PublicArchive/duplicati
2
0
Fork 0
mirror of https://github.com/duplicati/duplicati.git synced 2026-05-06 15:26:45 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
feature/remote-httpserver-websockets
duplicati/Duplicati/UnitTest/JSONSignatureTest.cs
T
Kenneth Skovhede b6ca526ee7 Implemented the new manifest format 
Fixed some issues with the manifest urls.
Changed to records and nullable in some places.
Regenerated the test-keys to use RSA208.
Changed to using built-in JSON for manifest.
This fixes #5145
2024-04-23 13:41:59 +02:00

189 lines
8.6 KiB
C#
Raw Permalink Blame History

using System.IO;
using System.Linq;
using System.Security.Cryptography;
using Duplicati.Library.Utility;
using NUnit.Framework;
namespace Duplicati.UnitTest;
[Category("SignatureTest")]
public class JSONSignatureTest
{
[Test]
[TestCase(true)]
[TestCase(false)]
public void SignWithASingleKeyShouldWork(bool withHeaders)
{
var content = System.Text.Encoding.UTF8.GetBytes(System.Text.Json.JsonSerializer.Serialize(new { test = "test", extra = 234 }));
var headers = withHeaders ? new System.Collections.Generic.Dictionary<string, string> { { "test", "1234" } } : null;
var key = new RSACryptoServiceProvider(2048);
using var source = new MemoryStream(content);
using var target = new MemoryStream();
JSONSignature.SignAsync(source, target, [new JSONSignature.SignOperation(JSONSignature.RSA_SHA256, key.ToXmlString(false), key.ToXmlString(true), headers)]).Wait();
target.Position = 0;
var valids = JSONSignature.Verify(target, [new JSONSignature.VerifyOperation(JSONSignature.RSA_SHA256, key.ToXmlString(false))]);
Assert.That(valids, Has.Count.EqualTo(1));
}
[Test]
[TestCase(true)]
[TestCase(false)]
public void SignWithMultipleAlgsShouldWork(bool withHeaders)
{
var content = System.Text.Encoding.UTF8.GetBytes(System.Text.Json.JsonSerializer.Serialize(new { test = "test", extra = 234 }));
var headers = withHeaders ? new System.Collections.Generic.Dictionary<string, string> { { "test", "1234" } } : null;
var key = new RSACryptoServiceProvider(2048);
using var source = new MemoryStream(content);
using var target = new MemoryStream();
var algs = new[] { JSONSignature.RSA_SHA256, JSONSignature.RSA_SHA384, JSONSignature.RSA_SHA512 };
JSONSignature.SignAsync(source, target, algs.Select(x => new JSONSignature.SignOperation(x, key.ToXmlString(false), key.ToXmlString(true), headers))).Wait();
target.Position = 0;
var valids = JSONSignature.Verify(target, algs.Select(x => new JSONSignature.VerifyOperation(x, key.ToXmlString(false))));
Assert.That(valids, Has.Count.EqualTo(algs.Length));
foreach (var alg in algs)
{
target.Position = 0;
var valid = JSONSignature.Verify(target, [new JSONSignature.VerifyOperation(alg, key.ToXmlString(false))]);
Assert.That(valid, Has.Count.EqualTo(1));
Assert.That(valid.First().Algorithm, Is.EqualTo(alg));
Assert.That(valid.First().PublicKey, Is.EqualTo(key.ToXmlString(false)));
target.Position = 0;
var hasOne = JSONSignature.VerifyAtLeastOne(target, [new JSONSignature.VerifyOperation(alg, key.ToXmlString(false))]);
Assert.That(hasOne, Is.True);
}
}
[Test]
[TestCase(true)]
[TestCase(false)]
public void SignWithMultipleKeysShouldWork(bool withHeaders)
{
var content = System.Text.Encoding.UTF8.GetBytes(System.Text.Json.JsonSerializer.Serialize(new { test = "test", extra = 234 }));
var headers = withHeaders ? new System.Collections.Generic.Dictionary<string, string> { { "test", "1234" } } : null;
var keys = new[] { new RSACryptoServiceProvider(2048), new RSACryptoServiceProvider(2048), new RSACryptoServiceProvider(1024) };
using var source = new MemoryStream(content);
using var target = new MemoryStream();
var algs = new[] { JSONSignature.RSA_SHA256, JSONSignature.RSA_SHA384, JSONSignature.RSA_SHA512 };
var algkeycombos = algs.SelectMany(alg => keys.Select(key => (Alg: alg, Key: key))).ToArray();
JSONSignature.SignAsync(source, target, algkeycombos.Select(x => new JSONSignature.SignOperation(x.Alg, x.Key.ToXmlString(false), x.Key.ToXmlString(true), headers))).Wait();
target.Position = 0;
var valids = JSONSignature.Verify(target, algkeycombos.Select(x => new JSONSignature.VerifyOperation(x.Alg, x.Key.ToXmlString(false))));
