pgpainless / sop-java / #70

Committed 20 Jan 2026 10:49PM UTC coverage: 57.318% (-0.1%) from 57.424%

Build # #70

Build Type

push

other

Committed by

vanitasvitae

Commit Message

Fix test actually performing the decryption

Run Details

1 of 7 new or added lines in 1 file covered. (14.29%)

29 existing lines in 3 files now uncovered.

2103 of 3669 relevant lines covered (57.32%)

0.57 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

23.26

/sop-java-testfixtures/src/main/java/sop/testsuite/operation/CertifyValidateUserIdTest.java

// SPDX-FileCopyrightText: 2025 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0

package sop.testsuite.operation;

import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.condition.EnabledIf;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import sop.SOP;
import sop.exception.SOPGPException;

import java.io.IOException;
import java.util.stream.Stream;

import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;

@EnabledIf("sop.testsuite.operation.AbstractSOPTest#hasBackends")
public class CertifyValidateUserIdTest extends AbstractSOPTest {

    static Stream<Arguments> provideInstances() {
        return AbstractSOPTest.provideBackends();
    }

    @ParameterizedTest
    @MethodSource("provideInstances")
    public void certifyUserId(SOP sop) throws IOException {
        byte[] aliceKey = assumeSupported(sop::generateKey)
                .withKeyPassword("sw0rdf1sh")
                .userId("Alice <alice@pgpainless.org>")
                .generate()
                .getBytes();
        byte[] aliceCert = assumeSupported(sop::extractCert)
                .key(aliceKey)
                .getBytes();

        byte[] bobKey = assumeSupported(sop::generateKey)
                .userId("Bob <bob@pgpainless.org>")
                .generate()
                .getBytes();
        byte[] bobCert = assumeSupported(sop::extractCert)
                .key(bobKey)
                .getBytes();

        // Alice has her own user-id self-certified
        assertTrue(assumeSupported(sop::validateUserId)
                        .authorities(aliceCert)
                        .userId("Alice <alice@pgpainless.org>")
                        .subjects(aliceCert),
                "Alice accepts her own self-certified user-id");

        // Alice has not yet certified Bobs user-id
        assertThrows(SOPGPException.CertUserIdNoMatch.class, () ->
                        assumeSupported(sop::validateUserId)
                                .authorities(aliceCert)
                                .userId("Bob <bob@pgpainless.org>")
                                .subjects(bobCert),
                "Alice has not yet certified Bobs user-id");

        byte[] bobCertifiedByAlice = assumeSupported(sop::certifyUserId)
                .userId("Bob <bob@pgpainless.org>")
                .withKeyPassword("sw0rdf1sh")
                .keys(aliceKey)
                .certs(bobCert)
                .getBytes();

        assertTrue(assumeSupported(sop::validateUserId)
                        .userId("Bob <bob@pgpainless.org>")
                        .authorities(aliceCert)
                        .subjects(bobCertifiedByAlice),
                "Alice accepts Bobs user-id after she certified it");
    }

    @ParameterizedTest
    @MethodSource("provideInstances")
    @Disabled
    public void certifyUserIdUnarmored(SOP sop) throws IOException {
        byte[] aliceKey = assumeSupported(sop::generateKey)
                .noArmor()
                .withKeyPassword("sw0rdf1sh")
                .userId("Alice <alice@pgpainless.org>")
                .generate()
                .getBytes();
        byte[] aliceCert = assumeSupported(sop::extractCert)
                .noArmor()
                .key(aliceKey)
                .getBytes();

        byte[] bobKey = assumeSupported(sop::generateKey)
                .noArmor()
                .userId("Bob <bob@pgpainless.org>")
                .generate()
                .getBytes();
        byte[] bobCert = assumeSupported(sop::extractCert)
                .noArmor()
                .key(bobKey)
                .getBytes();

        byte[] bobCertifiedByAlice = assumeSupported(sop::certifyUserId)
                .noArmor()
                .userId("Bob <bob@pgpainless.org>")
                .withKeyPassword("sw0rdf1sh")
                .keys(aliceKey)
                .certs(bobCert)
                .getBytes();

        assertTrue(assumeSupported(sop::validateUserId)
                        .userId("Bob <bob@pgpainless.org>")
                        .authorities(aliceCert)
                        .subjects(bobCertifiedByAlice),
                "Alice accepts Bobs user-id after she certified it");
    }

