From 38ef2833136659ca8ed44cc062e6b53e3a59816a Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Sun, 13 Mar 2022 16:53:22 +0100 Subject: [PATCH] Add test for unbound user-ids --- .../wkd/test_suite/TestSuiteGenerator.java | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/wkd-test-suite/src/main/java/pgp/wkd/test_suite/TestSuiteGenerator.java b/wkd-test-suite/src/main/java/pgp/wkd/test_suite/TestSuiteGenerator.java index 5222d08..1b0dc93 100644 --- a/wkd-test-suite/src/main/java/pgp/wkd/test_suite/TestSuiteGenerator.java +++ b/wkd-test-suite/src/main/java/pgp/wkd/test_suite/TestSuiteGenerator.java @@ -22,6 +22,7 @@ import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.bouncycastle.openpgp.PGPSignature; import org.pgpainless.PGPainless; import org.pgpainless.key.protection.SecretKeyRingProtector; @@ -47,6 +48,7 @@ public class TestSuiteGenerator { tests.add(baseCaseMultipleCertificates(structure)); tests.add(wrongUserId(structure)); tests.add(noUserId(structure)); + tests.add(unboundUserId(structure)); tests.addAll(baseCaseMultiUserIds(structure)); tests.add(secretKeyMaterial(structure)); tests.add(randomBytes(structure)); @@ -158,6 +160,36 @@ public class TestSuiteGenerator { return TestCase.fail("Wrong User-ID", description, lookupMail, directoryStructure); } + private TestCase unboundUserId(WkdDirectoryStructure directoryStructure) throws Exception { + String lookupMail = "unbound-userid@" + domain; + String userId = "WKD-Test Unbound User-ID <" + lookupMail + ">"; + String description = "Certificate has a single User-ID '" + userId + "' without binding signature."; + PGPPublicKeyRing publicKeys = certificate(userId); + + Iterator keyIterator = publicKeys.iterator(); + PGPPublicKey primaryKey = keyIterator.next(); + Iterator bindingSigs = primaryKey.getSignaturesForID(userId); + while (bindingSigs.hasNext()) { + primaryKey = PGPPublicKey.removeCertification(primaryKey, userId, bindingSigs.next()); + } + + List keys = new ArrayList<>(); + keys.add(primaryKey); + while (keyIterator.hasNext()) { + keys.add(keyIterator.next()); + } + + PGPPublicKeyRing certificateWithoutUserIdBinding = new PGPPublicKeyRing(keys); + writeDataFor(lookupMail, directoryStructure, new DataSink() { + @Override + public void write(OutputStream outputStream) throws IOException { + certificateWithoutUserIdBinding.encode(outputStream); + } + }); + + return TestCase.fail("Unbound UserId", description, lookupMail, directoryStructure); + } + private TestCase noUserId(WkdDirectoryStructure directoryStructure) throws Exception { String lookupMail = "absent-userid@" + domain; String description = "Certificate has no user-id, but is deposited for mail address '" + lookupMail + "'.";