Skip to content
This repository has been archived by the owner on Dec 6, 2023. It is now read-only.

Commit

Permalink
Merge pull request #6 from pagopa/updated_rsa_validation
Browse files Browse the repository at this point in the history
[SLS-35] SignatureSpecificationTest
  • Loading branch information
alessio-cialini authored Apr 13, 2023
2 parents 92c893d + ac349eb commit 25d9ae7
Showing 1 changed file with 0 additions and 91 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -344,97 +344,6 @@ void fullCoverageRsaPss256() throws Exception {
verificationSpec.verify();
}

@Test
@DisplayName("Full Coverage using rsa-pss-sha256")
void fullCoverageRsaPss2562() throws Exception {
// setup
var signatureLabel = "sig1";
var keyId = "sha256-A3OhKGLYwSvdJ2txHi_SGQ3G-sHLh2Ibu91ErqFx_58";
var algorithm = SignatureAlgorithm.RSA_PSS_SHA_256;

Map<String, String> requestHeaders =
Map.of(
"Content-Digest", "sha-256=:cpyRqJ1VhoVC+MSs9fq4/4wXs4c46EyEFriskys43Za=:",
"x-pagopa-lollipop-original-url",
"https://api-app.io.pagopa.it/first-lollipop/sign",
"x-pagopa-lollipop-original-method", "POST");

SignatureParameters signatureParams = SignatureParameters.builder()
.created(1678814391)
.nonce("aNonce")
.visibleAlgorithm(algorithm)
.algorithm(algorithm)
.keyId(keyId)
.build();
var signatureComponents = SignatureComponents.builder()
.headers("Content-Digest", "x-pagopa-lollipop-original-method", "x-pagopa-lollipop-original-url")
.build();
var signatureSpec = SignatureSpec.builder()
.signatureLabel(signatureLabel)
.privateKey(ObjectMother.getRsaPssPrivateKey())
.context(SignatureContext.builder().headers(requestHeaders).build())
.parameters(signatureParams)
.components(signatureComponents)
.build();
var publicKeyInfo = PublicKeyInfo.builder()
.algorithm(algorithm)
.publicKey(ObjectMother.getRsaPssPublicKey())
.build();
var expectedSignatureInput =
"sig1=(\"content-digest\" \"x-pagopa-lollipop-original-method\""
+ " \"x-pagopa-lollipop-original-url\");created=1678814391;" +
"nonce=\"aNonce\";alg=\"rsa-pss-sha256\";keyid=\"sha256-A3OhKGLYwSvdJ2txHi_SGQ3G-sHLh2Ibu91ErqFx_58\"";

// execute
var signatureResult = signatureSpec.sign();


