mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-23 03:17:58 +01:00
Test usability of keyflag-less key
This commit is contained in:
parent
1b96919d84
commit
bf6c89af64
1 changed files with 48 additions and 8 deletions
|
@ -4,12 +4,33 @@
|
||||||
|
|
||||||
package org.pgpainless.key.generation;
|
package org.pgpainless.key.generation;
|
||||||
|
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
|
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
|
import java.io.ByteArrayOutputStream;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.nio.charset.StandardCharsets;
|
||||||
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
|
import org.bouncycastle.util.io.Streams;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
|
import org.pgpainless.algorithm.DocumentSignatureType;
|
||||||
import org.pgpainless.algorithm.KeyFlag;
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
|
import org.pgpainless.decryption_verification.ConsumerOptions;
|
||||||
|
import org.pgpainless.decryption_verification.DecryptionStream;
|
||||||
|
import org.pgpainless.decryption_verification.MessageMetadata;
|
||||||
|
import org.pgpainless.encryption_signing.EncryptionOptions;
|
||||||
|
import org.pgpainless.encryption_signing.EncryptionResult;
|
||||||
|
import org.pgpainless.encryption_signing.EncryptionStream;
|
||||||
|
import org.pgpainless.encryption_signing.ProducerOptions;
|
||||||
|
import org.pgpainless.encryption_signing.SigningOptions;
|
||||||
import org.pgpainless.exception.KeyException;
|
import org.pgpainless.exception.KeyException;
|
||||||
import org.pgpainless.key.TestKeys;
|
import org.pgpainless.key.TestKeys;
|
||||||
import org.pgpainless.key.generation.type.KeyType;
|
import org.pgpainless.key.generation.type.KeyType;
|
||||||
|
@ -18,14 +39,6 @@ import org.pgpainless.key.generation.type.xdh.XDHSpec;
|
||||||
import org.pgpainless.key.info.KeyRingInfo;
|
import org.pgpainless.key.info.KeyRingInfo;
|
||||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
|
||||||
import java.security.NoSuchAlgorithmException;
|
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
|
||||||
|
|
||||||
public class GenerateKeyWithoutPrimaryKeyFlagsTest {
|
public class GenerateKeyWithoutPrimaryKeyFlagsTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -35,6 +48,7 @@ public class GenerateKeyWithoutPrimaryKeyFlagsTest {
|
||||||
.addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
|
.addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
|
||||||
.addUserId("Alice")
|
.addUserId("Alice")
|
||||||
.build();
|
.build();
|
||||||
|
PGPPublicKeyRing cert = PGPainless.extractCertificate(secretKeys);
|
||||||
|
|
||||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
|
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
|
||||||
assertTrue(info.getValidUserIds().contains("Alice"));
|
assertTrue(info.getValidUserIds().contains("Alice"));
|
||||||
|
@ -49,5 +63,31 @@ public class GenerateKeyWithoutPrimaryKeyFlagsTest {
|
||||||
assertThrows(KeyException.UnacceptableThirdPartyCertificationKeyException.class, () ->
|
assertThrows(KeyException.UnacceptableThirdPartyCertificationKeyException.class, () ->
|
||||||
PGPainless.certify().certificate(thirdPartyCert)
|
PGPainless.certify().certificate(thirdPartyCert)
|
||||||
.withKey(secretKeys, SecretKeyRingProtector.unprotectedKeys()));
|
.withKey(secretKeys, SecretKeyRingProtector.unprotectedKeys()));
|
||||||
|
|
||||||
|
// Key without CERTIFY_OTHER flags is usable for encryption and signing
|
||||||
|
ByteArrayOutputStream ciphertext = new ByteArrayOutputStream();
|
||||||
|
EncryptionStream encryptionStream = PGPainless.encryptAndOrSign()
|
||||||
|
.onOutputStream(ciphertext)
|
||||||
|
.withOptions(ProducerOptions.signAndEncrypt(
|
||||||
|
EncryptionOptions.get().addRecipient(cert),
|
||||||
|
SigningOptions.get().addInlineSignature(SecretKeyRingProtector.unprotectedKeys(), secretKeys, DocumentSignatureType.BINARY_DOCUMENT)
|
||||||
|
));
|
||||||
|
encryptionStream.write("Hello, World!\n".getBytes(StandardCharsets.UTF_8));
|
||||||
|
encryptionStream.close();
|
||||||
|
EncryptionResult result = encryptionStream.getResult();
|
||||||
|
assertTrue(result.isEncryptedFor(cert));
|
||||||
|
|
||||||
|
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
||||||
|
.onInputStream(new ByteArrayInputStream(ciphertext.toByteArray()))
|
||||||
|
.withOptions(ConsumerOptions.get().addDecryptionKey(secretKeys)
|
||||||
|
.addVerificationCert(cert));
|
||||||
|
|
||||||
|
ByteArrayOutputStream plaintext = new ByteArrayOutputStream();
|
||||||
|
Streams.pipeAll(decryptionStream, plaintext);
|
||||||
|
decryptionStream.close();
|
||||||
|
|
||||||
|
MessageMetadata metadata = decryptionStream.getMetadata();
|
||||||
|
assertTrue(metadata.isEncryptedFor(cert));
|
||||||
|
assertTrue(metadata.isVerifiedSignedBy(cert));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue