1 files changed, 16 insertions, 0 deletions

diff --git a/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java b/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java
index 4e64bc3e9aa..23e22345cc6 100644
--- a/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java
@@ -21,6 +21,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
 public class SharedKeyTest {
 
     private static final KeyId KEY_ID_1 = KeyId.ofString("1");
+    private static final KeyId KEY_ID_2 = KeyId.ofString("2");
 
     @Test
     void generated_secret_key_is_128_bit_aes() {
@@ -45,6 +46,21 @@ public class SharedKeyTest {
     }
 
     @Test
+    void secret_key_can_be_resealed_for_another_receiver() {
+        var originalReceiverKp  = KeyUtils.generateX25519KeyPair();
+        var secondaryReceiverKp = KeyUtils.generateX25519KeyPair();
+        var myShared = SharedKeyGenerator.generateForReceiverPublicKey(originalReceiverKp.getPublic(), KEY_ID_1);
+        var theirShared = SharedKeyGenerator.reseal(myShared, secondaryReceiverKp.getPublic(), KEY_ID_2);
+
+        var publicToken = theirShared.sealedSharedKey().toTokenString();
+        var theirSealed = SealedSharedKey.fromTokenString(publicToken);
+        assertEquals(KEY_ID_2, theirSealed.keyId());
+        theirShared = SharedKeyGenerator.fromSealedKey(theirSealed, secondaryReceiverKp.getPrivate());
+        // Should be same internal secret key
+        assertArrayEquals(myShared.secretKey().getEncoded(), theirShared.secretKey().getEncoded());
+    }
+
+    @Test
     void token_v1_representation_is_stable() {
         var receiverPrivate = KeyUtils.fromBase58EncodedX25519PrivateKey("GFg54SaGNCmcSGufZCx68SKLGuAFrASoDeMk3t5AjU6L");
         var receiverPublic  = KeyUtils.fromBase58EncodedX25519PublicKey( "5drrkakYLjYSBpr5Haknh13EiCYL36ndMzK4gTJo6pwh");