#! /usr/bin/env bash
# simple round-trip tests to verify the tool
# Usage:
#    $0 [bin=/path/to/sigtool] [tmpdir=/path/to/workdir]

Z=`basename $0`
die() {
    echo "$Z: $@" 1>&2
    echo "$Z: Test output in $tmpdir .." 1>&2
    exit 1
}

# cmd line args processing
for a in $*; do
    key=${a%=*}
    val=${a#*=}
    case $key in
        bin)
            bin=$val
            ;;

        tmpdir)
            tmpdir=$val
            ;;

        *)
            echo "Ignoring $key .."
            ;;
    esac
done

if [ -z "$bin" ]; then
    arch=`./build --print-arch`
    bin=./bin/$arch/sigtool

    [ -x $bin ] || ./build || die "can't find & build sigtool"
fi

[ -z "$tmpdir" ] && tmpdir=/tmp/sigtool$$

mkdir -p $tmpdir        || die "can't mkdir $tmpdir"

# env name for reading the password
passenv=FOO

# this is the password for SKs
FOO=bar


#trap "rm -rf $tmpdir" EXIT

bn=$tmpdir/foo
sig=$tmpdir/$Z.sig
pk=$bn.pub
sk=$bn.key
bn2=$tmpdir/bar
pk2=$bn2.pub
sk2=$bn2.key

encout=$tmpdir/$Z.enc
decout=$tmpdir/$Z.dec

# exit on any failure
set -e

# Now try with ssh ed25519 keys
keygen=`which ssh-keygen`
[ -z "$keygen" ] && die "can't find ssh-keygen"

ssk1=$tmpdir/ssk1
spk1=$ssk1.pub

ssk2=$tmpdir/ssk2
spk2=$ssk2.pub

# first generate two ssh keys
$keygen -q -C 'ssk1@foo' -t ed25519 -f $ssk1 -N "" 
$keygen -q -C 'ssk2@foo' -t ed25519 -f $ssk2 -N "" 

$bin s --no-password $ssk1 -o $sig $0 || die "can't sign with $ssk1"
$bin v -q $spk1 $sig $0               || die "can't verify with $spk2"

$bin e --no-password -o $encout $spk2 $0         || die "can't encrypt to $spk2 with $ssk1"
$bin d --no-password -o $decout $ssk2 $encout    || die "can't decrypt with $ssk2"

# cleanup state
rm -f $sig $encout $decout


# generate keys
$bin g -E FOO $bn                || die "can't gen keypair $pk, $sk"
$bin g -E FOO $bn 2>/dev/null    && die "overwrote prev keypair"
$bin g -E FOO --overwrite $bn    || die "can't force gen keypair $pk, $sk"
$bin g -E FOO $bn2               || die "can't force gen keypair $pk2, $sk2"

# sign and verify
$bin s -E FOO $sk $0 -o $sig       || die "can't sign $0"
$bin v -q $pk $sig $0              || die "can't verify signature of $0"
$bin v -q $pk2 $sig $0 2>/dev/null && die "bad verification with wrong $pk2"

# encrypt/decrypt
$bin e -E FOO -o $encout $pk2 $0      || die "can't encrypt to $pk2"
$bin d -E FOO -o $decout $sk2 $encout || die "can't decrypt with $sk2"
cmp -s $decout $0                     || die "decrypted file mismatch with $0"

# now with sender verification
$bin e -E FOO --overwrite -o $encout -s $sk $pk2 $0      || die "can't sender-encrypt to $pk2"
$bin d -E FOO --overwrite -o $decout -v $pk $sk2 $encout || die "can't decrypt with $sk2"
cmp -s $decout $0                            || die "decrypted file mismatch with $0"

# Only delete if everything worked
echo "$Z: All tests pass!"
rm -rf $tmpdir

# vim: tw=100 sw=4 ts=4 expandtab