pgpainless/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptionOptionsTest.java

// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0

package org.pgpainless.encryption_signing;

import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;

import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.jetbrains.annotations.NotNull;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.exception.KeyException;
import org.pgpainless.key.SubkeyIdentifier;
import org.pgpainless.key.generation.KeySpec;
import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.key.generation.type.eddsa_legacy.EdDSALegacyCurve;
import org.pgpainless.key.generation.type.xdh_legacy.XDHLegacySpec;
import org.pgpainless.key.util.KeyRingUtils;
import org.pgpainless.util.Passphrase;

import javax.annotation.Nonnull;

public class EncryptionOptionsTest {

    private static PGPSecretKeyRing secretKeys;
    private static PGPPublicKeyRing publicKeys;
    private static SubkeyIdentifier primaryKey;
    private static SubkeyIdentifier encryptComms;
    private static SubkeyIdentifier encryptStorage;

    @BeforeAll
    public static void generateKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), KeyFlag.CERTIFY_OTHER)
                        .build())
                .addSubkey(KeySpec.getBuilder(KeyType.XDH_LEGACY(XDHLegacySpec._X25519), KeyFlag.ENCRYPT_COMMS)
                        .build())
                .addSubkey(KeySpec.getBuilder(KeyType.XDH_LEGACY(XDHLegacySpec._X25519), KeyFlag.ENCRYPT_STORAGE)
                        .build())
                .addUserId("test@pgpainless.org")
                .build();

        publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);

        Iterator<PGPPublicKey> iterator = publicKeys.iterator();
        primaryKey = new SubkeyIdentifier(publicKeys, iterator.next().getKeyID());
        encryptComms = new SubkeyIdentifier(publicKeys, iterator.next().getKeyID());
        encryptStorage = new SubkeyIdentifier(publicKeys, iterator.next().getKeyID());
    }

    @Test
    public void testOverrideEncryptionAlgorithmFailsForNULL() {
        EncryptionOptions options = new EncryptionOptions();
        assertNull(options.getEncryptionAlgorithmOverride());

        assertThrows(IllegalArgumentException.class, () -> options.overrideEncryptionAlgorithm(SymmetricKeyAlgorithm.NULL));

        assertNull(options.getEncryptionAlgorithmOverride());
    }

    @Test
    public void testOverrideEncryptionOptions() {
        EncryptionOptions options = new EncryptionOptions();
        assertNull(options.getEncryptionAlgorithmOverride());
        options.overrideEncryptionAlgorithm(SymmetricKeyAlgorithm.AES_128);

        assertEquals(SymmetricKeyAlgorithm.AES_128, options.getEncryptionAlgorithmOverride());
    }

    @Test
    public void testAddRecipients_EncryptCommunications() {
        EncryptionOptions options = EncryptionOptions.encryptCommunications();
        options.addRecipient(publicKeys);

        Set<SubkeyIdentifier> encryptionKeys = options.getEncryptionKeyIdentifiers();
        assertEquals(1, encryptionKeys.size());
        assertEquals(encryptComms, encryptionKeys.iterator().next());
    }

    @Test
    public void testAddRecipients_EncryptDataAtRest() {
        EncryptionOptions options = EncryptionOptions.encryptDataAtRest();
        options.addRecipient(publicKeys);

        Set<SubkeyIdentifier> encryptionKeys = options.getEncryptionKeyIdentifiers();
        assertEquals(1, encryptionKeys.size());
        assertEquals(encryptStorage, encryptionKeys.iterator().next());
    }

    @Test
    public void testAddRecipients_AllKeys() {
        EncryptionOptions options = new EncryptionOptions();
        options.addRecipient(publicKeys, EncryptionOptions.encryptToAllCapableSubkeys());

        Set<SubkeyIdentifier> encryptionKeys = options.getEncryptionKeyIdentifiers();

        assertEquals(2, encryptionKeys.size());
        assertTrue(encryptionKeys.contains(encryptComms));
        assertTrue(encryptionKeys.contains(encryptStorage));
    }

