@Test public void testPackageSignature() throws IOException, PackagingException, PGPException, SignatureException, org.bouncycastle.openpgp.PGPException, NoSuchProviderException { final File debFile = createPackage(ImmutableList.<Resource>of( new StringResource("hello world", true, "/tmp/test.txt", USER, USER, TarEntry.DEFAULT_FILE_MODE) )); final File packageDir = temporaryFolder.newFolder(); ArchiveUtils.extractAr(debFile, packageDir); final File pgpSignatureFile = new File(packageDir, "_gpgorigin"); assertTrue(pgpSignatureFile.exists()); try (final InputStream keyringIn = PGPUtil.getDecoderStream(PackageBuilderTest.class.getResourceAsStream("public.asc"))) { try (final InputStream signatureIn = PGPUtil.getDecoderStream(new FileInputStream(pgpSignatureFile))) { final PGPPublicKey publicKey = ((PGPPublicKeyRing) new BcPGPPublicKeyRingCollection(keyringIn).getKeyRings().next()).getPublicKey(); final PGPSignature signature = ((PGPSignatureList) new BcPGPObjectFactory(signatureIn).nextObject()).get(0); signature.init(new BcPGPContentVerifierBuilderProvider(), publicKey); signature.update(Files.asByteSource(new File(packageDir, "debian-binary")).read()); signature.update(Files.asByteSource(new File(packageDir, "control.tar.gz")).read()); signature.update(Files.asByteSource(new File(packageDir, "data.tar.gz")).read()); assertTrue(signature.verify()); } } }
protected static PGPPublicKey readPublicKey(InputStream in) throws IOException, PGPException { BcPGPPublicKeyRingCollection pgpPub = new BcPGPPublicKeyRingCollection( PGPUtil.getDecoderStream(in)); in.close(); Iterator<PGPPublicKeyRing> rIt = pgpPub.getKeyRings(); while (rIt.hasNext()) { PGPPublicKeyRing kRing = rIt.next(); Iterator<PGPPublicKey> kIt = kRing.getPublicKeys(); while (kIt.hasNext()) { PGPPublicKey k = kIt.next(); if (k.isEncryptionKey()) { return k; } } } throw new IllegalArgumentException("Can't find encryption key in key ring."); }
/** Always returns a {@link InMemoryKeyring} instance. */ @Provides static Keyring provideKeyring() { PGPKeyPair dummyKey; try (InputStream publicInput = PGP_PUBLIC_KEYRING.openStream(); InputStream privateInput = PGP_PRIVATE_KEYRING.openStream()) { PGPPublicKeyRingCollection publicKeys = new BcPGPPublicKeyRingCollection(PGPUtil.getDecoderStream(publicInput)); PGPSecretKeyRingCollection privateKeys = new BcPGPSecretKeyRingCollection(PGPUtil.getDecoderStream(privateInput)); dummyKey = lookupKeyPair(publicKeys, privateKeys, EMAIL_ADDRESS, ENCRYPT_SIGN); } catch (PGPException | IOException e) { throw new VerifyException("Failed to load PGP keys from jar", e); } // Use the same dummy PGP keypair for all required PGP keys -- a real production system would // have different values for these keys. Pass dummy values for all Strings. return new InMemoryKeyring( dummyKey, dummyKey, dummyKey.getPublicKey(), dummyKey, dummyKey.getPublicKey(), "not a real key", "not a real key", "not a real password", "not a real login", "not a real password", "not a real login", "not a real credential", "not a real key"); }
@SuppressWarnings("rawtypes") private static PGPPublicKey readPublicKey(InputStream in) throws IOException, PGPException { in = PGPUtil.getDecoderStream(in); PGPPublicKeyRingCollection pgpPub = new BcPGPPublicKeyRingCollection(in); // // we just loop through the collection till we find a key suitable for // encryption, in the real // world you would probably want to be a bit smarter about this. // // // iterate through the key rings. // Iterator rIt = pgpPub.getKeyRings(); while (rIt.hasNext()) { PGPPublicKeyRing kRing = (PGPPublicKeyRing) rIt.next(); Iterator kIt = kRing.getPublicKeys(); while (kIt.hasNext()) { PGPPublicKey k = (PGPPublicKey) kIt.next(); if (k.isEncryptionKey()) { return k; } } } throw new IllegalArgumentException( "Can't find encryption key in key ring."); }
