Crypto lesson (#712)

* crypto lesson added * signing assignment * integration test added for signing assignment * added more hints * corrections after rebase * added some explanation * added security defaults assignment
2019-11-23 21:52:14 +01:00
parent 9c0b7f8233
commit b5e5dd1d13
26 changed files with 1151 additions and 1 deletions
--- a/webgoat-lessons/crypto/src/test/java/org/owasp/webgoat/crypto/CryptoUtilTest.java
+++ b/webgoat-lessons/crypto/src/test/java/org/owasp/webgoat/crypto/CryptoUtilTest.java
@ -0,0 +1,32 @@
+package org.owasp.webgoat.crypto;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
+
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.interfaces.RSAPublicKey;
+
+import javax.xml.bind.DatatypeConverter;
+
+import org.junit.jupiter.api.Test;
+
+public class CryptoUtilTest {
+
+	@Test
+	public void testSigningAssignment() {
+		try {
+			KeyPair keyPair = CryptoUtil.generateKeyPair();
+			RSAPublicKey rsaPubKey = (RSAPublicKey) keyPair.getPublic();
+			PrivateKey privateKey = CryptoUtil.getPrivateKeyFromPEM(CryptoUtil.getPrivateKeyInPEM(keyPair));
+			String modulus = DatatypeConverter.printHexBinary(rsaPubKey.getModulus().toByteArray());
+			String signature = CryptoUtil.signMessage(modulus, privateKey);
+			System.out.println(rsaPubKey.getPublicExponent());
+			assertTrue(CryptoUtil.verifyAssignment(modulus, signature, keyPair.getPublic()));
+		} catch (Exception e) {
+			e.printStackTrace();
+			fail();
+		}
+	}
+
+}