Throw WrongPassphraseException when wrong passphrase is provided to unlock secret key

pgpainless-core/src/test/java/org/pgpainless/key/modification/AddSubKeyTest.java

@@ -39,6 +39,8 @@ import org.pgpainless.key.generation.KeySpec;
 import org.pgpainless.key.generation.type.ecc.EllipticCurve;
 import org.pgpainless.key.generation.type.ecc.ecdsa.ECDSA;
 import org.pgpainless.key.protection.PasswordBasedSecretKeyRingProtector;
+import org.pgpainless.key.protection.SecretKeyRingProtector;
+import org.pgpainless.key.protection.UnlockSecretKey;
 import org.pgpainless.util.Passphrase;
 
 public class AddSubKeyTest {
@@ -73,9 +75,8 @@ public class AddSubKeyTest {
         long subKeyId = keyIdsAfter.get(0);
 
         PGPSecretKey subKey = secretKeys.getSecretKey(subKeyId);
-        PGPPrivateKey privateKey = subKey.extractPrivateKey(
-                PasswordBasedSecretKeyRingProtector
-                        .forKey(subKey, Passphrase.fromPassword("subKeyPassphrase"))
-                        .getDecryptor(subKeyId));
+        SecretKeyRingProtector protector = SecretKeyRingProtector.unlockAllKeysWith(
+                Passphrase.fromPassword("subKeyPassphrase"), secretKeys);
+        PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(subKey, protector);
     }
 }

pgpainless-core/src/test/java/org/pgpainless/key/modification/ChangeSecretKeyRingPassphraseTest.java

@@ -42,6 +42,7 @@ import org.pgpainless.encryption_signing.EncryptionStream;
 import org.pgpainless.implementation.ImplementationFactory;
 import org.pgpainless.key.protection.KeyRingProtectionSettings;
 import org.pgpainless.key.protection.PasswordBasedSecretKeyRingProtector;
+import org.pgpainless.key.protection.UnlockSecretKey;
 import org.pgpainless.util.Passphrase;
 
 public class ChangeSecretKeyRingPassphraseTest {
@@ -184,7 +185,7 @@ public class ChangeSecretKeyRingPassphraseTest {
         PBESecretKeyDecryptor decryptor = passphrase.isEmpty() ? null : new BcPBESecretKeyDecryptorBuilder(digestCalculatorProvider)
                 .build(passphrase.getChars());
 
-        secretKey.extractPrivateKey(decryptor);
+        UnlockSecretKey.unlockSecretKey(secretKey, decryptor);
     }
 
     private void signDummyMessageWithKeysAndPassphrase(PGPSecretKeyRing keyRing, Passphrase passphrase) throws IOException, PGPException {

pgpainless-core/src/test/java/org/pgpainless/key/protection/SecretKeyRingProtectorTest.java

@@ -140,7 +140,7 @@ public class SecretKeyRingProtectorTest {
 
         PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
         for (PGPSecretKey secretKey : secretKeys) {
-            secretKey.extractPrivateKey(protector.getDecryptor(secretKey));
+            UnlockSecretKey.unlockSecretKey(secretKey, protector);
             assertNotNull(protector.getEncryptor(secretKey));
         }
     }

pgpainless-core/src/test/java/org/pgpainless/key/protection/UnlockSecretKeyTest.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright 2021 Paul Schaub.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.pgpainless.key.protection;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPPrivateKey;
+import org.bouncycastle.openpgp.PGPSecretKey;
+import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.junit.jupiter.api.Test;
+import org.pgpainless.PGPainless;
+import org.pgpainless.exception.WrongPassphraseException;
+import org.pgpainless.util.Passphrase;
+
+public class UnlockSecretKeyTest {
+
+    @Test
+    public void testUnlockSecretKey() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
+        PGPSecretKeyRing secretKeyRing = PGPainless.generateKeyRing()
+                .simpleEcKeyRing("alice@wonderland.lit", "heureka!");
+        PGPSecretKey secretKey = secretKeyRing.getSecretKey();
+
+        SecretKeyRingProtector correctPassphrase = SecretKeyRingProtector.unlockAllKeysWith(Passphrase.fromPassword("heureka!"), secretKeyRing);
+        SecretKeyRingProtector incorrectPassphrase = SecretKeyRingProtector.unlockAllKeysWith(Passphrase.fromPassword("bazinga!"), secretKeyRing);
+        SecretKeyRingProtector emptyPassphrase = SecretKeyRingProtector.unlockAllKeysWith(Passphrase.emptyPassphrase(), secretKeyRing);
+        Passphrase cleared = Passphrase.fromPassword("cleared");
+        cleared.clear();
+        SecretKeyRingProtector invalidPassphrase = SecretKeyRingProtector.unlockAllKeysWith(cleared, secretKeyRing);
+        // Correct passphrase works
+        PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(secretKey, correctPassphrase);
+        assertNotNull(privateKey);
+
+        assertThrows(WrongPassphraseException.class, () ->
+                UnlockSecretKey.unlockSecretKey(secretKey, incorrectPassphrase));
+        assertThrows(WrongPassphraseException.class, () ->
+                UnlockSecretKey.unlockSecretKey(secretKey, emptyPassphrase));
+        assertThrows(WrongPassphraseException.class, () ->
+                UnlockSecretKey.unlockSecretKey(secretKey, invalidPassphrase));
+    }
+}