From 308c4b452f9639bb2cfaa36620c5e40eab7959fa Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Wed, 12 Jul 2023 15:36:39 +0200
Subject: [PATCH] Add test for signature verification with hard-revoked cert

---
 .../testsuite/operation/RevokeKeyTest.java    | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/sop-java/src/testFixtures/java/sop/testsuite/operation/RevokeKeyTest.java b/sop-java/src/testFixtures/java/sop/testsuite/operation/RevokeKeyTest.java
index 10472ca..6595133 100644
--- a/sop-java/src/testFixtures/java/sop/testsuite/operation/RevokeKeyTest.java
+++ b/sop-java/src/testFixtures/java/sop/testsuite/operation/RevokeKeyTest.java
@@ -9,13 +9,17 @@ import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 import sop.SOP;
+import sop.Verification;
 import sop.exception.SOPGPException;
 import sop.testsuite.JUtils;
 import sop.testsuite.TestData;
+import sop.testsuite.assertions.VerificationListAssert;
 import sop.util.UTF8Util;
 
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
+import java.util.List;
 import java.util.stream.Stream;
 
 import static org.junit.jupiter.api.Assertions.assertFalse;
@@ -97,4 +101,23 @@ public class RevokeKeyTest extends AbstractSOPTest {
 
         assertThrows(SOPGPException.KeyIsProtected.class, () -> sop.revokeKey().withKeyPassword(wrongPassword).keys(secretKey).getBytes());
     }
+
+    @ParameterizedTest
+    @MethodSource("provideInstances")
+    public void revokeKeyIsNowHardRevoked(SOP sop) throws IOException {
+        byte[] key = sop.generateKey().generate().getBytes();
+        byte[] cert = sop.extractCert().key(key).getBytes();
+
+        // Sign a message with the key
+        byte[] msg = TestData.PLAINTEXT.getBytes(StandardCharsets.UTF_8);
+        byte[] signedMsg = sop.inlineSign().key(key).data(msg).getBytes();
+
+        // Verifying the message with the valid cert works
+        List<Verification> result = sop.inlineVerify().cert(cert).data(signedMsg).toByteArrayAndResult().getResult();
+        VerificationListAssert.assertThatVerificationList(result).hasSingleItem();
+
+        // Now hard revoke the key and re-check signature, expecting no valid certification
+        byte[] revokedCert = sop.revokeKey().keys(key).getBytes();
+        assertThrows(SOPGPException.NoSignature.class, () -> sop.inlineVerify().cert(revokedCert).data(signedMsg).toByteArrayAndResult());
+    }
 }