We build too many walls and not enough bridges

pkg/pmapi/keyring_test.go

@@ -0,0 +1,94 @@
+// Copyright (c) 2020 Proton Technologies AG
+//
+// This file is part of ProtonMail Bridge.
+//
+// ProtonMail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// ProtonMail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with ProtonMail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package pmapi
+
+import (
+	"encoding/json"
+	"strings"
+	"sync"
+	"testing"
+
+	pmcrypto "github.com/ProtonMail/gopenpgp/crypto"
+	"github.com/stretchr/testify/assert"
+)
+
+func loadPMKeys(jsonKeys string) (keys *PMKeys) {
+	_ = json.Unmarshal([]byte(jsonKeys), &keys)
+	return
+}
+
+func TestPMKeys_GetKeyRingAndUnlock(t *testing.T) {
+	addrKeysWithTokens := loadPMKeys(readTestFile("keyring_addressKeysWithTokens_JSON", false))
+	addrKeysWithoutTokens := loadPMKeys(readTestFile("keyring_addressKeysWithoutTokens_JSON", false))
+	addrKeysPrimaryHasToken := loadPMKeys(readTestFile("keyring_addressKeysPrimaryHasToken_JSON", false))
+	addrKeysSecondaryHasToken := loadPMKeys(readTestFile("keyring_addressKeysSecondaryHasToken_JSON", false))
+
+	userKey, err := pmcrypto.ReadArmoredKeyRing(strings.NewReader(readTestFile("keyring_userKey", false)))
+	assert.NoError(t, err, "Expected not to receive an error unlocking user key")
+
+	type args struct {
+		userKeyring *pmcrypto.KeyRing
+		passphrase  []byte
+	}
+	tests := []struct {
+		name string
+		keys *PMKeys
+		args args
+	}{
+		{
+			name: "AddressKeys locked with tokens",
+			keys: addrKeysWithTokens,
+			args: args{userKeyring: userKey, passphrase: []byte("testpassphrase")},
+		},
+		{
+			name: "AddressKeys locked with passphrase, not tokens",
+			keys: addrKeysWithoutTokens,
+			args: args{userKeyring: userKey, passphrase: []byte("testpassphrase")},
+		},
+		{
+			name: "AddressKeys, primary locked with token, secondary with passphrase",
+			keys: addrKeysPrimaryHasToken,
+			args: args{userKeyring: userKey, passphrase: []byte("testpassphrase")},
+		},
+		{
+			name: "AddressKeys, primary locked with passphrase, secondary with token",
+			keys: addrKeysSecondaryHasToken,
+			args: args{userKeyring: userKey, passphrase: []byte("testpassphrase")},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tempLocker := &sync.Mutex{}
+
+			err := tt.keys.unlockKeyRing(tt.args.userKeyring, tt.args.passphrase, tempLocker) // nolint[scopelint]
+			if !assert.NoError(t, err) {
+				return
+			}
+
+			// assert at least one key has been decrypted
+			atLeastOneDecrypted := false
+			for _, e := range tt.keys.KeyRing.GetEntities() { // nolint[scopelint]
+				if !e.PrivateKey.Encrypted {
+					atLeastOneDecrypted = true
+					break
+				}
+			}
+			assert.True(t, atLeastOneDecrypted)
+		})
+	}
+}