diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/certification/CertifyCertificateTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/certification/CertifyCertificateTest.java index 3dbc4988..f837be1b 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/certification/CertifyCertificateTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/certification/CertifyCertificateTest.java @@ -23,10 +23,13 @@ import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.util.Arrays; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; +import org.pgpainless.algorithm.CertificationType; import org.pgpainless.algorithm.SignatureType; import org.pgpainless.algorithm.Trustworthiness; +import org.pgpainless.key.info.KeyRingInfo; import org.pgpainless.key.protection.SecretKeyRingProtector; import org.pgpainless.signature.consumer.SignatureVerifier; +import org.pgpainless.signature.subpackets.CertificationSubpackets; import org.pgpainless.util.CollectionUtils; import org.pgpainless.util.DateUtil; @@ -105,4 +108,58 @@ public class CertifyCertificateTest { assertFalse(Arrays.areEqual(bobCertificate.getEncoded(), bobCertified.getEncoded())); } + + @Test + public void testPetNameCertification() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + PGPSecretKeyRing aliceKey = PGPainless.generateKeyRing() + .modernKeyRing("Alice "); + PGPSecretKeyRing bobKey = PGPainless.generateKeyRing() + .modernKeyRing("Bob "); + + PGPPublicKeyRing bobCert = PGPainless.extractCertificate(bobKey); + String petName = "Bobby"; + + CertifyCertificate.CertificationResult result = PGPainless.certify() + .userIdOnCertificate(petName, bobCert) + .withKey(aliceKey, SecretKeyRingProtector.unprotectedKeys()) + .buildWithSubpackets(new CertificationSubpackets.Callback() { + @Override + public void modifyHashedSubpackets(CertificationSubpackets hashedSubpackets) { + hashedSubpackets.setExportable(false); + } + }); + + PGPSignature certification = result.getCertification(); + assertEquals(aliceKey.getPublicKey().getKeyID(), certification.getKeyID()); + assertEquals(CertificationType.GENERIC.asSignatureType().getCode(), certification.getSignatureType()); + + PGPPublicKeyRing certWithPetName = result.getCertifiedCertificate(); + KeyRingInfo info = PGPainless.inspectKeyRing(certWithPetName); + assertTrue(info.getUserIds().contains(petName)); + assertFalse(info.getValidUserIds().contains(petName)); + } + + @Test + public void testScopedDelegation() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException { + PGPSecretKeyRing aliceKey = PGPainless.generateKeyRing() + .modernKeyRing("Alice "); + PGPSecretKeyRing caKey = PGPainless.generateKeyRing() + .modernKeyRing("CA "); + PGPPublicKeyRing caCert = PGPainless.extractCertificate(caKey); + + CertifyCertificate.CertificationResult result = PGPainless.certify() + .certificate(caCert, Trustworthiness.fullyTrusted().introducer()) + .withKey(aliceKey, SecretKeyRingProtector.unprotectedKeys()) + .buildWithSubpackets(new CertificationSubpackets.Callback() { + @Override + public void modifyHashedSubpackets(CertificationSubpackets hashedSubpackets) { + hashedSubpackets.setRegularExpression("^.*<.+@example.com>.*$"); + } + }); + + PGPSignature certification = result.getCertification(); + assertEquals(SignatureType.DIRECT_KEY.getCode(), certification.getSignatureType()); + assertEquals("^.*<.+@example.com>.*$", + certification.getHashedSubPackets().getRegularExpression().getRegex()); + } }