feat(pgpainless): add detection for passphrase-less messages (#3069)

* WIP: feat(pgpainless): add detection for passphrase-less messages

* refactor: test keys instead of the message

This makes more logical sense

1 files changed, 20 insertions, 0 deletions

diff --git a/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt b/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt
index 5de2bf4f..600cc39d 100644
--- a/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt
+++ b/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt
@@ -156,6 +156,26 @@ class PGPainlessCryptoHandlerTest {
   }
 
   @Test
+  fun detectsKeysWithPassphrase() {
+    assertTrue(cryptoHandler.isPassphraseProtected(listOf(PGPKey(TestUtils.getArmoredSecretKey()))))
+    assertTrue(
+      cryptoHandler.isPassphraseProtected(
+        listOf(PGPKey(TestUtils.getArmoredSecretKeyWithMultipleIdentities()))
+      )
+    )
+  }
+
+  @Test
+  fun detectsKeysWithoutPassphrase() {
+    // Uses the internal method instead of the public API because GnuPG seems to have made it
+    // impossible to generate a key without a passphrase and I can't care to find a magical
+    // incantation to convince it I am smarter than whatever they are protecting against.
+    assertFalse(
+      cryptoHandler.keyringHasPassphrase(PGPainless.generateKeyRing().modernKeyRing("John Doe"))
+    )
+  }
+
+  @Test
   fun canHandleFiltersFormats() {
     assertFalse { cryptoHandler.canHandle("example.com") }
     assertTrue { cryptoHandler.canHandle("example.com.gpg") }