package org.pgpainless.key.generation;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.util.io.Streams;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.DocumentSignatureType;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.decryption_verification.ConsumerOptions;
import org.pgpainless.decryption_verification.DecryptionStream;
import org.pgpainless.decryption_verification.MessageMetadata;
import org.pgpainless.decryption_verification.OpenPgpMessageInputStreamTest;
import org.pgpainless.encryption_signing.EncryptionOptions;
import org.pgpainless.encryption_signing.EncryptionStream;
import org.pgpainless.encryption_signing.ProducerOptions;
import org.pgpainless.encryption_signing.SigningOptions;
import org.pgpainless.exception.KeyException;
import org.pgpainless.key.TestKeys;
import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.key.generation.type.eddsa_legacy.EdDSALegacyCurve;
import org.pgpainless.key.generation.type.xdh_legacy.XDHLegacySpec;
import org.pgpainless.key.info.KeyRingInfo;
import org.pgpainless.key.protection.SecretKeyRingProtector;

/* loaded from: input_file:org/pgpainless/key/generation/GenerateKeyWithoutPrimaryKeyFlagsTest.class */
public class GenerateKeyWithoutPrimaryKeyFlagsTest {
    @Test
    public void generateKeyWithoutCertifyKeyFlag_cannotCertifyThirdParties() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
        PGPSecretKeyRing build = PGPainless.buildKeyRing().setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), new KeyFlag[0])).addSubkey(KeySpec.getBuilder(KeyType.EDDSA_LEGACY(EdDSALegacyCurve._Ed25519), new KeyFlag[]{KeyFlag.SIGN_DATA})).addSubkey(KeySpec.getBuilder(KeyType.XDH_LEGACY(XDHLegacySpec._X25519), new KeyFlag[]{KeyFlag.ENCRYPT_STORAGE, KeyFlag.ENCRYPT_COMMS})).addUserId("Alice").build();
        PGPPublicKeyRing extractCertificate = PGPainless.extractCertificate(build);
        KeyRingInfo inspectKeyRing = PGPainless.inspectKeyRing(build);
        Assertions.assertTrue(inspectKeyRing.getValidUserIds().contains("Alice"));
        long keyId = inspectKeyRing.getKeyId();
        Assertions.assertTrue(inspectKeyRing.getKeyFlagsOf("Alice").isEmpty());
        Assertions.assertTrue(inspectKeyRing.getKeyFlagsOf(keyId).isEmpty());
        Assertions.assertFalse(inspectKeyRing.isUsableForThirdPartyCertification());
        PGPPublicKeyRing cryptiePublicKeyRing = TestKeys.getCryptiePublicKeyRing();
        Assertions.assertThrows(KeyException.UnacceptableThirdPartyCertificationKeyException.class, () -> {
            PGPainless.certify().certificate(cryptiePublicKeyRing).withKey(build, SecretKeyRingProtector.unprotectedKeys());
        });
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        EncryptionStream withOptions = PGPainless.encryptAndOrSign().onOutputStream(byteArrayOutputStream).withOptions(ProducerOptions.signAndEncrypt(EncryptionOptions.get().addRecipient(extractCertificate), SigningOptions.get().addInlineSignature(SecretKeyRingProtector.unprotectedKeys(), build, DocumentSignatureType.BINARY_DOCUMENT)));
        withOptions.write(OpenPgpMessageInputStreamTest.PLAINTEXT.getBytes(StandardCharsets.UTF_8));
        withOptions.close();
        Assertions.assertTrue(withOptions.getResult().isEncryptedFor(extractCertificate));
        DecryptionStream withOptions2 = PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).withOptions(ConsumerOptions.get().addDecryptionKey(build).addVerificationCert(extractCertificate));
        Streams.pipeAll(withOptions2, new ByteArrayOutputStream());
        withOptions2.close();
        MessageMetadata metadata = withOptions2.getMetadata();
        Assertions.assertTrue(metadata.isEncryptedFor(extractCertificate));
        Assertions.assertTrue(metadata.isVerifiedSignedBy(extractCertificate));
    }
}
