mirror of
https://github.com/pgpainless/pgpainless.git
synced 2025-01-08 19:27:57 +01:00
Test usability of keyflag-less key
This commit is contained in:
parent
1b96919d84
commit
bf6c89af64
1 changed files with 48 additions and 8 deletions
|
@ -4,12 +4,33 @@
|
|||
|
||||
package org.pgpainless.key.generation;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||
import org.bouncycastle.util.io.Streams;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.pgpainless.PGPainless;
|
||||
import org.pgpainless.algorithm.DocumentSignatureType;
|
||||
import org.pgpainless.algorithm.KeyFlag;
|
||||
import org.pgpainless.decryption_verification.ConsumerOptions;
|
||||
import org.pgpainless.decryption_verification.DecryptionStream;
|
||||
import org.pgpainless.decryption_verification.MessageMetadata;
|
||||
import org.pgpainless.encryption_signing.EncryptionOptions;
|
||||
import org.pgpainless.encryption_signing.EncryptionResult;
|
||||
import org.pgpainless.encryption_signing.EncryptionStream;
|
||||
import org.pgpainless.encryption_signing.ProducerOptions;
|
||||
import org.pgpainless.encryption_signing.SigningOptions;
|
||||
import org.pgpainless.exception.KeyException;
|
||||
import org.pgpainless.key.TestKeys;
|
||||
import org.pgpainless.key.generation.type.KeyType;
|
||||
|
@ -18,14 +39,6 @@ import org.pgpainless.key.generation.type.xdh.XDHSpec;
|
|||
import org.pgpainless.key.info.KeyRingInfo;
|
||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
public class GenerateKeyWithoutPrimaryKeyFlagsTest {
|
||||
|
||||
@Test
|
||||
|
@ -35,6 +48,7 @@ public class GenerateKeyWithoutPrimaryKeyFlagsTest {
|
|||
.addSubkey(KeySpec.getBuilder(KeyType.XDH(XDHSpec._X25519), KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS))
|
||||
.addUserId("Alice")
|
||||
.build();
|
||||
PGPPublicKeyRing cert = PGPainless.extractCertificate(secretKeys);
|
||||
|
||||
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
|
||||
assertTrue(info.getValidUserIds().contains("Alice"));
|
||||
|
@ -49,5 +63,31 @@ public class GenerateKeyWithoutPrimaryKeyFlagsTest {
|
|||
assertThrows(KeyException.UnacceptableThirdPartyCertificationKeyException.class, () ->
|
||||
PGPainless.certify().certificate(thirdPartyCert)
|
||||
.withKey(secretKeys, SecretKeyRingProtector.unprotectedKeys()));
|
||||
|
||||
// Key without CERTIFY_OTHER flags is usable for encryption and signing
|
||||
ByteArrayOutputStream ciphertext = new ByteArrayOutputStream();
|
||||
EncryptionStream encryptionStream = PGPainless.encryptAndOrSign()
|
||||
.onOutputStream(ciphertext)
|
||||
.withOptions(ProducerOptions.signAndEncrypt(
|
||||
EncryptionOptions.get().addRecipient(cert),
|
||||
SigningOptions.get().addInlineSignature(SecretKeyRingProtector.unprotectedKeys(), secretKeys, DocumentSignatureType.BINARY_DOCUMENT)
|
||||
));
|
||||
encryptionStream.write("Hello, World!\n".getBytes(StandardCharsets.UTF_8));
|
||||
encryptionStream.close();
|
||||
EncryptionResult result = encryptionStream.getResult();
|
||||
assertTrue(result.isEncryptedFor(cert));
|
||||
|
||||
DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
|
||||
.onInputStream(new ByteArrayInputStream(ciphertext.toByteArray()))
|
||||
.withOptions(ConsumerOptions.get().addDecryptionKey(secretKeys)
|
||||
.addVerificationCert(cert));
|
||||
|
||||
ByteArrayOutputStream plaintext = new ByteArrayOutputStream();
|
||||
Streams.pipeAll(decryptionStream, plaintext);
|
||||
decryptionStream.close();
|
||||
|
||||
MessageMetadata metadata = decryptionStream.getMetadata();
|
||||
assertTrue(metadata.isEncryptedFor(cert));
|
||||
assertTrue(metadata.isVerifiedSignedBy(cert));
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue