Tests: Replace usages of default algorithm policies with specific policies
This commit is contained in:
parent
847d4b5e33
commit
03d04fb324
|
@ -66,9 +66,9 @@ public class EncryptDecryptTest {
|
||||||
@BeforeEach
|
@BeforeEach
|
||||||
public void setDefaultPolicy() {
|
public void setDefaultPolicy() {
|
||||||
PGPainless.getPolicy().setSymmetricKeyEncryptionAlgorithmPolicy(
|
PGPainless.getPolicy().setSymmetricKeyEncryptionAlgorithmPolicy(
|
||||||
Policy.SymmetricKeyAlgorithmPolicy.defaultSymmetricKeyEncryptionAlgorithmPolicy());
|
Policy.SymmetricKeyAlgorithmPolicy.symmetricKeyEncryptionPolicy2022());
|
||||||
PGPainless.getPolicy().setSymmetricKeyDecryptionAlgorithmPolicy(
|
PGPainless.getPolicy().setSymmetricKeyDecryptionAlgorithmPolicy(
|
||||||
Policy.SymmetricKeyAlgorithmPolicy.defaultSymmetricKeyDecryptionAlgorithmPolicy());
|
Policy.SymmetricKeyAlgorithmPolicy.symmetricKeyDecryptionPolicy2022());
|
||||||
}
|
}
|
||||||
|
|
||||||
@TestTemplate
|
@TestTemplate
|
||||||
|
|
|
@ -44,22 +44,22 @@ public class ManagePolicy {
|
||||||
public void resetPolicy() {
|
public void resetPolicy() {
|
||||||
// Policy for hash algorithms in non-revocation signatures
|
// Policy for hash algorithms in non-revocation signatures
|
||||||
PGPainless.getPolicy().setSignatureHashAlgorithmPolicy(
|
PGPainless.getPolicy().setSignatureHashAlgorithmPolicy(
|
||||||
Policy.HashAlgorithmPolicy.defaultSignatureAlgorithmPolicy());
|
Policy.HashAlgorithmPolicy.static2022SignatureHashAlgorithmPolicy());
|
||||||
// Policy for hash algorithms in revocation signatures
|
// Policy for hash algorithms in revocation signatures
|
||||||
PGPainless.getPolicy().setRevocationSignatureHashAlgorithmPolicy(
|
PGPainless.getPolicy().setRevocationSignatureHashAlgorithmPolicy(
|
||||||
Policy.HashAlgorithmPolicy.defaultRevocationSignatureHashAlgorithmPolicy());
|
Policy.HashAlgorithmPolicy.static2022RevocationSignatureHashAlgorithmPolicy());
|
||||||
// Policy for public key algorithms and bit lengths
|
// Policy for public key algorithms and bit lengths
|
||||||
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(
|
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(
|
||||||
Policy.PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy());
|
Policy.PublicKeyAlgorithmPolicy.bsi2021PublicKeyAlgorithmPolicy());
|
||||||
// Policy for acceptable symmetric encryption algorithms when decrypting messages
|
// Policy for acceptable symmetric encryption algorithms when decrypting messages
|
||||||
PGPainless.getPolicy().setSymmetricKeyDecryptionAlgorithmPolicy(
|
PGPainless.getPolicy().setSymmetricKeyDecryptionAlgorithmPolicy(
|
||||||
Policy.SymmetricKeyAlgorithmPolicy.defaultSymmetricKeyDecryptionAlgorithmPolicy());
|
Policy.SymmetricKeyAlgorithmPolicy.symmetricKeyDecryptionPolicy2022());
|
||||||
// Policy for acceptable symmetric encryption algorithms when encrypting messages
