From 73c2607f3c28e8ca26a807d6c1093a9cad6b7570 Mon Sep 17 00:00:00 2001
From: Danny Moesch <danny.moesch@icloud.com>
Date: Mon, 16 Sep 2019 21:35:07 +0200
Subject: [PATCH] Add test for issue #303

---
 passKitTests/Crypto/PGPAgentTest.swift | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/passKitTests/Crypto/PGPAgentTest.swift b/passKitTests/Crypto/PGPAgentTest.swift
index 248c2ef..d62c7ff 100644
--- a/passKitTests/Crypto/PGPAgentTest.swift
+++ b/passKitTests/Crypto/PGPAgentTest.swift
@@ -28,9 +28,9 @@ class PGPAgentTest: XCTestCase {
         super.tearDown()
     }
 
-    func basicEncryptDecrypt(using pgpAgent: PGPAgent) throws -> Data? {
+    func basicEncryptDecrypt(using pgpAgent: PGPAgent, requestPassphrase: () -> String = requestPGPKeyPassphrase) throws -> Data? {
         let encryptedData = try pgpAgent.encrypt(plainData: testData)
-        return try pgpAgent.decrypt(encryptedData: encryptedData, requestPGPKeyPassphrase: requestPGPKeyPassphrase)
+        return try pgpAgent.decrypt(encryptedData: encryptedData, requestPGPKeyPassphrase: requestPassphrase)
     }
 
     func testBasicEncryptDecrypt() throws {
@@ -97,6 +97,28 @@ class PGPAgentTest: XCTestCase {
         }
     }
 
+    func testNoDecryptionWithIncorrectPassphrase() throws {
+        try importKeys(RSA2048.publicKey, RSA2048.privateKey)
+
+        var passphraseRequestCalled = false
+        let provideCorrectPassphrase: () -> String = {
+            passphraseRequestCalled = true
+            return requestPGPKeyPassphrase()
+        }
+        XCTAssertEqual(try basicEncryptDecrypt(using: pgpAgent, requestPassphrase: provideCorrectPassphrase), testData)
+        XCTAssert(passphraseRequestCalled)
+
+        passphraseRequestCalled = false
+        let provideIncorrectPassphrase: () -> String = {
+            passphraseRequestCalled = true
+            return "incorrect passphrase"
+        }
+        XCTAssertThrowsError(try basicEncryptDecrypt(using: pgpAgent, requestPassphrase: provideIncorrectPassphrase)) {
+            XCTAssert($0.localizedDescription.contains("openpgp: invalid data: private key checksum failure"))
+        }
+        XCTAssert(passphraseRequestCalled)
+    }
+
     private func importKeys(_ publicKey: String, _ privateKey: String) throws {
         try KeyFileManager(keyType: PgpKey.PUBLIC, keyPath: "", keyHandler: keychain.add).importKey(from: publicKey)
         try KeyFileManager(keyType: PgpKey.PRIVATE, keyPath: "", keyHandler: keychain.add).importKey(from: privateKey)