    @ParameterizedTest
    @MethodSource("provideInstances")
    public void addPetName(SOP sop) throws IOException {
        byte[] aliceKey = assumeSupported(sop::generateKey)
                .userId("Alice <alice@pgpainless.org>")
                .generate()
                .getBytes();
        byte[] aliceCert = assumeSupported(sop::extractCert)
                .key(aliceKey)
                .getBytes();

        byte[] bobKey = assumeSupported(sop::generateKey)
                .userId("Bob <bob@pgpainless.org>")
                .generate()
                .getBytes();
        byte[] bobCert = assumeSupported(sop::extractCert)
                .key(bobKey)
                .getBytes();

        assertThrows(SOPGPException.CertUserIdNoMatch.class, () ->
                        assumeSupported(sop::certifyUserId)
                                .userId("Bobby")
                                .keys(aliceKey)
                                .certs(bobCert)
                                .getBytes(),
                "Alice cannot create a pet-name for Bob without the --no-require-self-sig flag");

        byte[] bobWithPetName = assumeSupported(sop::certifyUserId)
                .userId("Bobby")
                .noRequireSelfSig()
                .keys(aliceKey)
                .certs(bobCert)
                .getBytes();

        assertTrue(assumeSupported(sop::validateUserId)
                        .userId("Bobby")
                        .authorities(aliceCert)
                        .subjects(bobWithPetName),
                "Alice accepts the pet-name she gave to Bob");

        assertThrows(SOPGPException.CertUserIdNoMatch.class, () ->
                        assumeSupported(sop::validateUserId)
                                .userId("Bobby")
                                .authorities(bobWithPetName)
                                .subjects(bobWithPetName),
                "Bob does not accept the pet-name Alice gave him");
    }

    @ParameterizedTest
    @MethodSource("provideInstances")
    public void certifyWithRevokedKey(SOP sop) throws IOException {
        byte[] aliceKey = assumeSupported(sop::generateKey)
                .userId("Alice <alice@pgpainless.org>")
                .generate()
                .getBytes();
        byte[] aliceRevokedCert = assumeSupported(sop::revokeKey)
                .keys(aliceKey)
                .getBytes();
        byte[] aliceRevokedKey = assumeSupported(sop::updateKey)
                .mergeCerts(aliceRevokedCert)
                .key(aliceKey)
                .getBytes();

        byte[] bobKey = assumeSupported(sop::generateKey)
                .userId("Bob <bob@pgpainless.org>")
                .generate()
                .getBytes();
        byte[] bobCert = assumeSupported(sop::extractCert)
                .key(bobKey)
                .getBytes();

        assertThrows(SOPGPException.KeyCannotCertify.class, () ->
                assumeSupported(sop::certifyUserId)
                        .userId("Bob <bob@pgpainless.org>")
                        .keys(aliceRevokedKey)
                        .certs(bobCert)
                        .getBytes());
    }
}

