Beispiel #1
0
  public void testTimestampAuthenticode() throws Exception {
    File sourceFile = new File("target/test-classes/wineyes.exe");
    File targetFile = new File("target/test-classes/wineyes-timestamped-authenticode.exe");

    FileUtils.copyFile(sourceFile, targetFile);

    PEFile peFile = new PEFile(targetFile);

    PESigner signer = new PESigner(getKeyStore(), ALIAS, PRIVATE_KEY_PASSWORD);
    signer.withDigestAlgorithm(DigestAlgorithm.SHA1);
    signer.withTimestamping(true);
    signer.withTimestampingMode(TimestampingMode.AUTHENTICODE);
    signer.sign(peFile);

    peFile = new PEFile(targetFile);
    List<CMSSignedData> signatures = peFile.getSignatures();
    assertNotNull(signatures);
    assertEquals(1, signatures.size());

    CMSSignedData signature = signatures.get(0);

    assertNotNull(signature);

    peFile.printInfo(System.out);
  }
Beispiel #2
0
  public void testSign() throws Exception {
    File sourceFile = new File("target/test-classes/wineyes.exe");
    File targetFile = new File("target/test-classes/wineyes-signed.exe");

    FileUtils.copyFile(sourceFile, targetFile);

    PEFile peFile = new PEFile(targetFile);

    PESigner signer =
        new PESigner(getKeyStore(), ALIAS, PRIVATE_KEY_PASSWORD)
            .withTimestamping(false)
            .withProgramName("WinEyes")
            .withProgramURL("http://www.steelblue.com/WinEyes");

    signer.sign(peFile);

    peFile = new PEFile(targetFile);
    List<CMSSignedData> signatures = peFile.getSignatures();
    assertNotNull(signatures);
    assertEquals(1, signatures.size());

    CMSSignedData signature = signatures.get(0);

    assertNotNull(signature);

    peFile.printInfo(System.out);
  }
Beispiel #3
0
  public void testBrokenTimestampingAutority(TimestampingMode mode) throws Exception {
    File sourceFile = new File("target/test-classes/wineyes.exe");
    File targetFile =
        new File(
            "target/test-classes/wineyes-timestamped-broken-" + mode.name().toLowerCase() + ".exe");

    FileUtils.copyFile(sourceFile, targetFile);

    PEFile peFile = new PEFile(targetFile);

    PESigner signer = new PESigner(getKeyStore(), ALIAS, PRIVATE_KEY_PASSWORD);
    signer.withDigestAlgorithm(DigestAlgorithm.SHA1);
    signer.withTimestamping(true);
    signer.withTimestampingMode(mode);
    signer.withTimestampingAutority("http://github.com");

    try {
      signer.sign(peFile);
      fail("TimestampingException not thrown");
    } catch (TimestampingException e) {
      // expected
    }

    peFile = new PEFile(targetFile);
    List<CMSSignedData> signatures = peFile.getSignatures();
    assertNotNull(signatures);
    assertTrue(signatures.isEmpty());
  }
Beispiel #4
0
  /**
   * Tests that it is possible to specify a signature algorithm who's name is not simply a
   * concatenation of a digest algorithm and the key algorithm.
   *
   * <p>This test also sets the signature provider as a provider supporting the RSASSA-PSS
   * algorithms might not be installed.
   *
   * @throws Exception
   */
  public void testWithSignatureAlgorithmSHA256withRSAandMGF1() throws Exception {
    File sourceFile = new File("target/test-classes/wineyes.exe");
    File targetFile = new File("target/test-classes/wineyes-signed.exe");

    FileUtils.copyFile(sourceFile, targetFile);

    PEFile peFile = null;
    try {
      peFile = new PEFile(targetFile);

      PESigner signer =
          new PESigner(getKeyStore(), ALIAS, PRIVATE_KEY_PASSWORD)
              .withTimestamping(false)
              .withDigestAlgorithm(DigestAlgorithm.SHA1)
              .withSignatureAlgorithm("SHA256withRSAandMGF1", new BouncyCastleProvider());

      signer.sign(peFile);

      peFile = new PEFile(targetFile);
      List<CMSSignedData> signatures = peFile.getSignatures();
      assertNotNull(signatures);
      assertEquals(1, signatures.size());

      CMSSignedData signedData = signatures.get(0);
      assertNotNull(signedData);

      // Check the signature algorithm
      final SignerInformation si =
          (SignerInformation) signedData.getSignerInfos().getSigners().iterator().next();
      assertEquals(
          "Digest algorithm",
          NISTObjectIdentifiers.id_sha256,
          si.getDigestAlgorithmID().getAlgorithm());
      assertEquals(
          "Encryption algorithm",
          PKCSObjectIdentifiers.id_RSASSA_PSS.getId(),
          si.getEncryptionAlgOID());
    } finally {
      if (peFile != null) {
        peFile.close();
      }
    }
  }
Beispiel #5
0
  /**
   * Tests that a custom Timestamper implementation can be provided.
   *
   * @throws Exception
   */
  public void testWithTimestamper() throws Exception {
    File sourceFile = new File("target/test-classes/wineyes.exe");
    File targetFile = new File("target/test-classes/wineyes-timestamped-authenticode.exe");

    FileUtils.copyFile(sourceFile, targetFile);

    PEFile peFile = new PEFile(targetFile);

    final HashSet<Boolean> called = new HashSet<Boolean>();

    PESigner signer = new PESigner(getKeyStore(), ALIAS, PRIVATE_KEY_PASSWORD);
    signer.withDigestAlgorithm(DigestAlgorithm.SHA1);
    signer.withTimestamping(true);
    signer.withTimestamper(
        new AuthenticodeTimestamper() {

          @Override
          protected CMSSignedData timestamp(DigestAlgorithm algo, byte[] encryptedDigest)
              throws IOException, TimestampingException {
            called.add(true);
            return super.timestamp(algo, encryptedDigest);
          }
        });
    signer.sign(peFile);

    peFile = new PEFile(targetFile);
    List<CMSSignedData> signatures = peFile.getSignatures();
    assertNotNull(signatures);
    assertEquals(1, signatures.size());

    CMSSignedData signature = signatures.get(0);

    assertNotNull(signature);

    assertTrue("expecting our Timestamper to be used", called.contains(true));
  }