From c5199e6aa94c94f703df228c9276fb12205a3e56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernd=20Pr=C3=BCnster?= <bernd.pruenster@a-sit.at>
Date: Wed, 13 Nov 2024 18:08:06 +0100
Subject: [PATCH] workaround RSA sig parsing issue

---
 .../signum/indispensable/JcaExtensions.kt     |  2 +-
 .../signum/supreme/os/JKSProviderTest.kt      | 52 ++++++++++++++-----
 2 files changed, 41 insertions(+), 13 deletions(-)

diff --git a/indispensable/src/jvmMain/kotlin/at/asitplus/signum/indispensable/JcaExtensions.kt b/indispensable/src/jvmMain/kotlin/at/asitplus/signum/indispensable/JcaExtensions.kt
index ec2abc28..3e0a2608 100644
--- a/indispensable/src/jvmMain/kotlin/at/asitplus/signum/indispensable/JcaExtensions.kt
+++ b/indispensable/src/jvmMain/kotlin/at/asitplus/signum/indispensable/JcaExtensions.kt
@@ -187,7 +187,7 @@ fun CryptoSignature.Companion.parseFromJca(
     if (algorithm is SignatureAlgorithm.ECDSA)
         CryptoSignature.EC.parseFromJca(input)
     else
-        CryptoSignature.RSAorHMAC.parseFromJca(input)
+        CryptoSignature.RSAorHMAC.parseFromJca(byteArrayOf(0,* input))
 
 fun CryptoSignature.Companion.parseFromJca(
     input: ByteArray,
diff --git a/supreme/src/jvmTest/kotlin/at/asitplus/signum/supreme/os/JKSProviderTest.kt b/supreme/src/jvmTest/kotlin/at/asitplus/signum/supreme/os/JKSProviderTest.kt
index 0977f3ba..47e30150 100644
--- a/supreme/src/jvmTest/kotlin/at/asitplus/signum/supreme/os/JKSProviderTest.kt
+++ b/supreme/src/jvmTest/kotlin/at/asitplus/signum/supreme/os/JKSProviderTest.kt
@@ -1,31 +1,57 @@
 package at.asitplus.signum.supreme.os
 
+import at.asitplus.signum.indispensable.Digest
+import at.asitplus.signum.indispensable.RSAPadding
+import at.asitplus.signum.supreme.sign.SigningKeyConfiguration
 import at.asitplus.signum.supreme.sign.makeVerifier
 import at.asitplus.signum.supreme.sign.verify
 import at.asitplus.signum.supreme.signature
 import at.asitplus.signum.supreme.succeed
 import io.kotest.core.spec.style.FreeSpec
 import io.kotest.matchers.should
-import io.kotest.matchers.shouldBe
 import io.kotest.matchers.shouldNot
 import io.kotest.property.azstring
 import java.nio.file.Files
 import kotlin.random.Random
 
 class JKSProviderTest : FreeSpec({
-    "Ephemeral" {
-        val ks = JKSProvider.Ephemeral().getOrThrow()
-        val alias = "Elfenbeinschloss"
-        ks.getSignerForKey(alias) shouldNot succeed
-        val signer = ks.createSigningKey(alias).getOrThrow()
-        val otherSigner = ks.getSignerForKey(alias).getOrThrow()
+    "Ephemeral" - {
 
-        val data = Random.Default.nextBytes(64)
-        val signature = signer.sign(data).signature
-        otherSigner.makeVerifier().getOrThrow().verify(data, signature) should succeed
+        "EC" {
+            val ks = JKSProvider.Ephemeral().getOrThrow()
+            val alias = "Elfenbeinschloss"
+            ks.getSignerForKey(alias) shouldNot succeed
+            val signer = ks.createSigningKey(alias).getOrThrow()
+            val otherSigner = ks.getSignerForKey(alias).getOrThrow()
+
+            val data = Random.Default.nextBytes(64)
+            val signature = signer.sign(data).signature
+            otherSigner.makeVerifier().getOrThrow().verify(data, signature) should succeed
+        }
+
+        "RSA" {
+            repeat(500) {
+                val ks = JKSProvider.Ephemeral().getOrThrow()
+                val alias = "Elfenbeinschloss"
+                ks.getSignerForKey(alias) shouldNot succeed
+                val signer = ks.createSigningKey(alias) {
+                    rsa {
+                        bits = 1024 //faster testing
+                        paddings = setOf(RSAPadding.PKCS1)
+                        digests = setOf(Digest.SHA256)
+                        publicExponent = SigningKeyConfiguration.RSAConfiguration.F4
+                    }
+                }.getOrThrow()
+                val otherSigner = ks.getSignerForKey(alias).getOrThrow()
+
+                val data = Random.Default.nextBytes(64)
+                val signature = signer.sign(data).signature
+                otherSigner.makeVerifier().getOrThrow().verify(data, signature) should succeed
+            }
+        }
     }
     "File-based persistence" {
-        val tempfile = Files.createTempFile(Random.azstring(16),null).also { Files.delete(it) }
+        val tempfile = Files.createTempFile(Random.azstring(16), null).also { Files.delete(it) }
         try {
             val alias = "Elfenbeinturm"
             val correctPassword = "Schwertfischfilet".toCharArray()
@@ -68,6 +94,8 @@ class JKSProviderTest : FreeSpec({
 
             // check that ks1 "sees" the deletion that was made by ks3
             ks1.getSignerForKey(alias) shouldNot succeed
-        } finally { Files.deleteIfExists(tempfile) }
+        } finally {
+            Files.deleteIfExists(tempfile)
+        }
     }
 })