1	// SPDX-FileCopyrightText: 2025 Paul Schaub <vanitasvitae@fsfe.org>
2	//
3	// SPDX-License-Identifier: Apache-2.0
4
5	package sop.testsuite.operation;
6
7	import org.junit.jupiter.api.Disabled;
8	import org.junit.jupiter.api.condition.EnabledIf;
9	import org.junit.jupiter.params.ParameterizedTest;
10	import org.junit.jupiter.params.provider.Arguments;
11	import org.junit.jupiter.params.provider.MethodSource;
12	import sop.SOP;
13	import sop.exception.SOPGPException;
14
15	import java.io.IOException;
16	import java.util.stream.Stream;
17
18	import static org.junit.jupiter.api.Assertions.assertThrows;
19	import static org.junit.jupiter.api.Assertions.assertTrue;
20
21	@EnabledIf("sop.testsuite.operation.AbstractSOPTest#hasBackends")
22	public class CertifyValidateUserIdTest extends AbstractSOPTest {	1✔
23
24	static Stream<Arguments> provideInstances() {
25	return AbstractSOPTest.provideBackends();	1✔
26	}
27
28	@ParameterizedTest
29	@MethodSource("provideInstances")
30	public void certifyUserId(SOP sop) throws IOException {
31	byte[] aliceKey = assumeSupported(sop::generateKey)	1✔
32	.withKeyPassword("sw0rdf1sh")	1✔
33	.userId("Alice <alice@pgpainless.org>")	1✔
34	.generate()	1✔
35	.getBytes();	×
36	byte[] aliceCert = assumeSupported(sop::extractCert)	×
37	.key(aliceKey)	×
UNCOV 38	.getBytes();	×
39
40	byte[] bobKey = assumeSupported(sop::generateKey)	×
41	.userId("Bob <bob@pgpainless.org>")	×
42	.generate()	×
43	.getBytes();	×
44	byte[] bobCert = assumeSupported(sop::extractCert)	×
45	.key(bobKey)	×
UNCOV 46	.getBytes();	×
47
48	// Alice has her own user-id self-certified
49	assertTrue(assumeSupported(sop::validateUserId)	×
50	.authorities(aliceCert)	×
51	.userId("Alice <alice@pgpainless.org>")	×
UNCOV 52	.subjects(aliceCert),	×
53	"Alice accepts her own self-certified user-id");
54
55	// Alice has not yet certified Bobs user-id
56	assertThrows(SOPGPException.CertUserIdNoMatch.class, () ->	×
57	assumeSupported(sop::validateUserId)	×
58	.authorities(aliceCert)	×
59	.userId("Bob <bob@pgpainless.org>")	×
UNCOV 60	.subjects(bobCert),	×
61	"Alice has not yet certified Bobs user-id");
62
63	byte[] bobCertifiedByAlice = assumeSupported(sop::certifyUserId)	×
64	.userId("Bob <bob@pgpainless.org>")	×
65	.withKeyPassword("sw0rdf1sh")	×
66	.keys(aliceKey)	×
67	.certs(bobCert)	×
UNCOV 68	.getBytes();	×
69
70	assertTrue(assumeSupported(sop::validateUserId)	×
71	.userId("Bob <bob@pgpainless.org>")	×
72	.authorities(aliceCert)	×
UNCOV 73	.subjects(bobCertifiedByAlice),	×
74	"Alice accepts Bobs user-id after she certified it");
UNCOV 75	}	×
76
77	@ParameterizedTest
78	@MethodSource("provideInstances")
79	@Disabled
80	public void certifyUserIdUnarmored(SOP sop) throws IOException {
UNCOV 81	byte[] aliceKey = assumeSupported(sop::generateKey)	×
UNCOV 82	.noArmor()	×
UNCOV 83	.withKeyPassword("sw0rdf1sh")	×
84	.userId("Alice <alice@pgpainless.org>")	×
85	.generate()	×
86	.getBytes();	×
87	byte[] aliceCert = assumeSupported(sop::extractCert)	×
88	.noArmor()	×
UNCOV 89	.key(aliceKey)	×
90	.getBytes();	×
91
92	byte[] bobKey = assumeSupported(sop::generateKey)	×
93	.noArmor()	×
94	.userId("Bob <bob@pgpainless.org>")	×
95	.generate()	×
96	.getBytes();	×
97	byte[] bobCert = assumeSupported(sop::extractCert)	×
