From bf6c89af648f9dee39488f580d1a436e5ae5a10a Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Mon, 9 Oct 2023 12:09:22 +0200
Subject: [PATCH] Test usability of keyflag-less key

---
 ...GenerateKeyWithoutPrimaryKeyFlagsTest.java | 56 ++++++++++++++++---
 1 file changed, 48 insertions(+), 8 deletions(-)

diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithoutPrimaryKeyFlagsTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithoutPrimaryKeyFlagsTest.java
index e2db311d..63f04a8f 100644
--- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithoutPrimaryKeyFlagsTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithoutPrimaryKeyFlagsTest.java
@@ -4,12 +4,33 @@
 
 package org.pgpainless.key.generation;
 
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.bouncycastle.util.io.Streams;
 import org.junit.jupiter.api.Test;
 import org.pgpainless.PGPainless;
+import org.pgpainless.algorithm.DocumentSignatureType;
 import org.pgpainless.algorithm.KeyFlag;
+import org.pgpainless.decryption_verification.ConsumerOptions;
+import org.pgpainless.decryption_verification.DecryptionStream;
+import org.pgpainless.decryption_verification.MessageMetadata;
+import org.pgpainless.encryption_signing.EncryptionOptions;
+import org.pgpainless.encryption_signing.EncryptionResult;
+import org.pgpainless.encryption_signing.EncryptionStream;
+import org.pgpainless.encryption_signing.ProducerOptions;
+import org.pgpainless.encryption_signing.SigningOptions;
 import org.pgpainless.exception.KeyException;
 import org.pgpainless.key.TestKeys;
 import org.pgpainless.key.generation.type.KeyType;
@@ -18,14 +39,6 @@ import org.pgpainless.key.generation.type.xdh.XDHSpec;
 import org.pgpainless.key.info.KeyRingInfo;
 import org.pgpainless.key.protection.SecretKeyRingProtector;
 
-import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-
-import static org.junit.jupiter.api.Assertions.assertFalse;
-import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-
 public class GenerateKeyWithoutPrimaryKeyFlagsTest {
 
     @Test
@@ -35,6 +48,7 @@ public class GenerateKeyWithoutPrimaryKeyFlagsTest {
                 .addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
                 .addUserId("Alice")
                 .build();
+        PGPPublicKeyRing cert = PGPainless.extractCertificate(secretKeys);
 
         KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
         assertTrue(info.getValidUserIds().contains("Alice"));
@@ -49,5 +63,31 @@ public class GenerateKeyWithoutPrimaryKeyFlagsTest {
         assertThrows(KeyException.UnacceptableThirdPartyCertificationKeyException.class, () ->
                 PGPainless.certify().certificate(thirdPartyCert)
                         .withKey(secretKeys, SecretKeyRingProtector.unprotectedKeys()));
+
+        // Key without CERTIFY_OTHER flags is usable for encryption and signing
+        ByteArrayOutputStream ciphertext = new ByteArrayOutputStream();
+        EncryptionStream encryptionStream = PGPainless.encryptAndOrSign()
+                .onOutputStream(ciphertext)
+                .withOptions(ProducerOptions.signAndEncrypt(
+                        EncryptionOptions.get().addRecipient(cert),
+                        SigningOptions.get().addInlineSignature(SecretKeyRingProtector.unprotectedKeys(), secretKeys, DocumentSignatureType.BINARY_DOCUMENT)
+                ));
+        encryptionStream.write("Hello, World!\n".getBytes(StandardCharsets.UTF_8));
+        encryptionStream.close();
+        EncryptionResult result = encryptionStream.getResult();
+        assertTrue(result.isEncryptedFor(cert));
+
+        DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
+                .onInputStream(new ByteArrayInputStream(ciphertext.toByteArray()))
+                .withOptions(ConsumerOptions.get().addDecryptionKey(secretKeys)
+                        .addVerificationCert(cert));
+
+        ByteArrayOutputStream plaintext = new ByteArrayOutputStream();
+        Streams.pipeAll(decryptionStream, plaintext);
+        decryptionStream.close();
+
+        MessageMetadata metadata = decryptionStream.getMetadata();
+        assertTrue(metadata.isEncryptedFor(cert));
+        assertTrue(metadata.isVerifiedSignedBy(cert));
     }
 }