|
// Policy for acceptable symmetric encryption algorithms when encrypting messages
|
||||||
PGPainless.getPolicy().setSymmetricKeyEncryptionAlgorithmPolicy(
|
PGPainless.getPolicy().setSymmetricKeyEncryptionAlgorithmPolicy(
|
||||||
Policy.SymmetricKeyAlgorithmPolicy.defaultSymmetricKeyEncryptionAlgorithmPolicy());
|
Policy.SymmetricKeyAlgorithmPolicy.symmetricKeyEncryptionPolicy2022());
|
||||||
// Policy for acceptable compression algorithms
|
// Policy for acceptable compression algorithms
|
||||||
PGPainless.getPolicy().setCompressionAlgorithmPolicy(
|
PGPainless.getPolicy().setCompressionAlgorithmPolicy(
|
||||||
Policy.CompressionAlgorithmPolicy.defaultCompressionAlgorithmPolicy());
|
Policy.CompressionAlgorithmPolicy.anyCompressionAlgorithmPolicy());
|
||||||
// Known notations
|
// Known notations
|
||||||
PGPainless.getPolicy().getNotationRegistry().clear();
|
PGPainless.getPolicy().getNotationRegistry().clear();
|
||||||
}
|
}
|
||||||
|
@ -73,7 +73,7 @@ public class ManagePolicy {
|
||||||
*
|
*
|
||||||
* Per default, PGPainless will reject non-revocation signatures that use SHA-1 as hash algorithm.
|
* Per default, PGPainless will reject non-revocation signatures that use SHA-1 as hash algorithm.
|
||||||
* To inspect PGPainless' default signature hash algorithm policy, see
|
* To inspect PGPainless' default signature hash algorithm policy, see
|
||||||
* {@link Policy.HashAlgorithmPolicy#defaultSignatureAlgorithmPolicy()}.
|
* {@link Policy.HashAlgorithmPolicy#static2022SignatureHashAlgorithmPolicy()}.
|
||||||
*
|
*
|
||||||
* Since it may be a valid use-case to accept signatures made using SHA-1 as part of a less strict policy,
|
* Since it may be a valid use-case to accept signatures made using SHA-1 as part of a less strict policy,
|
||||||
* this example demonstrates how to set a custom signature hash algorithm policy.
|
* this example demonstrates how to set a custom signature hash algorithm policy.
|
||||||
|
@ -108,7 +108,8 @@ public class ManagePolicy {
|
||||||
/**
|
/**
|
||||||
* Similar to hash algorithms, {@link PublicKeyAlgorithm PublicKeyAlgorithms} tend to get outdated eventually.
|
* Similar to hash algorithms, {@link PublicKeyAlgorithm PublicKeyAlgorithms} tend to get outdated eventually.
|
||||||
* Per default, PGPainless will reject signatures made by keys of unacceptable algorithm or length.
|
* Per default, PGPainless will reject signatures made by keys of unacceptable algorithm or length.
|
||||||
* See {@link Policy.PublicKeyAlgorithmPolicy#defaultPublicKeyAlgorithmPolicy()} to inspect PGPainless' defaults.
|
* See {@link Policy.PublicKeyAlgorithmPolicy#bsi2021PublicKeyAlgorithmPolicy()}
|
||||||
|
* to inspect PGPainless' defaults.
|
||||||
*
|
*
|
||||||
* This example demonstrates how to set a custom public key algorithm policy.
