mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-26 22:32:07 +01:00
Add test to verify correct behavior of public key algorithm policy enforcement during key generation
This commit is contained in:
parent
8b1bdb98f1
commit
14c1cf013e
1 changed files with 72 additions and 0 deletions
|
@ -0,0 +1,72 @@
|
||||||
|
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package org.pgpainless.key.generation;
|
||||||
|
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
|
|
||||||
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
|
import org.junit.jupiter.api.Test;
|
||||||
|
import org.pgpainless.PGPainless;
|
||||||
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
|
import org.pgpainless.algorithm.PublicKeyAlgorithm;
|
||||||
|
import org.pgpainless.key.generation.type.KeyType;
|
||||||
|
import org.pgpainless.key.generation.type.rsa.RsaLength;
|
||||||
|
import org.pgpainless.policy.Policy;
|
||||||
|
|
||||||
|
public class GeneratingWeakKeyThrowsTest {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void refuseToGenerateWeakPrimaryKeyTest() {
|
||||||
|
// ensure we have default public key algorithm policy set
|
||||||
|
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(
|
||||||
|
Policy.PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy());
|
||||||
|
|
||||||
|
assertThrows(IllegalArgumentException.class, () ->
|
||||||
|
PGPainless.buildKeyRing()
|
||||||
|
.setPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._1024),
|
||||||
|
KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void refuseToAddWeakSubkeyDuringGenerationTest() {
|
||||||
|
// ensure we have default public key algorithm policy set
|
||||||
|
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(
|
||||||
|
Policy.PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy());
|
||||||
|
|
||||||
|
KeyRingBuilder kb = PGPainless.buildKeyRing()
|
||||||
|
.setPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._4096),
|
||||||
|
KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA));
|
||||||
|
|
||||||
|
assertThrows(IllegalArgumentException.class, () ->
|
||||||
|
kb.addSubkey(KeySpec.getBuilder(KeyType.RSA(RsaLength._1024),
|
||||||
|
KeyFlag.ENCRYPT_COMMS)));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void allowToAddWeakKeysWithWeakPolicy() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
|
||||||
|
// set a weak algorithm policy
|
||||||
|
Map<PublicKeyAlgorithm, Integer> bitStrengths = new HashMap<>();
|
||||||
|
bitStrengths.put(PublicKeyAlgorithm.RSA_GENERAL, 512);
|
||||||
|
|
||||||
|
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(
|
||||||
|
new Policy.PublicKeyAlgorithmPolicy(bitStrengths));
|
||||||
|
|
||||||
|
PGPainless.buildKeyRing()
|
||||||
|
.setPrimaryKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._4096),
|
||||||
|
KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
|
||||||
|
.addSubkey(KeySpec.getBuilder(KeyType.RSA(RsaLength._1024),
|
||||||
|
KeyFlag.ENCRYPT_COMMS))
|
||||||
|
.addUserId("Henry")
|
||||||
|
.build();
|
||||||
|
|
||||||
|
// reset public key algorithm policy
|
||||||
|
PGPainless.getPolicy().setPublicKeyAlgorithmPolicy(Policy.PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy());
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue