From eded55c259991ee4ed21b174065f5fdac1c2a2c4 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Fri, 13 Jan 2023 17:54:37 +0100
Subject: [PATCH] Add more tests

---
 ...ternalDetachedSignVerifyRoundTripTest.java | 24 ++++++
 .../ExternalEncryptDecryptRoundTripTest.java  | 74 +++++++++++++++++++
 .../sop/external/ExternalGenerateKeyTest.java |  4 +-
 3 files changed, 101 insertions(+), 1 deletion(-)

diff --git a/external-sop/src/test/java/sop/external/ExternalDetachedSignVerifyRoundTripTest.java b/external-sop/src/test/java/sop/external/ExternalDetachedSignVerifyRoundTripTest.java
index 4832770..efe4a68 100644
--- a/external-sop/src/test/java/sop/external/ExternalDetachedSignVerifyRoundTripTest.java
+++ b/external-sop/src/test/java/sop/external/ExternalDetachedSignVerifyRoundTripTest.java
@@ -71,4 +71,28 @@ public class ExternalDetachedSignVerifyRoundTripTest extends AbstractExternalSOP
 
         assertFalse(verificationList.isEmpty());
     }
+
+    @Test
+    public void signArmorVerifyWithBobKey() throws IOException {
+        byte[] message = "Hello, World!\n".getBytes(StandardCharsets.UTF_8);
+
+        byte[] signature = getSop().detachedSign()
+                .key(TestKeys.BOB_KEY.getBytes(StandardCharsets.UTF_8))
+                .noArmor()
+                .data(message)
+                .toByteArrayAndResult()
+                .getBytes();
+
+        byte[] armored = getSop().armor()
+                .data(signature)
+                .getBytes();
+
+        List<Verification> verificationList = getSop().detachedVerify()
+                .cert(TestKeys.BOB_CERT.getBytes(StandardCharsets.UTF_8))
+                .signatures(armored)
+                .data(message);
+
+        assertFalse(verificationList.isEmpty());
+        assertTrue(verificationList.get(0).toString().contains("D1A66E1A23B182C9980F788CFBFCC82A015E7330 D1A66E1A23B182C9980F788CFBFCC82A015E7330"));
+    }
 }
diff --git a/external-sop/src/test/java/sop/external/ExternalEncryptDecryptRoundTripTest.java b/external-sop/src/test/java/sop/external/ExternalEncryptDecryptRoundTripTest.java
index 95bf15a..2405e66 100644
--- a/external-sop/src/test/java/sop/external/ExternalEncryptDecryptRoundTripTest.java
+++ b/external-sop/src/test/java/sop/external/ExternalEncryptDecryptRoundTripTest.java
@@ -9,15 +9,19 @@ import org.junit.jupiter.api.condition.EnabledIf;
 import sop.ByteArrayAndResult;
 import sop.DecryptionResult;
 import sop.Verification;
+import sop.exception.SOPGPException;
+import sop.util.UTCUtil;
 
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+import java.util.Date;
 import java.util.List;
 
