static {
try {
SIGNATURE_KEY_PAIR = CryptoUtils.generateDSAKeyPair(CryptoUtils.DSA_1024);
} catch (Exception e) {
// ignore
}
}
/**
* Sign product, verify signature, then modify product and check that signature no longer
* verifies.
*
* @throws Exception
*/
@Test
public void testSignature() throws Exception {
Product product = getProduct();
KeyPair keyPair = CryptoUtils.generateDSAKeyPair(CryptoUtils.DSA_1024);
Assert.assertFalse(
"Unsigned products do not verify signature",
product.verifySignature(new PublicKey[] {keyPair.getPublic()}));
product.sign(keyPair.getPrivate());
Assert.assertTrue(
"Public key verifies signature correctly",
product.verifySignature(new PublicKey[] {keyPair.getPublic()}));
// modify product
product.getId().setUpdateTime(new Date(product.getId().getUpdateTime().getTime() + 1000));
Assert.assertFalse(
"Public key doesn't verify after modification",
product.verifySignature(new PublicKey[] {keyPair.getPublic()}));
}
