From c95ca8fedc4ee404e3e24521ecfe565b892b60c1 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Fri, 20 Jan 2023 14:58:21 +0100
Subject: [PATCH] Add test for signing with protected key without password

---
 .../operation/DetachedSignExternal.java       |  6 ++++-
 ...ternalDetachedSignVerifyRoundTripTest.java | 23 +++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/external-sop/src/main/java/sop/external/operation/DetachedSignExternal.java b/external-sop/src/main/java/sop/external/operation/DetachedSignExternal.java
index 3deabb2..1f9aa81 100644
--- a/external-sop/src/main/java/sop/external/operation/DetachedSignExternal.java
+++ b/external-sop/src/main/java/sop/external/operation/DetachedSignExternal.java
@@ -96,7 +96,11 @@ public class DetachedSignExternal implements DetachedSign {
                     }
 
                     data.close();
-                    processOut.close();
+                    try {
+                        processOut.close();
+                    } catch (IOException e) {
+                        // Ignore Stream closed
+                    }
 
                     while ((r = processIn.read(buf)) > 0) {
                         outputStream.write(buf, 0 , r);
diff --git a/external-sop/src/test/java/sop/external/ExternalDetachedSignVerifyRoundTripTest.java b/external-sop/src/test/java/sop/external/ExternalDetachedSignVerifyRoundTripTest.java
index 3354389..5dca76d 100644
--- a/external-sop/src/test/java/sop/external/ExternalDetachedSignVerifyRoundTripTest.java
+++ b/external-sop/src/test/java/sop/external/ExternalDetachedSignVerifyRoundTripTest.java
@@ -166,4 +166,27 @@ public class ExternalDetachedSignVerifyRoundTripTest extends AbstractExternalSOP
                 .signatures(signature)
                 .data(message));
     }
+
+
+    @Test
+    public void signVerifyWithFreshEncryptedKeyWithoutPassphraseFails() throws IOException {
+        ignoreIf("sqop", Is.leq, "0.27.2"); // does not return exit code 67 for encrypted keys without passphrase
+
+        byte[] keyPassword = "sw0rdf1sh".getBytes(StandardCharsets.UTF_8);
+        byte[] key = getSop().generateKey()
+                .userId("Alice <alice@openpgp.org>")
+                .withKeyPassword(keyPassword)
+                .generate()
+                .getBytes();
+
+        byte[] message = "Hello, World!\n".getBytes(StandardCharsets.UTF_8);
+
+        assertThrows(SOPGPException.KeyIsProtected.class, () ->
+                getSop().detachedSign()
+                        .key(key)
+                        .data(message)
+                        .toByteArrayAndResult()
+                        .getBytes());
+    }
+
 }