@Test
public void testPromoteDivert() throws Exception {
PromoteKeyOperation op =
new PromoteKeyOperation(
RuntimeEnvironment.application,
new ProviderHelper(RuntimeEnvironment.application),
null,
null);
byte[] aid = Hex.decode("D2760001240102000000012345670000");
PromoteKeyResult result =
op.execute(new PromoteKeyringParcel(mStaticRing.getMasterKeyId(), aid, null), null);
Assert.assertTrue("promotion must succeed", result.success());
{
CanonicalizedSecretKeyRing ring =
new ProviderHelper(RuntimeEnvironment.application)
.getCanonicalizedSecretKeyRing(mStaticRing.getMasterKeyId());
for (CanonicalizedSecretKey key : ring.secretKeyIterator()) {
Assert.assertEquals(
"all subkeys must be divert-to-card",
SecretKeyType.DIVERT_TO_CARD,
key.getSecretKeyTypeSuperExpensive());
Assert.assertArrayEquals("all subkeys must have correct iv", aid, key.getIv());
}
}
}
@Test
public void testPromoteDivertSpecific() throws Exception {
PromoteKeyOperation op =
new PromoteKeyOperation(
RuntimeEnvironment.application,
new ProviderHelper(RuntimeEnvironment.application),
null,
null);
byte[] aid = Hex.decode("D2760001240102000000012345670000");
// only promote the first, rest stays dummy
long keyId = KeyringTestingHelper.getSubkeyId(mStaticRing, 1);
PromoteKeyResult result =
op.execute(
new PromoteKeyringParcel(mStaticRing.getMasterKeyId(), aid, new long[] {keyId}), null);
Assert.assertTrue("promotion must succeed", result.success());
{
CanonicalizedSecretKeyRing ring =
new ProviderHelper(RuntimeEnvironment.application)
.getCanonicalizedSecretKeyRing(mStaticRing.getMasterKeyId());
for (CanonicalizedSecretKey key : ring.secretKeyIterator()) {
if (key.getKeyId() == keyId) {
Assert.assertEquals(
"subkey must be divert-to-card",
SecretKeyType.DIVERT_TO_CARD,
key.getSecretKeyTypeSuperExpensive());
Assert.assertArrayEquals("subkey must have correct iv", aid, key.getIv());
} else {
Assert.assertEquals(
"some subkeys must be gnu dummy",
SecretKeyType.GNU_DUMMY,
key.getSecretKeyTypeSuperExpensive());
}
}
}
}
@Test
public void testImportDivertToCard() throws Exception {
UncachedKeyRing sec = readRingFromResource("/test-keys/divert_to_card_sec.asc");
long keyId = sec.getMasterKeyId();
SaveKeyringResult result;
result = mProviderHelper.saveSecretKeyRing(sec, new ProgressScaler());
Assert.assertTrue("import of secret keyring should succeed", result.success());
// make sure both the CanonicalizedSecretKeyRing as well as the CachedPublicKeyRing correctly
// indicate the secret key type
CachedPublicKeyRing cachedRing = mProviderHelper.getCachedPublicKeyRing(keyId);
CanonicalizedSecretKeyRing secRing = mProviderHelper.getCanonicalizedSecretKeyRing(keyId);
Iterator<CanonicalizedSecretKey> it = secRing.secretKeyIterator().iterator();
{ // first subkey
Assert.assertTrue("keyring should have 3 subkeys (1)", it.hasNext());
CanonicalizedSecretKey key = it.next();
Assert.assertEquals(
"first subkey should be of type sign+certify",
KeyFlags.CERTIFY_OTHER | KeyFlags.SIGN_DATA,
(int) key.getKeyUsage());
Assert.assertEquals(
"first subkey should be divert-to-card",
SecretKeyType.DIVERT_TO_CARD,
key.getSecretKeyType());
Assert.assertTrue("canCertify() should be true", key.canCertify());
Assert.assertTrue("canSign() should be true", key.canSign());
// cached
Assert.assertEquals(
"all subkeys from CachedPublicKeyRing should be divert-to-key",
SecretKeyType.DIVERT_TO_CARD,
cachedRing.getSecretKeyType(key.getKeyId()));
}
{ // second subkey
Assert.assertTrue("keyring should have 3 subkeys (2)", it.hasNext());
CanonicalizedSecretKey key = it.next();
Assert.assertEquals(
"second subkey should be of type authenticate",
KeyFlags.AUTHENTICATION,
(int) key.getKeyUsage());
Assert.assertEquals(
"second subkey should be divert-to-card",
SecretKeyType.DIVERT_TO_CARD,
key.getSecretKeyType());
Assert.assertTrue("canAuthenticate() should be true", key.canAuthenticate());
// cached
Assert.assertEquals(
"all subkeys from CachedPublicKeyRing should be divert-to-key",
SecretKeyType.DIVERT_TO_CARD,
cachedRing.getSecretKeyType(key.getKeyId()));
}
{ // third subkey
Assert.assertTrue("keyring should have 3 subkeys (3)", it.hasNext());
CanonicalizedSecretKey key = it.next();
Assert.assertEquals(
"first subkey should be of type encrypt (both types)",
KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE,
(int) key.getKeyUsage());
Assert.assertEquals(
"third subkey should be divert-to-card",
SecretKeyType.DIVERT_TO_CARD,
key.getSecretKeyType());
Assert.assertTrue("canEncrypt() should be true", key.canEncrypt());
// cached
Assert.assertEquals(
"all subkeys from CachedPublicKeyRing should be divert-to-key",
SecretKeyType.DIVERT_TO_CARD,
cachedRing.getSecretKeyType(key.getKeyId()));
}
Assert.assertFalse("keyring should have 3 subkeys (4)", it.hasNext());
}