#!/bin/bash

# Test sopv-gpgv against some SOP signing implementation

# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

set -e
set -x

SOP="$1"
if ! [ -n "$SOP" ] ; then
    printf >&2 'Usage: ./test SOP\n'
    exit 1
fi
shift

# the sopv implementation to test (set this explicitly to sopv-gpgv to
# test the installed version)
SOPV=${SOPV:-./sopv-gpgv}

for keyname in x y z; do
    $SOP generate-key 'test '$keyname' key' > $keyname.key
    $SOP extract-cert < $keyname.key > $keyname.cert
    $SOP dearmor < $keyname.cert > $keyname.cert.bin
done
echo test > test.txt
$SOP sign x.key < test.txt > test.txt.signatures
$SOP sign x.key z.key < test.txt > test.txt.2signatures
$SOP inline-sign x.key < test.txt > test.signed
$SOP inline-sign x.key z.key < test.txt > test.2signed
$SOP inline-sign --as=clearsigned x.key < test.txt > test.csf
$SOP inline-sign --as=clearsigned x.key z.key < test.txt > test.2csf

for x in '' --extended --backend --sop-spec --sopv; do
    printf "Version (%s)\n" "$x"
    $SOPV version $x
done

for kt in cert cert.bin; do
    for t in test.txt.signatures test.txt.2signatures; do
        $SOPV verify $t x.$kt < test.txt
        ! $SOPV verify $t y.$kt < test.txt
        if [ $t == test.txt.2signatures ] ; then
            $SOPV verify $t z.$kt < test.txt
        else
            ! $SOPV verify $t z.$kt < test.txt
        fi
        $SOPV verify $t x.$kt y.$kt < test.txt
        $SOPV verify $t y.$kt x.$kt < test.txt
        $SOPV verify $t x.$kt z.$kt < test.txt
    done

    for t in test.signed test.2signed test.csf test.2csf; do
        $SOPV inline-verify x.$kt < $t
        if [ $t == test.2signed -o $t == test.2csf ]; then
            $SOPV inline-verify z.$kt < $t
        else
            ! $SOPV inline-verify z.$kt < $t
        fi
        ! $SOPV inline-verify y.$kt < $t
        $SOPV inline-verify x.$kt z.$kt < $t
    done
done


# FIXME: inline-verify: need to also test --verifications-out

# FIXME: should test @FD: and @ENV: special designators as inputs

# FIXME: should test --not-before and --not-after

echo "Tests completed successfully!"