    @Test
    public void testAddEmptyRecipientsFails() {
        EncryptionOptions options = new EncryptionOptions();
        assertThrows(IllegalArgumentException.class, () -> options.addRecipients(Collections.emptyList()));
        assertThrows(IllegalArgumentException.class, () -> options.addRecipients(Collections.emptyList(),
                ArrayList::new));
    }

    @Test
    public void testAddEmptyPassphraseFails() {
        EncryptionOptions options = new EncryptionOptions();
        assertThrows(IllegalArgumentException.class, () ->
                options.addPassphrase(Passphrase.emptyPassphrase()));
    }

    @Test
    public void testAddRecipient_KeyWithoutEncryptionKeyFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        EncryptionOptions options = new EncryptionOptions();
        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
                .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
                .addUserId("test@pgpainless.org")
                .build();
        PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);

        assertThrows(KeyException.UnacceptableEncryptionKeyException.class, () -> options.addRecipient(publicKeys));
    }

    @Test
    public void testEncryptionKeySelectionStrategyEmpty_ThrowsAssertionError() {
        EncryptionOptions options = new EncryptionOptions();

        assertThrows(KeyException.UnacceptableEncryptionKeyException.class,
                () -> options.addRecipient(publicKeys, new EncryptionOptions.EncryptionKeySelector() {
                    @NotNull
                    @Override
                    public List<PGPPublicKey> selectEncryptionSubkeys(@NotNull List<? extends PGPPublicKey> encryptionCapableKeys) {
                        return Collections.emptyList();
                    }
                }));

        assertThrows(KeyException.UnacceptableEncryptionKeyException.class,
                () -> options.addRecipient(publicKeys, "test@pgpainless.org", new EncryptionOptions.EncryptionKeySelector() {
                    @Override
                    public List<PGPPublicKey> selectEncryptionSubkeys(@Nonnull List<? extends PGPPublicKey> encryptionCapableKeys) {
                        return Collections.emptyList();
                    }
                }));
    }

    @Test
    public void testAddRecipients_PGPPublicKeyRingCollection() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        PGPPublicKeyRing secondKeyRing = KeyRingUtils.publicKeyRingFrom(
                PGPainless.generateKeyRing().modernKeyRing("other@pgpainless.org"));

        PGPPublicKeyRingCollection collection = new PGPPublicKeyRingCollection(
                Arrays.asList(publicKeys, secondKeyRing));

        EncryptionOptions options = new EncryptionOptions();
        options.addRecipients(collection, EncryptionOptions.encryptToFirstSubkey());
        assertEquals(2, options.getEncryptionKeyIdentifiers().size());
    }

    @Test
    public void testAddRecipient_withValidUserId() {
        EncryptionOptions options = new EncryptionOptions();
        options.addRecipient(publicKeys, "test@pgpainless.org", EncryptionOptions.encryptToFirstSubkey());

        assertEquals(1, options.getEncryptionMethods().size());
    }

    @Test
    public void testAddRecipient_withInvalidUserId() {
        EncryptionOptions options = new EncryptionOptions();
        assertThrows(KeyException.UnboundUserIdException.class, () -> options.addRecipient(publicKeys, "invalid@user.id"));
    }
}
Reuse compliance 2021-10-07 15:48:52 +02:00			`// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>`
			`//`
			`// SPDX-License-Identifier: Apache-2.0`

Add test for EncryptionOptions 2021-06-10 14:25:00 +02:00			`package org.pgpainless.encryption_signing;`

			`import static org.junit.jupiter.api.Assertions.assertEquals;`
			`import static org.junit.jupiter.api.Assertions.assertNull;`
			`import static org.junit.jupiter.api.Assertions.assertThrows;`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`import static org.junit.jupiter.api.Assertions.assertTrue;`
Add test for EncryptionOptions 2021-06-10 14:25:00 +02:00
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`import java.security.InvalidAlgorithmParameterException;`
			`import java.security.NoSuchAlgorithmException;`
Kotlin conversion: EncryptionOptions 2023-09-03 17:55:46 +02:00			`import java.util.ArrayList;`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`import java.util.Arrays;`
			`import java.util.Collections;`
			`import java.util.Iterator;`
			`import java.util.List;`
			`import java.util.Set;`

