jsonsign: fix bugs from move to upstream go openpgp; more tests

2011-03-15 17:37:52 -07:00 · 2011-03-15 17:37:52 -07:00 · 33e2d32f99
parent b00566cc6f
commit 33e2d32f99
2 changed files with 35 additions and 29 deletions
--- a/lib/go/jsonsign/jsonsign_test.go
+++ b/lib/go/jsonsign/jsonsign_test.go
@ -103,11 +103,15 @@ func newRequest() *SignRequest {

 func TestSigning(t *testing.T) {
 	sr := newRequest()
-	sr.UnsignedJson = fmt.Sprintf(`{"camliSigner": %q}`, pubKeyBlob1.BlobRef().String())
-	got, err := sr.Sign()
+	sr.UnsignedJson = fmt.Sprintf(`{"camliVersion": 1, "camliSigner": %q  }`, pubKeyBlob1.BlobRef().String())
+	signed, err := sr.Sign()
 	AssertNil(t, err, "no error signing")
-	Expect(t, strings.Contains(got, `"camliSig":`), "got a camliSig")
+	Assert(t, strings.Contains(signed, `"camliSig":`), "got a camliSig")

+	vr := NewVerificationRequest(signed, testFetcher)
+	if !vr.Verify() {
+		t.Errorf("verification failed on signed json [%s]: %v", signed, vr.Err)
+	}
 	t.Logf("TODO: finish these tests; verify things round-trip, verify GPG external-vs-Go sign & verify round-trip, test signatures from wrong signer don't verify, etc.")
 }

--- a/lib/go/jsonsign/verify.go
+++ b/lib/go/jsonsign/verify.go
@ -41,13 +41,20 @@ func reArmor(line string) string {
 	if lastEq == -1 {
 		return ""
 	}
-	return fmt.Sprintf(`
-----BEGIN PGP SIGNATURE-----
-
-%s
-%s
-----END PGP SIGNATURE-----
-`, line[0:lastEq], line[lastEq:])
+	buf := new(bytes.Buffer)
+	fmt.Fprintf(buf, "-----BEGIN PGP SIGNATURE-----\n\n")
+	payload := line[0:lastEq]
+	crc := line[lastEq:]
+	for len(payload) > 0 {
+		chunkLen := len(payload)
+		if chunkLen > 60 {
+			chunkLen = 60
+		}
+		fmt.Fprintf(buf, "%s\n", payload[0:chunkLen])
+		payload = payload[chunkLen:]
+	}
+	fmt.Fprintf(buf, "%s\n-----BEGIN PGP SIGNATURE-----\n", crc)
+	return buf.String()
 }

 // See doc/json-signing/* for background and details
@ -70,14 +77,14 @@ type VerifyRequest struct {
 }

 func (vr *VerifyRequest) fail(msg string) bool {
-	vr.Err = os.NewError(msg)
+	vr.Err = os.NewError("jsonsign: " + msg)
 	return false
 }

 func (vr *VerifyRequest) ParseSigMap() bool {
 	sigMap := make(map[string]interface{})
 	if err := json.Unmarshal(vr.bs, &sigMap); err != nil {
-		return vr.fail("Invalid JSON in signature")
+		return vr.fail("invalid JSON in signature")
 	}

 	if len(sigMap) != 1 {
@ -107,21 +114,21 @@ func (vr *VerifyRequest) ParsePayloadMap() bool {
 	}

 	if _, hasVersion := pm["camliVersion"]; !hasVersion {
-		return vr.fail("Missing 'camliVersion' in the JSON payload")
+		return vr.fail("missing 'camliVersion' in the JSON payload")
 	}

 	signer, hasSigner := pm["camliSigner"]
 	if !hasSigner {
-		return vr.fail("Missing 'camliSigner' in the JSON payload")
+		return vr.fail("missing 'camliSigner' in the JSON payload")
 	}

 	if _, ok := signer.(string); !ok {
-		return vr.fail("Invalid 'camliSigner' in the JSON payload")
+		return vr.fail("invalid 'camliSigner' in the JSON payload")
 	}

 	vr.CamliSigner = blobref.Parse(signer.(string))
 	if vr.CamliSigner == nil {
-		return vr.fail("Malformed 'camliSigner' blobref in the JSON payload")
+		return vr.fail("malformed 'camliSigner' blobref in the JSON payload")
 	}
 	return true
 }
@ -129,11 +136,11 @@ func (vr *VerifyRequest) ParsePayloadMap() bool {
 func (vr *VerifyRequest) FindAndParsePublicKeyBlob() bool {
 	reader, _, err := vr.fetcher.Fetch(vr.CamliSigner)
 	if err != nil {
-		return vr.fail(fmt.Sprintf("Error fetching public key blob: %v", err))
+		return vr.fail(fmt.Sprintf("error fetching public key blob: %v", err))
 	}
 	pk, err := openArmoredPublicKeyFile(reader)
 	if err != nil {
-		return vr.fail(fmt.Sprintf("Error opening public key file: %v", err))
+		return vr.fail(fmt.Sprintf("error opening public key file: %v", err))
 	}
 	vr.PublicKeyPacket = pk
 	return true;
@ -143,13 +150,13 @@ func (vr *VerifyRequest) VerifySignature() bool {
 	armorData := reArmor(vr.CamliSig)
 	block, _ := armor.Decode(bytes.NewBufferString(armorData))
 	if block == nil {
-		return vr.fail("Can't parse camliSig armor")
+		return vr.fail("can't parse camliSig armor")
 	}
 	var p packet.Packet
 	var err os.Error
 	p, err = packet.Read(block.Body)
 	if err != nil {
-		return vr.fail("Error reading PGP packet from camliSig")
+		return vr.fail("error reading PGP packet from camliSig: " + err.String())
 	}
 	sig, ok := p.(*packet.Signature)
 	if !ok {
@ -163,11 +170,6 @@ func (vr *VerifyRequest) VerifySignature() bool {
 	}
 	hash := sha1.New()
 	hash.Write(vr.bp)  // payload bytes
-	hash.Write(sig.HashSuffix)
-	hashBytes := hash.Sum()
-	if hashBytes[0] != sig.HashTag[0] || hashBytes[1] != sig.HashTag[1] {
-		return vr.fail("hash tag doesn't match")
-	}
 	err = vr.PublicKeyPacket.VerifySignature(hash, sig)
 	if err != nil {
 		return vr.fail(fmt.Sprintf("bad signature: %s", err))
@ -182,7 +184,7 @@ func NewVerificationRequest(sjson string, fetcher blobref.Fetcher) (vr *VerifyRe
 	
 	sigIndex := bytes.LastIndex(vr.ba, []byte(sigSeparator))
 	if sigIndex == -1 {
-		vr.Err = os.NewError("no 13-byte camliSig separator found in sjson")
+		vr.Err = os.NewError("jsonsign: no 13-byte camliSig separator found in sjson")
 		return
 	}

@ -214,9 +216,9 @@ func (vr *VerifyRequest) Verify() bool {
 	// if it's not valid.
 	vr.PayloadMap = nil
 	if vr.Err == nil {
-		// The other functions just fill this in already,
-		// but just in case:
-		vr.Err = os.NewError("Verification failed")
+		// The other functions should have filled this in
+		// already, but just in case:
+		vr.Err = os.NewError("jsonsign: verification failed")
 	}
 	return false
 }