Assert.That(valids, Has.Count.EqualTo(algkeycombos.Length));
foreach (var alg in algkeycombos)
{
target.Position = 0;
var valid = JSONSignature.Verify(target, [new JSONSignature.VerifyOperation(alg.Alg, alg.Key.ToXmlString(false))]);
Assert.That(valid, Has.Count.EqualTo(1));
Assert.That(valid.First().Algorithm, Is.EqualTo(alg.Alg));
Assert.That(valid.First().PublicKey, Is.EqualTo(alg.Key.ToXmlString(false)));
target.Position = 0;
var hasOne = JSONSignature.VerifyAtLeastOne(target, [new JSONSignature.VerifyOperation(alg.Alg, alg.Key.ToXmlString(false))]);
Assert.That(hasOne, Is.True);
}
}
[Test]
public void InvalidSignaturesShouldNotThrow()
{
var broken1 = new[] {
// Invalid Base64 data
"//SIGJSONv1: ####.abc=\n{\"x\": 1}"u8.ToArray(),
// Invalid Base64 data
"//SIGJSONv1: abc.abc\n{\"x\": 1}"u8.ToArray(),
// Invalid header
"//SIGJSONv1:abc=.abc=\n{\"x\": 1}"u8.ToArray(),
// No newline
"//SIGJSONv1: abc=.abc={\"x\": 1}"u8.ToArray(),
// No newline
"//SIGJSONv1: abc=.abc={\"x\": 1}\n"u8.ToArray(),
// Extra newline
"//SIGJSONv1: abc=.abc=\n{\"x\": 1}\n"u8.ToArray(),
};
var key = new RSACryptoServiceProvider(2048);
foreach (var c in broken1)
{
using var source = new MemoryStream(c);
using var target = new MemoryStream();
var valids = JSONSignature.Verify(target, [new JSONSignature.VerifyOperation(JSONSignature.RSA_SHA256, key.ToXmlString(false))]);
Assert.That(valids, Has.Count.EqualTo(0));
}
}
[Test]
[TestCase(true)]
[TestCase(false)]
public void TaintedDataShouldNotValidate(bool withHeaders)
{
var content = System.Text.Encoding.UTF8.GetBytes(System.Text.Json.JsonSerializer.Serialize(new { test = "test", extra = 234 }));
var headers = withHeaders ? new System.Collections.Generic.Dictionary<string, string> { { "test", "1234" } } : null;
var keys = new[] { new RSACryptoServiceProvider(2048), new RSACryptoServiceProvider(2048), new RSACryptoServiceProvider(1024) };
using var source = new MemoryStream(content);
using var target = new MemoryStream();
var algs = new[] { JSONSignature.RSA_SHA256, JSONSignature.RSA_SHA384, JSONSignature.RSA_SHA512 };
var algkeycombos = algs.SelectMany(alg => keys.Select(key => (Alg: alg, Key: key))).ToArray();
JSONSignature.SignAsync(source, target, algkeycombos.Select(x => new JSONSignature.SignOperation(x.Alg, x.Key.ToXmlString(false), x.Key.ToXmlString(true), headers))).Wait();
// Taint the data
target.Position = target.Length - 1;
target.WriteByte((byte)'\n');
target.Position = 0;
var valids = JSONSignature.Verify(target, algkeycombos.Select(x => new JSONSignature.VerifyOperation(x.Alg, x.Key.ToXmlString(false))));
Assert.That(valids, Has.Count.EqualTo(0));
}
[Test]
[TestCase(true, 1)] // Offset=1 breaks the JSON
[TestCase(false, 1)]
[TestCase(true, 4)] // Offset=4 changes the header key name
[TestCase(false, 4)]
public void TaintedHeadersShouldNotValidate(bool withHeaders, int offset)
{
var content = System.Text.Encoding.UTF8.GetBytes(System.Text.Json.JsonSerializer.Serialize(new { test = "test", extra = 234 }));
var headers = withHeaders ? new System.Collections.Generic.Dictionary<string, string> { { "test", "1234" } } : null;
var keys = new[] { new RSACryptoServiceProvider(2048), new RSACryptoServiceProvider(2048), new RSACryptoServiceProvider(1024) };
using var source = new MemoryStream(content);
using var target = new MemoryStream();
var algs = new[] { JSONSignature.RSA_SHA256, JSONSignature.RSA_SHA384, JSONSignature.RSA_SHA512 };
var algkeycombos = algs.SelectMany(alg => keys.Select(key => (Alg: alg, Key: key))).ToArray();
JSONSignature.SignAsync(source, target, algkeycombos.Select(x => new JSONSignature.SignOperation(x.Alg, x.Key.ToXmlString(false), x.Key.ToXmlString(true), headers))).Wait();
// Taint the header data for the first signature
target.Position = "//SIGJSONv1: ".Length + offset;
var cur = target.ReadByte();
target.Position -= 1;
target.WriteByte((byte)(cur - 1));
target.Position = 0;
var valids = JSONSignature.Verify(target, algkeycombos.Select(x => new JSONSignature.VerifyOperation(x.Alg, x.Key.ToXmlString(false))));
Assert.That(valids, Has.Count.EqualTo(algkeycombos.Length - 1));
}
}
Reference in New Issue View Git Blame Copy Permalink