diff --git a/src/test/java/net/visma/autopay/http/signature/SignatureSpecificationTest.java b/src/test/java/net/visma/autopay/http/signature/SignatureSpecificationTest.java index 84e11f1..deccd0f 100644 --- a/src/test/java/net/visma/autopay/http/signature/SignatureSpecificationTest.java +++ b/src/test/java/net/visma/autopay/http/signature/SignatureSpecificationTest.java @@ -344,97 +344,6 @@ void fullCoverageRsaPss256() throws Exception { verificationSpec.verify(); } - @Test - @DisplayName("Full Coverage using rsa-pss-sha256") - void fullCoverageRsaPss2562() throws Exception { - // setup - var signatureLabel = "sig1"; - var keyId = "sha256-A3OhKGLYwSvdJ2txHi_SGQ3G-sHLh2Ibu91ErqFx_58"; - var algorithm = SignatureAlgorithm.RSA_PSS_SHA_256; - - Map requestHeaders = - Map.of( - "Content-Digest", "sha-256=:cpyRqJ1VhoVC+MSs9fq4/4wXs4c46EyEFriskys43Za=:", - "x-pagopa-lollipop-original-url", - "https://api-app.io.pagopa.it/first-lollipop/sign", - "x-pagopa-lollipop-original-method", "POST"); - - SignatureParameters signatureParams = SignatureParameters.builder() - .created(1678814391) - .nonce("aNonce") - .visibleAlgorithm(algorithm) - .algorithm(algorithm) - .keyId(keyId) - .build(); - var signatureComponents = SignatureComponents.builder() - .headers("Content-Digest", "x-pagopa-lollipop-original-method", "x-pagopa-lollipop-original-url") - .build(); - var signatureSpec = SignatureSpec.builder() - .signatureLabel(signatureLabel) - .privateKey(ObjectMother.getRsaPssPrivateKey()) - .context(SignatureContext.builder().headers(requestHeaders).build()) - .parameters(signatureParams) - .components(signatureComponents) - .build(); - var publicKeyInfo = PublicKeyInfo.builder() - .algorithm(algorithm) - .publicKey(ObjectMother.getRsaPssPublicKey()) - .build(); - var expectedSignatureInput = - "sig1=(\"content-digest\" \"x-pagopa-lollipop-original-method\"" - + " \"x-pagopa-lollipop-original-url\");created=1678814391;" + - "nonce=\"aNonce\";alg=\"rsa-pss-sha256\";keyid=\"sha256-A3OhKGLYwSvdJ2txHi_SGQ3G-sHLh2Ibu91ErqFx_58\""; - - // execute - var signatureResult = signatureSpec.sign(); - - - new String(Base64.getEncoder().encode(JWK.parse("{" + - " \"kty\": \"RSA\"," + - " \"kid\": \"test-key-rsa-pss\"," + - " \"p\": \"5V-6ISI5yEaCFXm-fk1EM2xwAWekePVCAyvr9QbTlFOCZwt9WwjUjhtKRus" + - " i5Uq-IYZ_tq2WRE4As4b_FHEMtp2AER43IcvmXPqKFBoUktVDS7dThIHrsnRi1U7d" + - " HqVdwiMEMe5jxKNgnsKLpnq-4NyhoS6OeWu1SFozG9J9xQk\"," + - " \"q\": \"w-wIde17W5Y0Cphp3ZZ0uM8OUq1AkrV2IKauqYHaDxAT32EM4ci2MMER2nI" + - " UEo4g_42lW0zYouFFqONwv0-HyOsgPpdSqKRC