diff --git a/pgpainless-core/src/test/kotlin/org/pgpainless/key/KeyWithInacceptableSelfSignatureTest.kt b/pgpainless-core/src/test/kotlin/org/pgpainless/key/KeyWithInacceptableSelfSignatureTest.kt new file mode 100644 index 00000000..eb3f6d3c --- /dev/null +++ b/pgpainless-core/src/test/kotlin/org/pgpainless/key/KeyWithInacceptableSelfSignatureTest.kt @@ -0,0 +1,42 @@ +// SPDX-FileCopyrightText: 2024 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package org.pgpainless.key + +import org.junit.jupiter.api.Assertions.assertEquals +import org.junit.jupiter.api.Assertions.assertFalse +import org.junit.jupiter.api.Test +import org.pgpainless.PGPainless +import org.pgpainless.algorithm.HashAlgorithm +import org.pgpainless.algorithm.KeyFlag +import org.pgpainless.bouncycastle.extensions.directKeySignatures +import org.pgpainless.key.generation.OpenPgpKeyGenerator +import org.pgpainless.key.generation.type.KeyType +import org.pgpainless.key.generation.type.eddsa.EdDSACurve +import org.pgpainless.key.generation.type.xdh.XDHSpec +import org.pgpainless.policy.Policy + +class KeyWithInacceptableSelfSignatureTest { + + @Test + fun `key with inacceptable self-signature is not usable`() { + val genPolicy = Policy().apply { + certificationSignatureHashAlgorithmPolicy = Policy.HashAlgorithmPolicy( + HashAlgorithm.SHA1, listOf(HashAlgorithm.SHA1)) + } + + val key = OpenPgpKeyGenerator.buildV4Key(genPolicy) + .setPrimaryKey(KeyType.EDDSA(EdDSACurve._Ed25519), listOf(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)) + .addEncryptionSubkey(KeyType.XDH(XDHSpec._X25519)) + .build() + + assertEquals(HashAlgorithm.SHA1, + key.publicKey.directKeySignatures.single().hashAlgorithm + .let { HashAlgorithm.requireFromId(it) }) + + val info = PGPainless.inspectKeyRing(key) + assertFalse(info.isUsableForSigning) + assertFalse(info.isUsableForEncryption) + } +}