			`import org.bouncycastle.openpgp.PGPException;`
			`import org.bouncycastle.openpgp.PGPPublicKey;`
			`import org.bouncycastle.openpgp.PGPPublicKeyRing;`
			`import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;`
			`import org.bouncycastle.openpgp.PGPSecretKeyRing;`
Kotlin conversion: EncryptionOptions 2023-09-03 17:55:46 +02:00			`import org.jetbrains.annotations.NotNull;`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`import org.junit.jupiter.api.BeforeAll;`
Add test for EncryptionOptions 2021-06-10 14:25:00 +02:00			`import org.junit.jupiter.api.Test;`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`import org.pgpainless.PGPainless;`
			`import org.pgpainless.algorithm.KeyFlag;`
Add test for EncryptionOptions 2021-06-10 14:25:00 +02:00			`import org.pgpainless.algorithm.SymmetricKeyAlgorithm;`
Create dedicated KeyException class for key-related exceptions. 2022-03-15 14:04:59 +01:00			`import org.pgpainless.exception.KeyException;`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`import org.pgpainless.key.SubkeyIdentifier;`
			`import org.pgpainless.key.generation.KeySpec;`
			`import org.pgpainless.key.generation.type.KeyType;`
Rename KeyType.EDDSA to KeyType.EDDSA_LEGACY 2024-02-21 14:57:02 +01:00			`import org.pgpainless.key.generation.type.eddsa_legacy.EdDSALegacyCurve;`
Rename XDH to XDH_LEGACY 2024-02-21 15:19:33 +01:00			`import org.pgpainless.key.generation.type.xdh_legacy.XDHLegacySpec;`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`import org.pgpainless.key.util.KeyRingUtils;`
			`import org.pgpainless.util.Passphrase;`
Add test for EncryptionOptions 2021-06-10 14:25:00 +02:00
Annotate EncryptionOptions methods with @Nonnull 2023-05-03 14:38:52 +02:00			`import javax.annotation.Nonnull;`

Add test for EncryptionOptions 2021-06-10 14:25:00 +02:00			`public class EncryptionOptionsTest {`

More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`private static PGPSecretKeyRing secretKeys;`
			`private static PGPPublicKeyRing publicKeys;`
			`private static SubkeyIdentifier primaryKey;`
			`private static SubkeyIdentifier encryptComms;`
			`private static SubkeyIdentifier encryptStorage;`

			`@BeforeAll`
			`public static void generateKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {`
Separate key generation from scratch and from templates in to buildKeyRing() and generateKeyRing() 2021-11-02 12:23:05 +01:00			`secretKeys = PGPainless.buildKeyRing()`
Rename KeyType.EDDSA to KeyType.EDDSA_LEGACY 2024-02-21 14:57:02 +01:00			`.setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), KeyFlag.CERTIFY_OTHER)`
Simplify KeySpecBuilder 2021-09-13 19:20:19 +02:00			`.build())`
Rename XDH to XDH_LEGACY 2024-02-21 15:19:33 +01:00			`.addSubkey(KeySpec.getBuilder(KeyType.XDH_LEGACY(XDHLegacySpec._X25519), KeyFlag.ENCRYPT_COMMS)`
Simplify KeySpecBuilder 2021-09-13 19:20:19 +02:00			`.build())`
Rename XDH to XDH_LEGACY 2024-02-21 15:19:33 +01:00			`.addSubkey(KeySpec.getBuilder(KeyType.XDH_LEGACY(XDHLegacySpec._X25519), KeyFlag.ENCRYPT_STORAGE)`
Simplify KeySpecBuilder 2021-09-13 19:20:19 +02:00			`.build())`
Further simplify the KeyRingBuilder API 2021-09-20 12:30:03 +02:00			`.addUserId("test@pgpainless.org")`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`.build();`

			`publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);`

			`Iterator<PGPPublicKey> iterator = publicKeys.iterator();`
			`primaryKey = new SubkeyIdentifier(publicKeys, iterator.next().getKeyID());`
			`encryptComms = new SubkeyIdentifier(publicKeys, iterator.next().getKeyID());`
			`encryptStorage = new SubkeyIdentifier(publicKeys, iterator.next().getKeyID());`
			`}`

Add test for EncryptionOptions 2021-06-10 14:25:00 +02:00			`@Test`
			`public void testOverrideEncryptionAlgorithmFailsForNULL() {`
			`EncryptionOptions options = new EncryptionOptions();`
			`assertNull(options.getEncryptionAlgorithmOverride());`

			`assertThrows(IllegalArgumentException.class, () -> options.overrideEncryptionAlgorithm(SymmetricKeyAlgorithm.NULL));`

			`assertNull(options.getEncryptionAlgorithmOverride());`
			`}`

			`@Test`
			`public void testOverrideEncryptionOptions() {`
			`EncryptionOptions options = new EncryptionOptions();`
			`assertNull(options.getEncryptionAlgorithmOverride());`
			`options.overrideEncryptionAlgorithm(SymmetricKeyAlgorithm.AES_128);`

			`assertEquals(SymmetricKeyAlgorithm.AES_128, options.getEncryptionAlgorithmOverride());`
			`}`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00
			`@Test`
			`public void testAddRecipients_EncryptCommunications() {`
			`EncryptionOptions options = EncryptionOptions.encryptCommunications();`
			`options.addRecipient(publicKeys);`

			`Set<SubkeyIdentifier> encryptionKeys = options.getEncryptionKeyIdentifiers();`
			`assertEquals(1, encryptionKeys.size());`
			`assertEquals(encryptComms, encryptionKeys.iterator().next());`
			`}`

			`@Test`
			`public void testAddRecipients_EncryptDataAtRest() {`
			`EncryptionOptions options = EncryptionOptions.encryptDataAtRest();`
			`options.addRecipient(publicKeys);`

			`Set<SubkeyIdentifier> encryptionKeys = options.getEncryptionKeyIdentifiers();`
			`assertEquals(1, encryptionKeys.size());`
			`assertEquals(encryptStorage, encryptionKeys.iterator().next());`
			`}`

			`@Test`
			`public void testAddRecipients_AllKeys() {`
			`EncryptionOptions options = new EncryptionOptions();`
			`options.addRecipient(publicKeys, EncryptionOptions.encryptToAllCapableSubkeys());`

			`Set<SubkeyIdentifier> encryptionKeys = options.getEncryptionKeyIdentifiers();`

			`assertEquals(2, encryptionKeys.size());`
			`assertTrue(encryptionKeys.contains(encryptComms));`
			`assertTrue(encryptionKeys.contains(encryptStorage));`
			`}`

EncryptionOptions.addRecipients(collection): Disallow empty collections Fixes #281 2022-04-29 22:49:45 +02:00			`@Test`
			`public void testAddEmptyRecipientsFails() {`
			`EncryptionOptions options = new EncryptionOptions();`
			`assertThrows(IllegalArgumentException.class, () -> options.addRecipients(Collections.emptyList()));`
			`assertThrows(IllegalArgumentException.class, () -> options.addRecipients(Collections.emptyList(),`
Kotlin conversion: EncryptionOptions 2023-09-03 17:55:46 +02:00			`ArrayList::new));`
EncryptionOptions.addRecipients(collection): Disallow empty collections Fixes #281 2022-04-29 22:49:45 +02:00			`}`

More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`@Test`
			`public void testAddEmptyPassphraseFails() {`
			`EncryptionOptions options = new EncryptionOptions();`
			`assertThrows(IllegalArgumentException.class, () ->`
			`options.addPassphrase(Passphrase.emptyPassphrase()));`
			`}`

			`@Test`
			`public void testAddRecipient_KeyWithoutEncryptionKeyFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {`
			`EncryptionOptions options = new EncryptionOptions();`
Separate key generation from scratch and from templates in to buildKeyRing() and generateKeyRing() 2021-11-02 12:23:05 +01:00			`PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()`
Rename KeyType.EDDSA to KeyType.EDDSA_LEGACY 2024-02-21 14:57:02 +01:00			`.setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))`
Further simplify the KeyRingBuilder API 2021-09-20 12:30:03 +02:00			`.addUserId("test@pgpainless.org")`
			`.build();`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys);`

