From 826c761e69e45adc7dd7f5956b99c933e94a9085 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 28 May 2021 21:41:02 +0200 Subject: [PATCH] Test invalid keys cannot sign behavior --- .../encryption_signing/SigningTest.java | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/SigningTest.java b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/SigningTest.java index 018df270..0e4f54c0 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/SigningTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/SigningTest.java @@ -16,12 +16,15 @@ package org.pgpainless.encryption_signing; import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.HashSet; import java.util.Set; @@ -33,6 +36,7 @@ import org.bouncycastle.openpgp.PGPSecretKey; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; import org.bouncycastle.util.io.Streams; +import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; import org.pgpainless.PGPainless; @@ -40,11 +44,13 @@ import org.pgpainless.algorithm.DocumentSignatureType; import org.pgpainless.algorithm.EncryptionPurpose; import org.pgpainless.decryption_verification.DecryptionStream; import org.pgpainless.decryption_verification.OpenPgpMetadata; +import org.pgpainless.exception.KeyValidationException; import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.key.OpenPgpV4Fingerprint; import org.pgpainless.key.TestKeys; import org.pgpainless.key.protection.SecretKeyRingProtector; import org.pgpainless.key.util.KeyRingUtils; +import org.pgpainless.util.Passphrase; import org.pgpainless.util.selection.key.impl.SignatureKeySelectionStrategy; public class SigningTest { @@ -111,4 +117,33 @@ public class SigningTest { assertTrue(metadata.containsVerifiedSignatureFrom(KeyRingUtils.publicKeyRingFrom(cryptieKeys))); assertFalse(metadata.containsVerifiedSignatureFrom(julietKeys)); } + + @Test + public void testSignWithInvalidUserIdFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() + .modernKeyRing("alice", "password123"); + SecretKeyRingProtector protector = SecretKeyRingProtector.unlockAllKeysWith(Passphrase.fromPassword("password123"), secretKeys); + + SigningOptions opts = new SigningOptions(); + // "bob" is not a valid user-id + assertThrows(KeyValidationException.class, + () -> opts.addInlineSignature(protector, secretKeys, "bob", DocumentSignatureType.CANONICAL_TEXT_DOCUMENT)); + } + + @Test + public void testSignWithRevokedUserIdFails() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() + .modernKeyRing("alice", "password123"); + SecretKeyRingProtector protector = SecretKeyRingProtector.unlockAllKeysWith(Passphrase.fromPassword("password123"), secretKeys); + secretKeys = PGPainless.modifyKeyRing(secretKeys) + .revokeUserIdOnAllSubkeys("alice", protector) + .done(); + + final PGPSecretKeyRing fSecretKeys = secretKeys; + + SigningOptions opts = new SigningOptions(); + // "alice" has been revoked + assertThrows(KeyValidationException.class, + () -> opts.addInlineSignature(protector, fSecretKeys, "alice", DocumentSignatureType.CANONICAL_TEXT_DOCUMENT)); + } }