|
* This example demonstrates how to set a custom public key algorithm policy.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -26,7 +26,7 @@ public class GeneratingWeakKeyThrowsTest {
|
||||||
public void refuseToGenerateWeakPrimaryKeyTest() {
|
public void refuseToGenerateWeakPrimaryKeyTest() {
|
||||||
// ensure we have default public key algorithm policy set
|
// ensure we have default public key algorithm policy set
|
||||||
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(
|
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(
|
||||||
Policy.PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy());
|
Policy.PublicKeyAlgorithmPolicy.bsi2021PublicKeyAlgorithmPolicy());
|
||||||
|
|
||||||
assertThrows(IllegalArgumentException.class, () ->
|
assertThrows(IllegalArgumentException.class, () ->
|
||||||
PGPainless.buildKeyRing()
|
PGPainless.buildKeyRing()
|
||||||
|
@ -38,7 +38,7 @@ public class GeneratingWeakKeyThrowsTest {
|
||||||
public void refuseToAddWeakSubkeyDuringGenerationTest() {
|
public void refuseToAddWeakSubkeyDuringGenerationTest() {
|
||||||
// ensure we have default public key algorithm policy set
|
// ensure we have default public key algorithm policy set
|
||||||
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(
|
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(
|
||||||
Policy.PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy());
|
Policy.PublicKeyAlgorithmPolicy.bsi2021PublicKeyAlgorithmPolicy());
|
||||||
|
|
||||||
KeyRingBuilder kb = PGPainless.buildKeyRing()
|
KeyRingBuilder kb = PGPainless.buildKeyRing()
|
||||||
.setPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._4096),
|
.setPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._4096),
|
||||||
|
@ -50,7 +50,8 @@ public class GeneratingWeakKeyThrowsTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void allowToAddWeakKeysWithWeakPolicy() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
public void allowToAddWeakKeysWithWeakPolicy()
|
||||||
|
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
||||||
// set a weak algorithm policy
|
// set a weak algorithm policy
|
||||||
Map<PublicKeyAlgorithm, Integer> bitStrengths = new HashMap<>();
|
Map<PublicKeyAlgorithm, Integer> bitStrengths = new HashMap<>();
|
||||||
bitStrengths.put(PublicKeyAlgorithm.RSA_GENERAL, 512);
|
bitStrengths.put(PublicKeyAlgorithm.RSA_GENERAL, 512);
|
||||||
|
@ -67,6 +68,7 @@ public class GeneratingWeakKeyThrowsTest {
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
// reset public key algorithm policy
|
// reset public key algorithm policy
|
||||||
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(Policy.PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy());
|
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(
|
||||||
|
Policy.PublicKeyAlgorithmPolicy.bsi2021PublicKeyAlgorithmPolicy());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,7 +34,7 @@ public class RefuseToAddWeakSubkeyTest {
|
||||||
public void testEditorRefusesToAddWeakSubkey()
|
public void testEditorRefusesToAddWeakSubkey()
|
||||||
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
||||||
// ensure default policy is set
|
// ensure default policy is set
|
||||||
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(Policy.PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy());
|
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(Policy.PublicKeyAlgorithmPolicy.bsi2021PublicKeyAlgorithmPolicy());
|
||||||
|
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
.modernKeyRing("Alice");
|
.modernKeyRing("Alice");
|
||||||
|
@ -84,6 +84,6 @@ public class RefuseToAddWeakSubkeyTest {
|
||||||
assertEquals(2, PGPainless.inspectKeyRing(secretKeys).getEncryptionSubkeys(EncryptionPurpose.ANY).size());
|
assertEquals(2, PGPainless.inspectKeyRing(secretKeys).getEncryptionSubkeys(EncryptionPurpose.ANY).size());
|
||||||
|
|
||||||
// reset default policy
|
// reset default policy
|
||||||
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(Policy.PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy());
|
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(Policy.PublicKeyAlgorithmPolicy.bsi2021PublicKeyAlgorithmPolicy());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -56,7 +56,7 @@ public class PolicyTest {
|
||||||
policy.setRevocationSignatureHashAlgorithmPolicy(new Policy.HashAlgorithmPolicy(HashAlgorithm.SHA512,
|
policy.setRevocationSignatureHashAlgorithmPolicy(new Policy.HashAlgorithmPolicy(HashAlgorithm.SHA512,
|
||||||
revHashAlgoMap));
|
revHashAlgoMap));
|
||||||
|
|
||||||
policy.setPublicKeyAlgorithmPolicy(Policy.PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy());
|
policy.setPublicKeyAlgorithmPolicy(Policy.PublicKeyAlgorithmPolicy.bsi2021PublicKeyAlgorithmPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
Loading…
Reference in New Issue