Create dedicated KeyException class for key-related exceptions. 2022-03-15 14:04:59 +01:00			`assertThrows(KeyException.UnacceptableEncryptionKeyException.class, () -> options.addRecipient(publicKeys));`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`}`

			`@Test`
			`public void testEncryptionKeySelectionStrategyEmpty_ThrowsAssertionError() {`
			`EncryptionOptions options = new EncryptionOptions();`

Create dedicated KeyException class for key-related exceptions. 2022-03-15 14:04:59 +01:00			`assertThrows(KeyException.UnacceptableEncryptionKeyException.class,`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`() -> options.addRecipient(publicKeys, new EncryptionOptions.EncryptionKeySelector() {`
Kotlin conversion: EncryptionOptions 2023-09-03 17:55:46 +02:00			`@NotNull`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`@Override`
Kotlin conversion: EncryptionOptions 2023-09-03 17:55:46 +02:00			`public List<PGPPublicKey> selectEncryptionSubkeys(@NotNull List<? extends PGPPublicKey> encryptionCapableKeys) {`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`return Collections.emptyList();`
			`}`
			`}));`

Create dedicated KeyException class for key-related exceptions. 2022-03-15 14:04:59 +01:00			`assertThrows(KeyException.UnacceptableEncryptionKeyException.class,`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`() -> options.addRecipient(publicKeys, "test@pgpainless.org", new EncryptionOptions.EncryptionKeySelector() {`
			`@Override`
Kotlin conversion: EncryptionOptions 2023-09-03 17:55:46 +02:00			`public List<PGPPublicKey> selectEncryptionSubkeys(@Nonnull List<? extends PGPPublicKey> encryptionCapableKeys) {`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`return Collections.emptyList();`
			`}`
			`}));`
			`}`

			`@Test`
Remove unnecessary throws declarations 2022-09-29 13:02:22 +02:00			`public void testAddRecipients_PGPPublicKeyRingCollection() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`PGPPublicKeyRing secondKeyRing = KeyRingUtils.publicKeyRingFrom(`
Use newly introduced modernKeyRing(userId) method 2022-06-09 00:42:06 +02:00			`PGPainless.generateKeyRing().modernKeyRing("other@pgpainless.org"));`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00
			`PGPPublicKeyRingCollection collection = new PGPPublicKeyRingCollection(`
			`Arrays.asList(publicKeys, secondKeyRing));`

			`EncryptionOptions options = new EncryptionOptions();`
Encrypt to all capable subkeys by default 2021-08-04 16:38:17 +02:00			`options.addRecipients(collection, EncryptionOptions.encryptToFirstSubkey());`
More EncryptionOptions tests 2021-06-10 15:04:21 +02:00			`assertEquals(2, options.getEncryptionKeyIdentifiers().size());`
			`}`
Even more EncryptionOptions tests 2021-06-10 15:18:31 +02:00
			`@Test`
			`public void testAddRecipient_withValidUserId() {`
			`EncryptionOptions options = new EncryptionOptions();`
Encrypt to all capable subkeys by default 2021-08-04 16:38:17 +02:00			`options.addRecipient(publicKeys, "test@pgpainless.org", EncryptionOptions.encryptToFirstSubkey());`
Even more EncryptionOptions tests 2021-06-10 15:18:31 +02:00
			`assertEquals(1, options.getEncryptionMethods().size());`
			`}`

			`@Test`
			`public void testAddRecipient_withInvalidUserId() {`
			`EncryptionOptions options = new EncryptionOptions();`
Create dedicated KeyException class for key-related exceptions. 2022-03-15 14:04:59 +01:00			`assertThrows(KeyException.UnboundUserIdException.class, () -> options.addRecipient(publicKeys, "invalid@user.id"));`
Even more EncryptionOptions tests 2021-06-10 15:18:31 +02:00			`}`
Add test for EncryptionOptions 2021-06-10 14:25:00 +02:00			`}`