From f21802523acb2c56b41d2926cfc5158a126cc9f2 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Thu, 25 Aug 2022 14:26:36 +0200
Subject: [PATCH] CLI: Add test for Setup command

---
 .../main/java/pgp/cert_d/cli/PGPCertDCli.java |   6 +-
 .../java/pgp/cert_d/cli/InstantiateCLI.java   |  18 +++
 .../pgp/cert_d/cli/commands/SetupTest.java    | 125 ++++++++++++++++++
 3 files changed, 148 insertions(+), 1 deletion(-)
 create mode 100644 pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/InstantiateCLI.java
 create mode 100644 pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/commands/SetupTest.java

diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java
index 501d6ca..7fbac8f 100644
--- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java
+++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java
@@ -40,7 +40,7 @@ public class PGPCertDCli {
             scope = CommandLine.ScopeType.INHERIT)
     File baseDirectory;
 
-    private static PGPainlessCertD certificateDirectory;
+    static PGPainlessCertD certificateDirectory;
 
     private int executionStrategy(CommandLine.ParseResult parseResult) {
         try {
@@ -52,6 +52,10 @@ public class PGPCertDCli {
     }
 
     private void initStore() throws NotAStoreException, SQLException {
+        if (certificateDirectory != null) {
+            return;
+        }
+
         if (baseDirectory == null) {
             baseDirectory = BaseDirectoryProvider.getDefaultBaseDir();
         }
diff --git a/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/InstantiateCLI.java b/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/InstantiateCLI.java
new file mode 100644
index 0000000..6a20ff6
--- /dev/null
+++ b/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/InstantiateCLI.java
@@ -0,0 +1,18 @@
+// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package pgp.cert_d.cli;
+
+import org.pgpainless.certificate_store.PGPainlessCertD;
+
+public class InstantiateCLI {
+
+    public static void resetStore() {
+        PGPCertDCli.certificateDirectory = null;
+    }
+
+    public static void setInMemoryStore() {
+        PGPCertDCli.certificateDirectory = PGPainlessCertD.inMemory();
+    }
+}
diff --git a/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/commands/SetupTest.java b/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/commands/SetupTest.java
new file mode 100644
index 0000000..b4664c0
--- /dev/null
+++ b/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/commands/SetupTest.java
@@ -0,0 +1,125 @@
+// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package pgp.cert_d.cli.commands;
+
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.pgpainless.PGPainless;
+import org.pgpainless.certificate_store.PGPainlessCertD;
+import org.pgpainless.key.OpenPgpFingerprint;
+import org.pgpainless.key.info.KeyInfo;
+import org.pgpainless.key.protection.UnlockSecretKey;
+import org.pgpainless.util.Passphrase;
+import pgp.cert_d.cli.InstantiateCLI;
+import pgp.cert_d.cli.PGPCertDCli;
+import pgp.certificate_store.certificate.Key;
+import pgp.certificate_store.certificate.KeyMaterial;
+import pgp.certificate_store.exception.BadDataException;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.Charset;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+public class SetupTest {
+
+    private PGPainlessCertD store;
+
+    @BeforeEach
+    public void setup() {
+        InstantiateCLI.setInMemoryStore();
+        store = PGPCertDCli.getCertificateDirectory();
+    }
+
+    @AfterEach
+    public void teardown() {
+        InstantiateCLI.resetStore();
+        store = null;
+    }
+
+    @Test
+    public void testSetupGeneratesTrustRoot()
+            throws BadDataException, IOException {
+        assertNull(store.getTrustRoot());
+
+        PGPCertDCli.main(new String[] {"setup"});
+        KeyMaterial trustRoot = store.getTrustRoot();
+        assertNotNull(trustRoot);
+        assertTrue(trustRoot instanceof Key);
+
+        // Check that key has no password
+        PGPSecretKeyRing secretKeys = PGPainless.readKeyRing().secretKeyRing(trustRoot.getInputStream());
+        assertTrue(KeyInfo.isDecrypted(secretKeys.getSecretKey()));
+    }
+
+    @Test
+    public void testSetupWithPassword()
+            throws BadDataException, IOException, PGPException {
+        assertNull(store.getTrustRoot());
+
+        PGPCertDCli.main(new String[] {"setup", "--with-password", "sw0rdf1sh"});
+        KeyMaterial trustRoot = store.getTrustRoot();
+        assertNotNull(trustRoot);
+        assertTrue(trustRoot instanceof Key);
+
+        // Check that key is encrypted
+        PGPSecretKeyRing secretKeys = PGPainless.readKeyRing().secretKeyRing(trustRoot.getInputStream());
+        assertTrue(KeyInfo.isEncrypted(secretKeys.getSecretKey()));
+        // Check that password matches
+        assertNotNull(UnlockSecretKey.unlockSecretKey(
+                secretKeys.getSecretKey(), Passphrase.fromPassword("sw0rdf1sh")));
+    }
+
+    @Test
+    public void testSetupImportFromStdin()
+            throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException,
+            BadDataException, IOException {
+        assertNull(store.getTrustRoot());
+
+        PGPSecretKeyRing trustRoot = PGPainless.generateKeyRing()
+                .modernKeyRing("trust-root");
+        OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(trustRoot);
+        String armored = PGPainless.asciiArmor(trustRoot);
+        ByteArrayInputStream trustRootIn = new ByteArrayInputStream(
+                armored.getBytes(Charset.forName("UTF8")));
+
+        InputStream originalStdin = System.in;
+        System.setIn(trustRootIn);
+        PGPCertDCli.main(new String[] {"setup", "--import-from-stdin"});
+        System.setIn(originalStdin);
+
+        KeyMaterial importedTrustRoot = store.getTrustRoot();
+        assertEquals(fingerprint.toString().toLowerCase(), importedTrustRoot.getFingerprint());
+    }
+
+    @Test
+    public void testSetupOverridesExistingTrustRoot()
+            throws BadDataException, IOException {
+        assertNull(store.getTrustRoot());
+
+        PGPCertDCli.main(new String[] {"setup"});
+        KeyMaterial trustRoot = store.getTrustRoot();
+        assertNotNull(trustRoot);
+        String fingerprint = trustRoot.getFingerprint();
+
+        // Override trust-root by calling setup again
+        PGPCertDCli.main(new String[] {"setup"});
+        trustRoot = store.getTrustRoot();
+        assertNotNull(trustRoot);
+
+        assertNotEquals(fingerprint, trustRoot.getFingerprint());
+    }
+}