5WLgn0VXabjaNcy6KhNPXeJ0Agtq" + - " diDwPeJ2_L_eKwNWQ43RfdQBUquAwSd7SEmmQ8sViqB628M\"," + - " \"d\": \"lAfIqfpCYomVShfAKnwf2lD9I0wKjkHsCtZCif4kAlwQqqW6N-tIL3bdOR-" + - " VWf0Q1ZBIDtpO91UrG7pansyrPERbNrRJlPiYEyPTHkCT1nD-l2isuiyGLNBNnFoK" + - " fBgA4KAbPJZQatFIV9Cn34JSHnpN5-2ehreGBYHtkwHFtlmzeF3yu5bqRcqOhx8lk" + - " YmBzDAEUFyyXjknU5-WjAT9DzuG0MpOTkcU1EnjnIjyVBZLUB5Lxm8puyq8hH8B_E" + - " 5LNC-1oc8j-tDy98UvRTTiYvZvs87cGCFxg0LijNhg7CE3g9piNqB6DzMgA9MHSOw" + - " cElVtfKdYfo4H3OHZXsSmEQ\"," + - " \"e\": \"AQAB\"," + - " \"qi\": \"jRAqfYi_tKCjhP9eM0N2XaRlNeoYCTx06GlSLD8d0zc4ZZuEePY10LMGWI" + - " 6Y_JC0CvvvQYhNa9sAj4hFjIVLsWeTplVVUezGO1ofLW4kYWVpnMpHgAY1pRM4kyz" + - " o1p3MKYY8DE1BA4KqhSOfhdGs6Ov3Dfj0migZeE7Fu7yc7Fc\"," + - " \"dp\": \"otDolkxtJ7Sk8gmRJqZCGx6GAvlGznWJfibXPv6xgUAl-G83dD84YgcNGn" + - " oeMxRzEekfDtT5LVMRPF4_AoucsqPqHDyOdfb-dlGBYfOBVxj6w-xF5HE0lV_4J-H" + - " rI63Od9fTSn4lY5d1JjyCVJIcnBEAyiD6EUZbUBh23vDzRcE\"," + - " \"dq\": \"iZE1S6CpqmBoQDxOsXGQmaeBdhoCqkDSJhEDuS_dLhBq88FQa0UkcE1QvO" + - " K3J2Q21VnfDqGBx7SH1hOFOj-cpz45kNluB832ztxDvnHQ9AIA7h_HY_3VD6YPMNR" + - " VN4bfSYS3abdLR0Z7jsmInGJ9X0_fA0E2tkZIgXeas5EFU0M\"," + - " \"n\": \"r4tmm3r20Wd_PbqvP1s2-QEtvpuRaV8Yq40gjUR8y2Rjxa6dpG2GXHbPfvM" + - " s8ct-Lh1GH45x28Rw3Ry53mm-oAXjyQ86OnDkZ5N8lYbggD4O3w6M6pAvLkhk95An" + - " dTrifbIFPNU8PPMO7OyrFAHqgDsznjPFmTOtCEcN2Z1FpWgchwuYLPL-Wokqltd11" + - " nqqzi-bJ9cvSKADYdUAAN5WUtzdpiy6LbTgSxP7ociU4Tn0g5I6aDZJ7A8Lzo0KSy" + - " ZYoA485mqcO0GVAdVw9lq4aOT9v6d-nb4bnNkQVklLQ3fVAvJm-xdDOp9LCNCN48V" + - " 2pnDOkFV6-U9nV5oyc6XI2w\"" + - "}").toPublicJWK().toJSONString().getBytes())); - - // verify signature input - assertThat(signatureResult.getSignatureInput()).isEqualTo(expectedSignatureInput); - - // verify self signature - var verificationSpec = getVerificationSpec(signatureLabel, keyId, publicKeyInfo, signatureResult); - verificationSpec.verify(); - - // verify example signature - var validSignature = "sig1=:Jf7v1wqk4bWDZzS0aqbA8VIYxBD07KkrhVmf8ncqsCCpgtggKzVpuwzsxJGDaxqw1sQ/4/9q3JviW7cV0Iq1EbFPiXkW9j9F+JPNt+pPZCjTrcHzKSZ+Yz+MYttSS/umR0YdCPdkObu28HyZ1hcTgt2xSqyYpjxX9CPcjHn42tVJBF6KfmxnAdcYH3vjFj30QPRyMUjQEH9FEQItcxP7H4P9vXsHsKi2o3NFwgl8Lq5zCOMURbM4BtgxJwVh97MJzqPVJEq3isEa60hquPIdIjPoL9tgMEZkbERHZzqg3KivS9cjdQ7VsWWdwu8S2mPbRVK7SAyhEpk+hnmpxg24Uw==:"; - verificationSpec = getVerificationSpec(signatureLabel, keyId, publicKeyInfo, expectedSignatureInput, validSignature); - verificationSpec.verify(); - } - @Test @DisplayName("Signing a Response using ecdsa-p256-sha256") void signingResponseEcdsaP256Sha256() throws Exception {