From a219801c2dbd7b27c538582a194bab9b5225e79b Mon Sep 17 00:00:00 2001
From: ilya <ilya@laptop.(none)>
Date: Tue, 13 Jul 2010 11:10:04 -0700
Subject: [PATCH] Now using detached signatures

---
 app/models/post.rb           | 10 ++++----
 spec/user_encryption_spec.rb | 44 +++++++++++++++++-------------------
 2 files changed, 26 insertions(+), 28 deletions(-)

diff --git a/app/models/post.rb b/app/models/post.rb
index 2ca631ad5..d648c1af5 100644
--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -48,7 +48,7 @@ class Post
   def verify_signature
     return false unless owner_signature && person.key_fingerprint
     validity = nil
-    message = GPGME::verify(owner_signature, nil, {:armor => true, :always_trust => true}){ |signature|
+    GPGME::verify(owner_signature, to_xml.to_s, {:armor => true, :always_trust => true}){ |signature|
       puts signature
       puts signature.inspect
       validity =  signature.status == GPGME::GPG_ERR_NO_ERROR &&
@@ -56,16 +56,16 @@ class Post
         signature.fpr == person.key_fingerprint
       #validity = validity && person.key_fingerprint == signature.fpr
     }
-    puts message
+    #puts message
     puts to_xml.to_s
-    return validity && message == to_xml.to_s
+    return validity# && message == to_xml.to_s
     #validity = validity && (signed_text == to_xml.to_s)
   end
   protected
   def sign_if_mine
     if self.person == User.first
-      self.owner_signature = GPGME::sign(to_xml.to_s,nil,{
-        :armor=> true})
+      self.owner_signature = GPGME::sign(to_xml.to_s,nil,
+        {:armor=> true, :mode => GPGME::SIG_MODE_DETACH})
     end
   end
 
diff --git a/spec/user_encryption_spec.rb b/spec/user_encryption_spec.rb
index f56a3dba7..41842af3d 100644
--- a/spec/user_encryption_spec.rb
+++ b/spec/user_encryption_spec.rb
@@ -70,7 +70,15 @@ describe 'user encryption' do
   end
 
   describe 'signing and verifying' do
-    
+    before do
+      @person = Factory.create(:person,
+        :key_fingerprint => GPGME.list_keys("Remote Friend").first.subkeys.first.fpr,
+        :profile => Profile.create(:first_name => 'Remote',
+                                  :last_name => 'Friend'),
+        :email => 'somewhere@else.com',
+        :url => 'http://distant-example.com/',
+        :key_fingerprint => '57F553EE2C230991566B7C60D3638485F3960087')
+    end
     it 'should sign a message on create' do
       message = Factory.create(:status_message, :person => @u)
       message.verify_signature.should be true 
@@ -83,38 +91,28 @@ describe 'user encryption' do
     end
     
     it 'should verify a remote signature' do 
-      person = Factory.create(:person,
-        :key_fingerprint => GPGME.list_keys("Remote Friend").first.subkeys.first.fpr,
-        :profile => Profile.create(:first_name => 'Remote',
-                                  :last_name => 'Friend'),
-        :email => 'somewhere@else.com',
-        :url => 'http://distant-example.com/',
-        :key_fingerprint => '57F553EE2C230991566B7C60D3638485F3960087')
-      puts person.inspect
-      message = Factory.create(:status_message, :person => person)
-      message.owner_signature = GPGME.sign(message.to_xml.to_s, nil, {:armor => true, :signers => [person.key]})
-      message.save                        # :owner_signature => File.open(File.dirname(__FILE__) + "/fixtures/msg.xml.detached.asc").read)
-                              # :owner_signature => File.open(File.dirname(__FILE__) + "/fixtures/msg.xml.clear.asc").read)
+      message = Factory.create(:status_message, :person => @person)
+      message.owner_signature = GPGME.sign(message.to_xml.to_s, nil,
+        {:mode => GPGME::SIG_MODE_DETACH, :armor => true, :signers => [@person.key]})
+      message.save    
       message.verify_signature.should be true
     end
     
     it 'should know if the signature is from the wrong person' do
-      person = Factory.create(:person, :key_fingerprint => GPGME.list_keys("Ilya").first.subkeys.first.fpr)
-      message = Factory.create(:status_message, :person => person,
-                                :owner_signature => File.open(File.dirname(__FILE__) + "/fixtures/msg.xml.normal.asc").read)
-                              # :owner_signature => File.open(File.dirname(__FILE__) + "/fixtures/msg.xml.detached.asc").read)
-                              # :owner_signature => File.open(File.dirname(__FILE__) + "/fixtures/msg.xml.clear.asc").read)
-
+      message = Factory.create(:status_message, :person => @person)
+      message.owner_signature = GPGME.sign(message.to_xml.to_s, nil,
+        {:mode => GPGME::SIG_MODE_DETACH, :armor => true, :signers => [@person.key]})
       message.person = @u
       message.verify_signature.should be false
     end
    
     it 'should know if the signature is for the wrong text' do
-      person = Factory.create(:person, :key_fingerprint => GPGME.list_keys("Ilya").first.subkeys.first.fpr)
-      message = Factory.create(:status_message, :message => 'I love VENISON', :person => person,
-                                :owner_signature => File.open(File.dirname(__FILE__) + "/fixtures/msg.xml.normal.asc").read)
+      message = Factory.create(:status_message, :person => @person)
+      message.owner_signature = GPGME.sign(message.to_xml.to_s, nil,
+        {:mode => GPGME::SIG_MODE_DETACH, :armor => true, :signers => [@person.key]})
+      message.message = 'I love VENISON'
+      message.save
       message.verify_signature.should be false
-
     end
   end
 end