125 lines
5.2 KiB
Java
125 lines
5.2 KiB
Java
// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
|
|
//
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package sop.testsuite.operation;
|
|
|
|
import org.junit.jupiter.api.condition.EnabledIf;
|
|
import org.junit.jupiter.params.ParameterizedTest;
|
|
import org.junit.jupiter.params.provider.Arguments;
|
|
import org.junit.jupiter.params.provider.MethodSource;
|
|
import sop.SOP;
|
|
import sop.exception.SOPGPException;
|
|
import sop.testsuite.JUtils;
|
|
import sop.testsuite.TestData;
|
|
import sop.util.UTF8Util;
|
|
|
|
import java.io.IOException;
|
|
import java.nio.charset.StandardCharsets;
|
|
import java.util.stream.Stream;
|
|
|
|
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
|
import static org.junit.jupiter.api.Assertions.assertFalse;
|
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
|
|
|
@EnabledIf("sop.testsuite.operation.AbstractSOPTest#hasBackends")
|
|
public class ChangeKeyPasswordTest extends AbstractSOPTest {
|
|
|
|
static Stream<Arguments> provideInstances() {
|
|
return AbstractSOPTest.provideBackends();
|
|
}
|
|
|
|
@ParameterizedTest
|
|
@MethodSource("provideInstances")
|
|
public void changePasswordFromUnprotectedToProtected(SOP sop) throws IOException {
|
|
byte[] unprotectedKey = sop.generateKey().generate().getBytes();
|
|
byte[] password = "sw0rdf1sh".getBytes(UTF8Util.UTF8);
|
|
byte[] protectedKey = sop.changeKeyPassword().newKeyPassphrase(password).keys(unprotectedKey).getBytes();
|
|
|
|
sop.sign().withKeyPassword(password).key(protectedKey).data("Test123".getBytes(StandardCharsets.UTF_8));
|
|
}
|
|
|
|
@ParameterizedTest
|
|
@MethodSource("provideInstances")
|
|
public void changePasswordFromUnprotectedToUnprotected(SOP sop) throws IOException {
|
|
byte[] unprotectedKey = sop.generateKey().noArmor().generate().getBytes();
|
|
byte[] stillUnprotectedKey = sop.changeKeyPassword().noArmor().keys(unprotectedKey).getBytes();
|
|
|
|
assertArrayEquals(unprotectedKey, stillUnprotectedKey);
|
|
}
|
|
|
|
@ParameterizedTest
|
|
@MethodSource("provideInstances")
|
|
public void changePasswordFromProtectedToUnprotected(SOP sop) throws IOException {
|
|
byte[] password = "sw0rdf1sh".getBytes(UTF8Util.UTF8);
|
|
byte[] protectedKey = sop.generateKey().withKeyPassword(password).generate().getBytes();
|
|
byte[] unprotectedKey = sop.changeKeyPassword()
|
|
.oldKeyPassphrase(password)
|
|
.keys(protectedKey).getBytes();
|
|
|
|
sop.sign().key(unprotectedKey).data("Test123".getBytes(StandardCharsets.UTF_8));
|
|
}
|
|
|
|
@ParameterizedTest
|
|
@MethodSource("provideInstances")
|
|
public void changePasswordFromProtectedToDifferentProtected(SOP sop) throws IOException {
|
|
byte[] oldPassword = "sw0rdf1sh".getBytes(UTF8Util.UTF8);
|
|
byte[] newPassword = "0r4ng3".getBytes(UTF8Util.UTF8);
|
|
byte[] protectedKey = sop.generateKey().withKeyPassword(oldPassword).generate().getBytes();
|
|
byte[] reprotectedKey = sop.changeKeyPassword()
|
|
.oldKeyPassphrase(oldPassword)
|
|
.newKeyPassphrase(newPassword)
|
|
.keys(protectedKey).getBytes();
|
|
|
|
sop.sign().key(reprotectedKey).withKeyPassword(newPassword).data("Test123".getBytes(StandardCharsets.UTF_8));
|
|
}
|
|
|
|
|
|
@ParameterizedTest
|
|
@MethodSource("provideInstances")
|
|
public void changePasswordWithWrongOldPasswordFails(SOP sop) throws IOException {
|
|
byte[] oldPassword = "sw0rdf1sh".getBytes(UTF8Util.UTF8);
|
|
byte[] newPassword = "monkey123".getBytes(UTF8Util.UTF8);
|
|
byte[] wrongPassword = "0r4ng3".getBytes(UTF8Util.UTF8);
|
|
|
|
byte[] protectedKey = sop.generateKey().withKeyPassword(oldPassword).generate().getBytes();
|
|
assertThrows(SOPGPException.KeyIsProtected.class, () -> sop.changeKeyPassword()
|
|
.oldKeyPassphrase(wrongPassword)
|
|
.newKeyPassphrase(newPassword)
|
|
.keys(protectedKey).getBytes());
|
|
}
|
|
|
|
@ParameterizedTest
|
|
@MethodSource("provideInstances")
|
|
public void nonUtf8PasswordsFail(SOP sop) {
|
|
assertThrows(SOPGPException.PasswordNotHumanReadable.class, () ->
|
|
sop.changeKeyPassword().oldKeyPassphrase(new byte[] {(byte) 0xff, (byte) 0xfe}));
|
|
assertThrows(SOPGPException.PasswordNotHumanReadable.class, () ->
|
|
sop.changeKeyPassword().newKeyPassphrase(new byte[] {(byte) 0xff, (byte) 0xfe}));
|
|
|
|
}
|
|
|
|
@ParameterizedTest
|
|
@MethodSource("provideInstances")
|
|
public void testNoArmor(SOP sop) throws IOException {
|
|
byte[] oldPassword = "sw0rdf1sh".getBytes(UTF8Util.UTF8);
|
|
byte[] newPassword = "0r4ng3".getBytes(UTF8Util.UTF8);
|
|
byte[] protectedKey = sop.generateKey().withKeyPassword(oldPassword).generate().getBytes();
|
|
|
|
byte[] armored = sop.changeKeyPassword()
|
|
.oldKeyPassphrase(oldPassword)
|
|
.newKeyPassphrase(newPassword)
|
|
.keys(protectedKey)
|
|
.getBytes();
|
|
JUtils.assertArrayStartsWith(armored, TestData.BEGIN_PGP_PRIVATE_KEY_BLOCK);
|
|
|
|
byte[] unarmored = sop.changeKeyPassword()
|
|
.noArmor()
|
|
.oldKeyPassphrase(oldPassword)
|
|
.newKeyPassphrase(newPassword)
|
|
.keys(protectedKey)
|
|
.getBytes();
|
|
assertFalse(JUtils.arrayStartsWith(unarmored, TestData.BEGIN_PGP_PRIVATE_KEY_BLOCK));
|
|
}
|
|
}
|