tar file")
.that(tarFile.exists())
.isTrue();
// ...and finally, Iron Mountain extracts the tar file to get a happy XML file ^__^
logger.atInfo().log("Running GNU tar to extract content...");
{
Process pid = gpg.exec("tar", "-xf", tarFile.toString());
String stderr = slurp(pid.getErrorStream());
assertWithMessage(stderr).that(pid.waitFor()).isEqualTo(0);
}
assertWithMessage("tar did not produce expected xml file").that(xmlFile.exists()).isTrue();
assertThat(slurp(xmlFile)).isEqualTo(content.get());
}
private String slurp(File file) throws FileNotFoundException, IOException {
return CharStreams.toString(new InputStreamReader(new FileInputStream(file), UTF_8));
}
private String slurp(InputStream is) throws IOException {
return CharStreams.toString(new InputStreamReader(is, UTF_8));
}
private static class GpgCommand {
private final String value;
GpgCommand(String value) {
this.value = value;
}
String get() {
return value;
}
}
private static class Filename {
private final String value;
Filename(String value) {
this.value = value;
}
String get() {
return value;
}
}
private static class Content {
private final String value;
Content(String value) {
this.value = value;
}
String get() {
return value;
}
}
}
Reference in a new issue View git blame Copy permalink