Implement '--signing-only' option for 'generate-key' command

2024-11-22 15:12:06 +01:00 · 2023-07-12 01:06:41 +02:00 · 2023-07-12 01:06:41 +02:00 · 6afe6896d8
commit 6afe6896d8
parent 7e1377a28c
4 changed files with 41 additions and 0 deletions
--- a/external-sop/src/main/java/sop/external/operation/GenerateKeyExternal.java
+++ b/external-sop/src/main/java/sop/external/operation/GenerateKeyExternal.java
@ -57,6 +57,12 @@ public class GenerateKeyExternal implements GenerateKey {
        return this;
    }

+    @Override
+    public GenerateKey signingOnly() {
+        commandList.add("--signing-only");
+        return this;
+    }
+
    @Override
    public Ready generate()
            throws SOPGPException.MissingArg, SOPGPException.UnsupportedAsymmetricAlgo {
--- a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/GenerateKeyCmd.java
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/GenerateKeyCmd.java
@ -34,6 +34,9 @@ public class GenerateKeyCmd extends AbstractSopCmd {
            paramLabel = "PROFILE")
    String profile;

+    @CommandLine.Option(names = "--signing-only")
+    boolean signingOnly = false;
+
    @Override
    public void run() {
        GenerateKey generateKey = throwIfUnsupportedSubcommand(
@ -48,6 +51,10 @@ public class GenerateKeyCmd extends AbstractSopCmd {
            }
        }

+        if (signingOnly) {
+            generateKey.signingOnly();
+        }
+
        for (String userId : userId) {
            generateKey.userId(userId);
        }
--- a/sop-java/src/main/java/sop/operation/GenerateKey.java
+++ b/sop-java/src/main/java/sop/operation/GenerateKey.java
@ -80,6 +80,13 @@ public interface GenerateKey {
     */
    GenerateKey profile(String profile);

+    /**
+     * If this options is set, the generated key will not be capable of encryption / decryption.
+     *
+     * @return builder instance
+     */
+    GenerateKey signingOnly();
+
    /**
     * Generate the OpenPGP key and return it encoded as an {@link InputStream}.
     *
--- a/sop-java/src/testFixtures/java/sop/testsuite/operation/GenerateKeyTest.java
+++ b/sop-java/src/testFixtures/java/sop/testsuite/operation/GenerateKeyTest.java
@ -10,12 +10,16 @@ import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 import sop.SOP;
+import sop.exception.SOPGPException;
 import sop.testsuite.JUtils;
 import sop.testsuite.TestData;

 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.util.stream.Stream;

+import static org.junit.jupiter.api.Assertions.assertThrows;
+
@EnabledIf("sop.testsuite.operation.AbstractSOPTest#hasBackends")
 public class GenerateKeyTest extends AbstractSOPTest {

@ -97,4 +101,21 @@ public class GenerateKeyTest extends AbstractSOPTest {
        JUtils.assertArrayStartsWith(key, TestData.BEGIN_PGP_PRIVATE_KEY_BLOCK);
        JUtils.assertArrayEndsWithIgnoreNewlines(key, TestData.END_PGP_PRIVATE_KEY_BLOCK);
    }
+
+    @ParameterizedTest
+    @MethodSource("provideInstances")
+    public void generateSigningOnlyKey(SOP sop) throws IOException {
+        byte[] signingOnlyKey = sop.generateKey()
+                .signingOnly()
+                .userId("Alice <alice@pgpainless.org>")
+                .generate()
+                .getBytes();
+        byte[] signingOnlyCert = sop.extractCert()
+                .key(signingOnlyKey)
+                .getBytes();
+
+        assertThrows(SOPGPException.CertCannotEncrypt.class, () ->
+                sop.encrypt().withCert(signingOnlyCert)
+                        .plaintext(TestData.PLAINTEXT.getBytes(StandardCharsets.UTF_8)));
+    }
 }