From 838ff9c49973983f000209e616397a39d1d996a6 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Thu, 22 Feb 2024 15:11:12 +0100
Subject: [PATCH] Generate test key with key expiration time

---
 .../key/generation/OpenPgpKeyGeneratorTest.kt | 50 ++++++++++++++++++-
 1 file changed, 49 insertions(+), 1 deletion(-)

diff --git a/pgpainless-core/src/test/kotlin/org/pgpainless/key/generation/OpenPgpKeyGeneratorTest.kt b/pgpainless-core/src/test/kotlin/org/pgpainless/key/generation/OpenPgpKeyGeneratorTest.kt
index 26d41a3f..342c34b2 100644
--- a/pgpainless-core/src/test/kotlin/org/pgpainless/key/generation/OpenPgpKeyGeneratorTest.kt
+++ b/pgpainless-core/src/test/kotlin/org/pgpainless/key/generation/OpenPgpKeyGeneratorTest.kt
@@ -4,6 +4,8 @@
 
 package org.pgpainless.key.generation
 
+import java.time.Duration
+import java.time.temporal.ChronoUnit
 import org.bouncycastle.bcpg.sig.PrimaryUserID
 import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVectorGenerator
 import org.bouncycastle.util.encoders.Hex
@@ -39,7 +41,9 @@ class OpenPgpKeyGeneratorTest {
 
         assertFalse(key.publicKey.userIDs.hasNext(), "Key MUST NOT have a UserID")
         assertFalse(key.publicKey.userAttributes.hasNext(), "Key MUST NOT have a UserAttribute")
-        assertEquals(1, key.publicKey.directKeySignatures.count(),
+        assertEquals(
+            1,
+            key.publicKey.directKeySignatures.count(),
             "Opinionated builder adds exactly one DirectKey signature")
 
         println(key.toAsciiArmor())
@@ -136,6 +140,7 @@ class OpenPgpKeyGeneratorTest {
             .addSubkey(KeyType.EDDSA(EdDSACurve._Ed25519)) { addBindingSignature() }
             .addSubkey(KeyType.XDH(XDHSpec._X25519)) { addBindingSignature() }
             .build()
+            .let { println(it.toAsciiArmor()) }
     }
 
     @Test
@@ -484,6 +489,32 @@ class OpenPgpKeyGeneratorTest {
         }
     }
 
+    @Test
+    fun `opinionated add sign-only sukey but with additional encryption flag fails`() {
+        val policy = Policy()
+
+        assertThrows<IllegalArgumentException> {
+            OpenPgpKeyGenerator.buildV4Key(policy)
+                .setPrimaryKey(KeyType.EDDSA(EdDSACurve._Ed25519))
+                .addSubkey(
+                    KeyType.EDDSA(EdDSACurve._Ed25519),
+                    listOf(KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE))
+        }
+    }
+
+    @Test
+    fun `unopinionated add sign-only sukey but with additional encryption flag is okay`() {
+        val policy = Policy()
+
+        OpenPgpKeyGenerator.buildV4Key(policy)
+            .setPrimaryKey(KeyType.EDDSA(EdDSACurve._Ed25519))
+            .unopinionated()
+            .addSubkey(
+                KeyType.EDDSA(EdDSACurve._Ed25519),
+                listOf(KeyFlag.SIGN_DATA, KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE))
+            .build()
+    }
+
     @Test
     fun `add image attribute to key`() {
         // smallest JPEG according to https://stackoverflow.com/a/2349470/11150851
@@ -500,4 +531,21 @@ class OpenPgpKeyGeneratorTest {
 
         assertArrayEquals(jpegBytes, key.publicKey.userAttributes.next().imageAttribute.imageData)
     }
+
+    @Test
+    fun `generate key with expiration time`() {
+        val policy = Policy()
+
+        OpenPgpKeyGenerator.buildV4Key(policy)
+            .setPrimaryKey(KeyType.EDDSA(EdDSACurve._Ed25519)) {
+                addDirectKeySignature(
+                    SelfSignatureSubpackets.applyHashed {
+                        setKeyExpirationTime(true, Duration.of(5 * 365, ChronoUnit.DAYS))
+                    })
+                addUserId("Bob")
+            }
+            .addEncryptionSubkey(KeyType.XDH(XDHSpec._X25519))
+            .build()
+            .let { println(it.toAsciiArmor()) }
+    }
 }