new String(Base64.getEncoder().encode(JWK.parse("{" +
" \"kty\": \"RSA\"," +
" \"kid\": \"test-key-rsa-pss\"," +
" \"p\": \"5V-6ISI5yEaCFXm-fk1EM2xwAWekePVCAyvr9QbTlFOCZwt9WwjUjhtKRus" +
" i5Uq-IYZ_tq2WRE4As4b_FHEMtp2AER43IcvmXPqKFBoUktVDS7dThIHrsnRi1U7d" +
" HqVdwiMEMe5jxKNgnsKLpnq-4NyhoS6OeWu1SFozG9J9xQk\"," +
" \"q\": \"w-wIde17W5Y0Cphp3ZZ0uM8OUq1AkrV2IKauqYHaDxAT32EM4ci2MMER2nI" +
" UEo4g_42lW0zYouFFqONwv0-HyOsgPpdSqKRC5WLgn0VXabjaNcy6KhNPXeJ0Agtq" +
" diDwPeJ2_L_eKwNWQ43RfdQBUquAwSd7SEmmQ8sViqB628M\"," +
" \"d\": \"lAfIqfpCYomVShfAKnwf2lD9I0wKjkHsCtZCif4kAlwQqqW6N-tIL3bdOR-" +
" VWf0Q1ZBIDtpO91UrG7pansyrPERbNrRJlPiYEyPTHkCT1nD-l2isuiyGLNBNnFoK" +
" fBgA4KAbPJZQatFIV9Cn34JSHnpN5-2ehreGBYHtkwHFtlmzeF3yu5bqRcqOhx8lk" +
" YmBzDAEUFyyXjknU5-WjAT9DzuG0MpOTkcU1EnjnIjyVBZLUB5Lxm8puyq8hH8B_E" +
" 5LNC-1oc8j-tDy98UvRTTiYvZvs87cGCFxg0LijNhg7CE3g9piNqB6DzMgA9MHSOw" +
" cElVtfKdYfo4H3OHZXsSmEQ\"," +
" \"e\": \"AQAB\"," +
" \"qi\": \"jRAqfYi_tKCjhP9eM0N2XaRlNeoYCTx06GlSLD8d0zc4ZZuEePY10LMGWI" +
" 6Y_JC0CvvvQYhNa9sAj4hFjIVLsWeTplVVUezGO1ofLW4kYWVpnMpHgAY1pRM4kyz" +
" o1p3MKYY8DE1BA4KqhSOfhdGs6Ov3Dfj0migZeE7Fu7yc7Fc\"," +
" \"dp\": \"otDolkxtJ7Sk8gmRJqZCGx6GAvlGznWJfibXPv6xgUAl-G83dD84YgcNGn" +
" oeMxRzEekfDtT5LVMRPF4_AoucsqPqHDyOdfb-dlGBYfOBVxj6w-xF5HE0lV_4J-H" +
" rI63Od9fTSn4lY5d1JjyCVJIcnBEAyiD6EUZbUBh23vDzRcE\"," +
" \"dq\": \"iZE1S6CpqmBoQDxOsXGQmaeBdhoCqkDSJhEDuS_dLhBq88FQa0UkcE1QvO" +
" K3J2Q21VnfDqGBx7SH1hOFOj-cpz45kNluB832ztxDvnHQ9AIA7h_HY_3VD6YPMNR" +
" VN4bfSYS3abdLR0Z7jsmInGJ9X0_fA0E2tkZIgXeas5EFU0M\"," +
" \"n\": \"r4tmm3r20Wd_PbqvP1s2-QEtvpuRaV8Yq40gjUR8y2Rjxa6dpG2GXHbPfvM" +
" s8ct-Lh1GH45x28Rw3Ry53mm-oAXjyQ86OnDkZ5N8lYbggD4O3w6M6pAvLkhk95An" +
" dTrifbIFPNU8PPMO7OyrFAHqgDsznjPFmTOtCEcN2Z1FpWgchwuYLPL-Wokqltd11" +
" nqqzi-bJ9cvSKADYdUAAN5WUtzdpiy6LbTgSxP7ociU4Tn0g5I6aDZJ7A8Lzo0KSy" +
" ZYoA485mqcO0GVAdVw9lq4aOT9v6d-nb4bnNkQVklLQ3fVAvJm-xdDOp9LCNCN48V" +
" 2pnDOkFV6-U9nV5oyc6XI2w\"" +
"}").toPublicJWK().toJSONString().getBytes()));

// verify signature input
assertThat(signatureResult.getSignatureInput()).isEqualTo(expectedSignatureInput);

// verify self signature
var verificationSpec = getVerificationSpec(signatureLabel, keyId, publicKeyInfo, signatureResult);
verificationSpec.verify();

// verify example signature
var validSignature = "sig1=:Jf7v1wqk4bWDZzS0aqbA8VIYxBD07KkrhVmf8ncqsCCpgtggKzVpuwzsxJGDaxqw1sQ/4/9q3JviW7cV0Iq1EbFPiXkW9j9F+JPNt+pPZCjTrcHzKSZ+Yz+MYttSS/umR0YdCPdkObu28HyZ1hcTgt2xSqyYpjxX9CPcjHn42tVJBF6KfmxnAdcYH3vjFj30QPRyMUjQEH9FEQItcxP7H4P9vXsHsKi2o3NFwgl8Lq5zCOMURbM4BtgxJwVh97MJzqPVJEq3isEa60hquPIdIjPoL9tgMEZkbERHZzqg3KivS9cjdQ7VsWWdwu8S2mPbRVK7SAyhEpk+hnmpxg24Uw==:";
verificationSpec = getVerificationSpec(signatureLabel, keyId, publicKeyInfo, expectedSignatureInput, validSignature);
verificationSpec.verify();
}

@Test
@DisplayName("Signing a Response using ecdsa-p256-sha256")
void signingResponseEcdsaP256Sha256() throws Exception {
Expand Down

0 comments on commit 25d9ae7

Please sign in to comment.