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 @EnabledIf("sop.external.AbstractExternalSOPTest#isExternalSopInstalled")
@@ -151,4 +155,74 @@ public class ExternalEncryptDecryptRoundTripTest extends AbstractExternalSOPTest
         assertFalse(bytesAndResult.getResult().getVerifications().isEmpty());
         assertArrayEquals(message, bytesAndResult.getBytes());
     }
+
+    @Test
+    public void decryptVerifyNotAfterTest() {
+        ignoreIf("PGPainless-SOP", Is.le, "1.4.2"); // does not recognize --verify-not-after
+        ignoreIf("sqop", Is.leq, "0.27.2"); // does not throw NoSignature
+
+        byte[] message = ("-----BEGIN PGP MESSAGE-----\n" +
+                "\n" +
+                "wV4DR2b2udXyHrYSAQdAwlOwwyxFDJta5+H9abgSj8jum9v7etUc9usdrElESmow\n" +
+                "2Hka48AFVfOezYh0OFn9R8+DMcpuE+e4nw3XnnX5nKs/j3AC2IW6zRHUkRcF3ZCq\n" +
+                "0sBNAfjnTYCMjuBmqdcCLzaZT4Hadnpg6neP1UecT/jP14maGfv8nwt0IDGR0Bik\n" +
+                "0WC/UJLpWyJ/6TgRrA5hNfANVnfiFBzIiThiVBRWPT2StHr2cOAvFxQK4Uk07rK9\n" +
+                "9aTUak8FpML+QA83U8I3qOk4QbzGVBP+IDJ+AKmvDz+0V+9kUhKp+8vyXsBmo9c3\n" +
+                "SAXjhFSiPQkU7ORsc6gQHL9+KPOU+W2poPK87H3cmaGiusnXMeLXLIUbkBUJTswd\n" +
+                "JNrA2yAkTTFP9QabsdcdTGoeYamq1c29kHF3GOTTcEqXw4WWXngcF7Kbcf435kkL\n" +
+                "4iSJnCaxTPftKUxmiGqMqLef7ICVnq/lz3HrH1VD54s=\n" +
+                "=Ebi3\n" +
+                "-----END PGP MESSAGE-----").getBytes(StandardCharsets.UTF_8);
+        Date signatureDate = UTCUtil.parseUTCDate("2023-01-13T16:09:32Z");
+
+        Date beforeSignature = new Date(signatureDate.getTime() - 1000); // 1 sec before signing date
+
+        assertThrows(SOPGPException.NoSignature.class, () -> {
+            ByteArrayAndResult<DecryptionResult> bytesAndResult = getSop().decrypt()
+                    .withKey(TestKeys.ALICE_KEY.getBytes(StandardCharsets.UTF_8))
+                    .verifyWithCert(TestKeys.ALICE_CERT.getBytes(StandardCharsets.UTF_8))
+                    .verifyNotAfter(beforeSignature)
+                    .ciphertext(message)
+                    .toByteArrayAndResult();
+
+            if (bytesAndResult.getResult().getVerifications().isEmpty()) {
+                throw new SOPGPException.NoSignature("No verifiable signature found.");
+            }
+        });
+    }
+
+    @Test
+    public void decryptVerifyNotBeforeTest() {
+        ignoreIf("PGPainless-SOP", Is.le, "1.4.2"); // does not recognize --verify-not-after
+        ignoreIf("sqop", Is.leq, "0.27.2"); // does not throw NoSignature
+
+        byte[] message = ("-----BEGIN PGP MESSAGE-----\n" +
+                "\n" +
+                "wV4DR2b2udXyHrYSAQdAwlOwwyxFDJta5+H9abgSj8jum9v7etUc9usdrElESmow\n" +
+                "2Hka48AFVfOezYh0OFn9R8+DMcpuE+e4nw3XnnX5nKs/j3AC2IW6zRHUkRcF3ZCq\n" +
+                "0sBNAfjnTYCMjuBmqdcCLzaZT4Hadnpg6neP1UecT/jP14maGfv8nwt0IDGR0Bik\n" +
+                "0WC/UJLpWyJ/6TgRrA5hNfANVnfiFBzIiThiVBRWPT2StHr2cOAvFxQK4Uk07rK9\n" +
+                "9aTUak8FpML+QA83U8I3qOk4QbzGVBP+IDJ+AKmvDz+0V+9kUhKp+8vyXsBmo9c3\n" +
+                "SAXjhFSiPQkU7ORsc6gQHL9+KPOU+W2poPK87H3cmaGiusnXMeLXLIUbkBUJTswd\n" +
+                "JNrA2yAkTTFP9QabsdcdTGoeYamq1c29kHF3GOTTcEqXw4WWXngcF7Kbcf435kkL\n" +
+                "4iSJnCaxTPftKUxmiGqMqLef7ICVnq/lz3HrH1VD54s=\n" +
+                "=Ebi3\n" +
+                "-----END PGP MESSAGE-----").getBytes(StandardCharsets.UTF_8);
+        Date signatureDate = UTCUtil.parseUTCDate("2023-01-13T16:09:32Z");
+
+        Date afterSignature = new Date(signatureDate.getTime() + 1000); // 1 sec after signing date
+
+        assertThrows(SOPGPException.NoSignature.class, () -> {
+            ByteArrayAndResult<DecryptionResult> bytesAndResult = getSop().decrypt()
+                    .withKey(TestKeys.ALICE_KEY.getBytes(StandardCharsets.UTF_8))
+                    .verifyWithCert(TestKeys.ALICE_CERT.getBytes(StandardCharsets.UTF_8))
+                    .verifyNotBefore(afterSignature)
+                    .ciphertext(message)
+                    .toByteArrayAndResult();
+
+            if (bytesAndResult.getResult().getVerifications().isEmpty()) {
+                throw new SOPGPException.NoSignature("No verifiable signature found.");
+            }
+        });
+    }
 }
diff --git a/external-sop/src/test/java/sop/external/ExternalGenerateKeyTest.java b/external-sop/src/test/java/sop/external/ExternalGenerateKeyTest.java
index c492ebe..0e23992 100644
--- a/external-sop/src/test/java/sop/external/ExternalGenerateKeyTest.java
+++ b/external-sop/src/test/java/sop/external/ExternalGenerateKeyTest.java
@@ -81,7 +81,9 @@ public class ExternalGenerateKeyTest extends AbstractExternalSOPTest {
     @Test
     public void generateKeyWithMultipleUserIdsAndPassword() throws IOException {
         ignoreIf("sqop", Is.le, "0.27.0");
-        ignoreIf("pgpainless-cli", Is.le, "1.3.15");
+        ignoreIf("PGPainless-SOP", Is.le, "1.3.15");
+        ignoreIf("PGPainless-SOP", Is.eq, "1.4.0");
+        ignoreIf("PGPainless-SOP", Is.eq, "1.4.1");
 
         byte[] key = getSop().generateKey()
                 .userId("Alice <alice@openpgp.org>")