#!/usr/bin/env bash

# Tests to ensure that the monkeysphere is working

# Authors: 
#   Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#   Jameson Rollins <jrollins@fifthhorseman.net>
#   Micah Anderson <micah@riseup.net> 
#
# Copyright: 2008-2019
# License: GPL v3 or later

# these tests should all be able to run as a non-privileged user.

# all subcommands in this script should complete without failure:
set -e
# piped commands should return the code of the first non-zero return
set -o pipefail

declare -a child_procs=($(ps -o pid h --ppid $$))
if [ "${#child_procs[@]}" -gt 1 ]; then
    printf 'found %d pre-existing child processes: %s\n' "${#child_procs[@]}" "${child_procs[*]}"
    printf "spawning my own subprocess to avoid https://bugs.debian.org/920038...\n"
    "$0" "$@"
    exit
fi

# make sure the TESTDIR is an absolute path, not a relative one.
export TESTDIR=$(cd $(dirname "$0") && pwd)

source "$TESTDIR"/common

perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl module Crypt::OpenSSL::RSA installed to run this test.  
On debian-derived systems, you can set this up with:
  apt-get install libcrypt-openssl-rsa-perl" ; exit 1; }

perl -MDigest::SHA -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA installed to run this test.  
On debian-derived systems, you can set this up with:
  apt-get install libdigest-sha1-perl" ; exit 1; }


######################################################################
### SETUP VARIABLES

## set up some variables to ensure that we're operating strictly in
## the tests, not system-wide:

mkdir -p "$TESTDIR"/tmp
TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/ms.XXX")

if [ -z "$MONKEYSPHERE_TEST_USE_SYSTEM" ] ; then
    mkdir "$TEMPDIR"/bin
    ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/openpgp2ssh
    ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/pem2openpgp
    ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/keytrans

    # Use the local copy of executables first, instead of system ones.
    # This should help us test without installing.
    export PATH="$TEMPDIR"/bin:"$PATH"
else
    export PATH=/usr/share/monkeysphere:"$PATH"
fi

## setup trap
trap failed_cleanup EXIT

######################################################################
### TEST KEYTRANS

echo "##################################################"
echo "### generating openpgp key..."
export GNUPGHOME="$TEMPDIR"
chmod 700 "$TEMPDIR"


# create the key with the same preferences that monkeysphere uses.
cat > "$TEMPDIR"/gpg.conf <<EOF
default-preference-list SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1 ZLIB BZIP2 ZIP AES256 AES192 AES CAST5 3DES
cert-digest-algo SHA256
list-options show-uid-validity,show-unusable-uids
fixed-list-mode
EOF

cat > "$TEMPDIR"/gpg-agent.conf <<EOF
pinentry-program $TESTDIR/phony-pinentry-nopass
EOF

# generate a key
gpg --batch --$(get_gpg_prng_arg) --gen-key <<EOF
Key-Type: RSA
Key-Length: 3072
Key-Usage: sign
Name-Real: testtest
Expire-Date: 0

%no-ask-passphrase
%no-protection
%commit
%echo done
EOF

echo "##################################################"
echo "### retrieving key timestamp..."
timestamp=$(gpg --list-key --with-colons | \
    grep ^pub: | cut -d: -f6)

echo "##################################################"
echo "### exporting key to ssh file..."
gpg --export-secret-keys | openpgp2ssh > \
    "$TEMPDIR"/test.pem

gpg --export-secret-keys > "$TEMPDIR"/secret.key

PEM2OPENPGP_USAGE_FLAGS=sign,certify \
PEM2OPENPGP_TIMESTAMP="$timestamp" pem2openpgp testtest \
 < "$TEMPDIR"/test.pem > "$TEMPDIR"/converted.secret.key

echo "##################################################"
echo "### reconvert key, and compare to key in gpg keyring..."
diff -u \
    <(gpg --list-packets < "$TEMPDIR"/secret.key) \
    <(gpg --list-packets < "$TEMPDIR"/converted.secret.key)

diff -u \
    <(hd "$TEMPDIR"/secret.key) \
    <(hd "$TEMPDIR"/converted.secret.key)

KEYFPR=$(gpg --fingerprint --with-colons --list-keys | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^pub:/{ ok=1 }')
KEYID=$(printf "%s" "$KEYFPR" | cut -b25-40)

echo "conversions look good!"

echo "Now working with key $KEYID at time $timestamp"

gpg --check-trustdb
gpg --list-keys


echo "##################################################"
echo "### test working with two primary keys ... "

ssh-keygen -m PEM -t rsa -b 3072 -N '' -f "$TEMPDIR"/newkey

PEM2OPENPGP_USAGE_FLAGS=authenticate,certify \
PEM2OPENPGP_TIMESTAMP="$(( $timestamp + 1 ))" pem2openpgp fubar \
 < "$TEMPDIR"/newkey > "$TEMPDIR"/newkey.gpg

NEWKEYFPR=$(< "$TEMPDIR"/newkey.gpg gpg --with-colons --import-options import-show --dry-run --import | awk -F: '/^fpr:/{ print $10 }' )
NEWKEYID=$( printf "%s" "$NEWKEYFPR" | cut -b25-40)

< "$TEMPDIR"/newkey.gpg gpg --import 

gpg --batch --no-tty --faked-system-time "$timestamp" --quick-add-uid "$KEYID" baz

cat >"$TEMPDIR"/expectedout <<EOF
pub:u:3072:1:$KEYID:$timestamp:::u:::scSC
uid:u::::$timestamp::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest
sig:!::1:$KEYID:$timestamp::::testtest:13x::$KEYFPR:::8
uid:u::::$timestamp::EDDC32D783E7F4C7B6982D9AE5DC4A61000648BA::baz
sig:!::1:$KEYID:$timestamp::::testtest:13x::$KEYFPR:::8
pub:-:3072:1:$NEWKEYID:$(($timestamp + 1)):::-:::caCA
uid:-::::$(($timestamp + 1))::A0D708F51CC257DEFC01AEDE1E0A5F329DFD8F16::fubar
sig:!::1:$NEWKEYID:$(($timestamp + 1))::::fubar:13x::$NEWKEYFPR:::8
EOF

echo "test: diff expected gpg list output"
diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -vE '^(tru|fpr):' | cut -d: -f1-16 | sed 's/:*$//')

## FIXME: addtest: not testing subkeys at the moment.


trap - EXIT

echo "##################################################"
echo " Monkeysphere keytrans test completed successfully!"
echo "##################################################"

cleanup