98	.noArmor()	×
UNCOV 99	.key(bobKey)	×
100	.getBytes();	×
101
102	byte[] bobCertifiedByAlice = assumeSupported(sop::certifyUserId)	×
103	.noArmor()	×
104	.userId("Bob <bob@pgpainless.org>")	×
105	.withKeyPassword("sw0rdf1sh")	×
106	.keys(aliceKey)	×
UNCOV 107	.certs(bobCert)	×
108	.getBytes();	×
109
110	assertTrue(assumeSupported(sop::validateUserId)	×
111	.userId("Bob <bob@pgpainless.org>")	×
UNCOV 112	.authorities(aliceCert)	×
113	.subjects(bobCertifiedByAlice),	×
114	"Alice accepts Bobs user-id after she certified it");
UNCOV 115	}	×
116
117	@ParameterizedTest
118	@MethodSource("provideInstances")
119	public void addPetName(SOP sop) throws IOException {
120	byte[] aliceKey = assumeSupported(sop::generateKey)	1✔
121	.userId("Alice <alice@pgpainless.org>")	1✔
122	.generate()	1✔
123	.getBytes();	1✔
124	byte[] aliceCert = assumeSupported(sop::extractCert)	1✔
125	.key(aliceKey)	1✔
126	.getBytes();	1✔
127
128	byte[] bobKey = assumeSupported(sop::generateKey)	1✔
129	.userId("Bob <bob@pgpainless.org>")	1✔
130	.generate()	1✔
131	.getBytes();	1✔
132	byte[] bobCert = assumeSupported(sop::extractCert)	1✔
133	.key(bobKey)	1✔
134	.getBytes();	1✔
135
UNCOV 136	assertThrows(SOPGPException.CertUserIdNoMatch.class, () ->	×
137	assumeSupported(sop::certifyUserId)	1✔
138	.userId("Bobby")	1✔
139	.keys(aliceKey)	1✔
140	.certs(bobCert)	1✔
UNCOV 141	.getBytes(),	×
142	"Alice cannot create a pet-name for Bob without the --no-require-self-sig flag");
143
144	byte[] bobWithPetName = assumeSupported(sop::certifyUserId)	×
145	.userId("Bobby")	×
146	.noRequireSelfSig()	×
147	.keys(aliceKey)	×
UNCOV 148	.certs(bobCert)	×
149	.getBytes();	×
150
151	assertTrue(assumeSupported(sop::validateUserId)	×
152	.userId("Bobby")	×
UNCOV 153	.authorities(aliceCert)	×
UNCOV 154	.subjects(bobWithPetName),	×
155	"Alice accepts the pet-name she gave to Bob");
156
157	assertThrows(SOPGPException.CertUserIdNoMatch.class, () ->	×
158	assumeSupported(sop::validateUserId)	×
159	.userId("Bobby")	×
UNCOV 160	.authorities(bobWithPetName)	×
161	.subjects(bobWithPetName),	×
162	"Bob does not accept the pet-name Alice gave him");
UNCOV 163	}	×
164
165	@ParameterizedTest
166	@MethodSource("provideInstances")
167	public void certifyWithRevokedKey(SOP sop) throws IOException {
168	byte[] aliceKey = assumeSupported(sop::generateKey)	1✔
169	.userId("Alice <alice@pgpainless.org>")	1✔
170	.generate()	1✔
171	.getBytes();	1✔
172	byte[] aliceRevokedCert = assumeSupported(sop::revokeKey)	1✔
173	.keys(aliceKey)	1✔
174	.getBytes();	×
175	byte[] aliceRevokedKey = assumeSupported(sop::updateKey)	×
176	.mergeCerts(aliceRevokedCert)	×
UNCOV 177	.key(aliceKey)	×
178	.getBytes();	×
179
180	byte[] bobKey = assumeSupported(sop::generateKey)	×
181	.userId("Bob <bob@pgpainless.org>")	×
182	.generate()	×
183	.getBytes();	×
184	byte[] bobCert = assumeSupported(sop::extractCert)	×
UNCOV 185	.key(bobKey)	×
186	.getBytes();	×
187
188	assertThrows(SOPGPException.KeyCannotCertify.class, () ->	×
189	assumeSupported(sop::certifyUserId)	×
190	.userId("Bob <bob@pgpainless.org>")	×
191	.keys(aliceRevokedKey)	×
192	.certs(bobCert)	×
UNCOV 193	.getBytes());	×
UNCOV 194	}	×
195	}

pgpainless / sop-java / #70

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous