From b6916a9b40ab6edf6396471a966c455f6054da74 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Thu, 2 Oct 2014 19:25:20 +0200 Subject: [PATCH] add test case for stripped master key, correct signing subkey should still be selected --- .../provider/ProviderHelperSaveTest.java | 40 +++++++++++-- .../resources/test-keys/stripped_flags.asc | 60 +++++++++++++++++++ 2 files changed, 95 insertions(+), 5 deletions(-) create mode 100644 OpenKeychain-Test/src/test/resources/test-keys/stripped_flags.asc diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/provider/ProviderHelperSaveTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/provider/ProviderHelperSaveTest.java index 3dc107daa..a47d57a69 100644 --- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/provider/ProviderHelperSaveTest.java +++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/provider/ProviderHelperSaveTest.java @@ -89,14 +89,12 @@ public class ProviderHelperSaveTest { CachedPublicKeyRing cachedRing = mProviderHelper.getCachedPublicKeyRing(keyId); CanonicalizedPublicKeyRing pubRing = mProviderHelper.getCanonicalizedPublicKeyRing(keyId); - Assert.assertEquals("master key should be signing key", pubRing.getSignId(), keyId); - Assert.assertEquals("master key should be signing key (cached)", cachedRing.getSignId(), keyId); - Assert.assertEquals("master key should be encryption key", pubRing.getEncryptId(), keyId); - Assert.assertEquals("master key should be signing key (cached)", cachedRing.getEncryptId(), keyId); + Assert.assertEquals("master key should be encryption key", keyId, pubRing.getEncryptId()); + Assert.assertEquals("master key should be encryption key (cached)", keyId, cachedRing.getEncryptId()); Assert.assertNull("canonicalized key flags should be null", pubRing.getPublicKey().getKeyUsage()); Assert.assertTrue("master key should be able to certify", pubRing.getPublicKey().canCertify()); - Assert.assertTrue("master key should be able to sign", pubRing.getPublicKey().canSign()); + Assert.assertTrue("master key should be allowed to sign", pubRing.getPublicKey().canSign()); Assert.assertTrue("master key should be able to encrypt", pubRing.getPublicKey().canEncrypt()); } @@ -188,6 +186,38 @@ public class ProviderHelperSaveTest { Assert.assertTrue("import of the badly encoded user id should succeed", found); } + @Test + /** Tests a master key which may sign, but is stripped. In this case, if there is a different + * subkey available which can sign, that one should be selected. + */ + public void testImportStrippedFlags() throws Exception { + + UncachedKeyRing key = readRingFromResource("/test-keys/stripped_flags.asc"); + long masterKeyId = key.getMasterKeyId(); + + SaveKeyringResult result; + + result = mProviderHelper.saveSecretKeyRing(key, new ProgressScaler()); + Assert.assertTrue("import of keyring should succeed", result.success()); + + long signId; + { + CanonicalizedSecretKeyRing ring = mProviderHelper.getCanonicalizedSecretKeyRing(masterKeyId); + Assert.assertTrue("master key should have sign flag", ring.getPublicKey().canSign()); + Assert.assertTrue("master key should have encrypt flag", ring.getPublicKey().canEncrypt()); + + signId = ring.getSecretSignId(); + Assert.assertNotEquals("encrypt id should not be 0", 0, signId); + Assert.assertNotEquals("encrypt key should be different from master key", masterKeyId, signId); + } + + { + CachedPublicKeyRing ring = mProviderHelper.getCachedPublicKeyRing(masterKeyId); + Assert.assertEquals("signing key should be same id cached as uncached", signId, ring.getSecretSignId()); + } + + } + UncachedKeyRing readRingFromResource(String name) throws Exception { return UncachedKeyRing.fromStream(ProviderHelperSaveTest.class.getResourceAsStream(name)).next(); } diff --git a/OpenKeychain-Test/src/test/resources/test-keys/stripped_flags.asc b/OpenKeychain-Test/src/test/resources/test-keys/stripped_flags.asc new file mode 100644 index 000000000..0f4728297 --- /dev/null +++ b/OpenKeychain-Test/src/test/resources/test-keys/stripped_flags.asc @@ -0,0 +1,60 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- + +lQIVBFQtfsYBEADhyTqxezePQuP9PCmzdXYavyaaBPCJLpfNhrufe++7xMmkIzGO +l7X8hVrrnqhRs1pVe/rpaSJ8iUVpsMN2BWRrrsmpysf/idjE4OXDGvA5dCRJOhqy +waHA7dO94x2mvcUCVWo5V4cu5+Qv2GejhorPsTNuXXUZrFKWSgEwLpg9lY7M39wB +1SIeQLxMLwixCod87b0A0p9UBCU+QeBx4WFl0NPE3qneQgmFe1Idk6nfwSZFEfYM +6iWepEzhv3GQjdNfXZxLIPqeo4Jowen53HlYYNp/d5fIOpyJ7FxWsutltcGA4GrD +FSfhi/Wh+1/KKwRwCqhFQEZIQjWbmaiQlf3anERfL8Dy+WWiJmZt9W4TDZGY+3Ay +3nDyqVHZJVo4gE+BUiNdx6oITM/mhwVJYpaOnHGMAmWz0Nj0OO5pa86Un/V25gaG +/lmpkvrzHeTpM109xHJt4/WBWt+gUClDd32KCVaSx1b+ECagAf/PJJWpbQspLsNq +DwJCyE8pYnGcoChIVIAPvE5wrAH890FgE43f0utlYW13vp76TXSwuk18XYYCglMl +zuOTFSOkOEflZP4UvJTTjlHoKMJ+iOW4yIS+vvt9jCIYAGp6Fso4pcjakTZ1iSSD +j5QN0ybcJHxKN+fSXZspuW2LijK8aZS2xhWjWwhWJWMDvl5pu9Nx5u4SwwARAQAB +/wNlAkdOVQG0FVN0cmlwcGVkIFRlc3QgPHhAeS56PokCNwQTAQoAIQULCQgHAwYV +CgkLCAMEFgIDAQIZAQWCVC1+xgKeAQKbDwAKCRCf3UpNJ7bxZ9GDEADDEsKrTKvz +c1H6MbBNqsKOWI6Wc8D5MgggphuBmZwXP1FSYVsYTf9UMFsjrlE/JoFr4Yfjslav +ywxbC5Vr74OAL7r25n9MuH7V8xcL14vDssbuIB/aOEmjOkHS2bRgR3hzkGfCSo5Y +zb+uGZrYyJ+72FlTIbV3xAGtX+jYCVXCfzxuavmR5OlVFIWE4d/3sWFmyJG85Twh +9JAl66eP+OK5UbfP1Y01SFmSR/g6Rb0splNq9BOSiurr/cs4z57lDNOheE10UODe +TWtZLuwwy9+ajy1cCPAHtHZIx17d5VFc0I1u2UFoPq3HCQX+PNS8Maq2Nl83ZQNk +z8+k1ZF58ojRgc5KX/wNI6t+aYZQCwEzzTiHAYxkQu8nvCC9M2QnU/LF5uHJyVi8 +QlVCwiuLqwV0PnNBdaLysNpeAZ7B21DA/cwliphOiK8qTIHwbTQvaOTzuahPizt9 +zCDzdzgrNu4RmJmscvh/PQHZTU4wpX3q0Vx/BpZdEIHFCJ0NnHwfXk2uXkbbwQnA +6mvdtGteCL0ffEnjIbKPkjJ8qgWGVrIQP5XrJFTmHBHTdrA4sSCBRm7R0TtmBcOt +JZhUXwPqpfZCcik5BYpptskwwi9J+Di3caCcYFak6xOe0hrYTBOtP3Ztca64hTzW +Q66EYC4TOIqj0Cp5RFXKc6blIcCymbDvI5ylBFQtfscTCCqGSM49AwEHAgMENK58 +neORF9s3/idis8T/u45bCa5Az5hcNlrgX+UFcNoVBESsoIaJT/EGN+8/wIJgIsvo +dUMQXrLvoLuZKw0wzv4JAwha337PCMiUiZDitD0nW3W1nso1Cilb/DmAXfxkZ6zh +D+CU6Km3w3BcIChFQW8R/J+b598UQuq0dhtgg527pxveEfOCPhLwLKAAtBtOCUHU +iQJ/BBgBCgAJBYJULX7HApsCAGoJEJ/dSk0ntvFnX6AEGRMKAAYFAlQtfscACgkQ +tRqCgorJb7ZqQQEAoUsJ5P8GSiLriVSMPqNaFjjL/RBQ6ITwj8SaOyheJicA/1mJ +f1XqAae/Bf9I6Dn5km7RQ6Z9wjL43w/N/E6mIhvgFswP/jv93r0JomWcXienLxQw +2scLjwTH/BpIrf9vGLyzlfkh1T+S3roM2Ul3j5Kc7ycaumMgKNxJpBpMjnpn4Unr +pq0P7oVtjonKs53UqfVUl+/ZNuYG1vqEVH5clW1QL4Xvir6bOM4TXHOXvWQozy5w +z9A5gkzWMMNnXov60J7o7QHbZOBgzsLLvXmP/HiXJoS95RLW8/yHH2I5hBkSbkqm +NIE7g/gD2diVACy/mEmmVmkmdDRnBzknicxoSi1z2r9OrEgDlGeX4iRlgwTVKXf0 +t65wh8fc0tBuPggZrw2mdI8CGDhvDzaQLbwf549XbBgaggAIBzne0V7LsqXDHp5m +qQx7j7WaLuhcv0DkHcTDxXa48Xt4Auhzw64VxqzaleLrsdv0klCmIM+oxZWND2pZ ++VK2pouFNGALJJcbt4sgaX9BkhKqJgW8Rtc7l5OqsqAt7WlmHbOn1E4b6lGAXftH +pX59k3LzVX+KHdIdUhXm0bShEa4GhiQLrP1pMJ1js+JWir3r4uHHwDRM1jt/n899 +llGnGpz/SmyMSLeQ9LjJK7Pt8JcLmK5SKj3FUrl1+Aa+KQNLDJGOvx8cjcFd09p0 +UHi2zF8YbnXbFmj50OVGvFkUbLhYY11t3JLrnLNug2CkcygL40FbBszjrcJxMucJ ++ZSMgM4OkWsqtqRmU4WtGFIQnKkEVC1+xxIIKoZIzj0DAQcCAwTVE/OsK5w9j1Wl +R2U2KtBTCPpc+ED3niUS63kKawp7pudX4BJqnbXwX4DqnMA+iMYX9rPvXymAyjT/ +yEhfGlaHAwEIB/4JAwha337PCMiUiZAtspy93vg+lA7XwKz0K4zScQRW0JiFWEp0 +j8BdiH3B5TOuTD+D5HMhx2hxek/DtW337zQbh5SS0RFckCYOK/qa1qysCNhgiQIf +BBgBCgAJBYJULX7HApsMAAoJEJ/dSk0ntvFnMbYQAJgXLnV7d3xv6hJlCOI8A9Wk +qt5aF032hzsQzd+lhSb1kveuEt07XNZ07Plj/MOdrdNduqVMqJ21A3Pqo1iUr6PC +B+co/BGqUmbkx+16Ebj20SKb48xeHrFtQZb3ciDMzcixXY8pfeFUdb7O2M/3NURV +caDuU4e3FW+eNOnTriW8beRkC2FYud+kMiLfbYT76MufVLERQN94x0T0OCrCI7nQ +GfM8lxgRVJ4hoTygadlv19LCq16wGCVFKIPw/DtFcavkdoN3TboNh/aHia6moKR1 +RSC6II9IcKLMSbnqZdBIJpqpXJIbkCgAOV6Fr3blVg/sub2Mpe9XRT879sO1I8sf +vAP1VI+/I3WE3mZyelJ8xQlR6t81upfpN29DGfKq/194P/mq8b8LYcvO6xdVNkUl +2ZO4ojqY0PBdiFG0VMeGLgzmuxROYVCNV66hg9GvbVPnILFreL4RHy+mDPBa1XQW +YsxIrz1wElOud2HjSLIHdwDEiNuqqQEY4yEmRaD0ULmRXTWINvcMz6mQ3343Np1z +s4ppb6W4OJoVnkW8OIQzTJaPHIItTfLLQFLSWf8L00FVOsV3WtauCO9B688H5JNw +RMmNFoqHMKmplEveTG1beRBRZ7UaLJXh9mO96nS1G1YRTPv5+BWRf9ZhKxoat3GN +9uUAwtb1XXM6DVP1glMx +=kEZ2 +-----END PGP PRIVATE KEY BLOCK-----