From 20002efbf66e0b39094a885222bc1aeed707e4cb Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Tue, 27 Feb 2024 17:16:52 +0100
Subject: [PATCH] Add test for key using SHA-1 self sigs

---
 .../KeyWithInacceptableSelfSignatureTest.kt   | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 pgpainless-core/src/test/kotlin/org/pgpainless/key/KeyWithInacceptableSelfSignatureTest.kt

diff --git a/pgpainless-core/src/test/kotlin/org/pgpainless/key/KeyWithInacceptableSelfSignatureTest.kt b/pgpainless-core/src/test/kotlin/org/pgpainless/key/KeyWithInacceptableSelfSignatureTest.kt
new file mode 100644
index 00000000..eb3f6d3c
--- /dev/null
+++ b/pgpainless-core/src/test/kotlin/org/pgpainless/key/KeyWithInacceptableSelfSignatureTest.kt
@@ -0,0 +1,42 @@
+// SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.key
+
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.Assertions.assertFalse
+import org.junit.jupiter.api.Test
+import org.pgpainless.PGPainless
+import org.pgpainless.algorithm.HashAlgorithm
+import org.pgpainless.algorithm.KeyFlag
+import org.pgpainless.bouncycastle.extensions.directKeySignatures
+import org.pgpainless.key.generation.OpenPgpKeyGenerator
+import org.pgpainless.key.generation.type.KeyType
+import org.pgpainless.key.generation.type.eddsa.EdDSACurve
+import org.pgpainless.key.generation.type.xdh.XDHSpec
+import org.pgpainless.policy.Policy
+
+class KeyWithInacceptableSelfSignatureTest {
+
+    @Test
+    fun `key with inacceptable self-signature is not usable`() {
+        val genPolicy = Policy().apply {
+            certificationSignatureHashAlgorithmPolicy = Policy.HashAlgorithmPolicy(
+                HashAlgorithm.SHA1, listOf(HashAlgorithm.SHA1))
+        }
+
+        val key = OpenPgpKeyGenerator.buildV4Key(genPolicy)
+            .setPrimaryKey(KeyType.EDDSA(EdDSACurve._Ed25519), listOf(KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
+            .addEncryptionSubkey(KeyType.XDH(XDHSpec._X25519))
+            .build()
+
+        assertEquals(HashAlgorithm.SHA1,
+            key.publicKey.directKeySignatures.single().hashAlgorithm
+                .let { HashAlgorithm.requireFromId(it) })
+
+        val info = PGPainless.inspectKeyRing(key)
+        assertFalse(info.isUsableForSigning)
+        assertFalse(info.isUsableForEncryption)
+    }
+}