# -*-html-*-
#
#    This file is part of Pretty Curved Privacy (pcp1).
#
#    Copyright (C) 2013 T.Linden.
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
#    You can contact me by mail: <tlinden AT cpan DOT org>.
#

pcp   = ../src/pcp1
vault = v1
passwd = xxx
md5msg   = 66b8c4ca9e5d2a7e3c0559c3cdea3d50

include keys.cfg

<test check-dependencies>
  <test check-dependencies-pcp>
    cmd = ls $pcp
    expect = /pcp/
  </test>
</test>


<test check-show-help>
  cmd    = $pcp -h
  expect = /export/
</test>

<test check-if-fail-without-vault>
  prepare = rm -f $vault
  cmd     = $pcp -V $vault -l
  expect  = /doesn't contain any keys so far/
</test>

<test check-generate-secret-key>
  cmd  = $pcp -V $vault -k -x $passwd
  input = <<EOF
Dexter Morgan
dxmorg@florida.cops.gov
  EOF
  expect = /Generated new secret key/	     
</test>


<test check-if-vault-contains-secret>
  cmd = $pcp -V $vault -l
  expect = /Dexter Morgan/
</test>

<test check-secret-key-info>
  cmd = $pcp -V $vault -l | tail -1 | cut -d ' ' -f 1 | xargs $pcp -V $vault -t -i
  expect = /BEGIN PCP SECRET KEY/
</test>

<test check-export-public-key>
  cmd = $pcp -V $vault -l | tail -1 | cut -d ' ' -f 1 | xargs $pcp -V $vault -p -i 
  expect = /BEGIN PCP PUBLIC KEY/
</test>

<test check-export-public-key-tofile>
  cmd = $pcp -V $vault -l | tail -1 | cut -d ' ' -f 1 | xargs $pcp -V $vault -p -O testkey-self -i 
  expect-file = testkey-self
</test>

<test check-export-public-key-filecontent>
  cmd = /usr/bin/true # file is already there
  expect-file-contains = testkey-self Dexter
</test>

<test check-import-public-key>
  cmd = $pcp -V $vault -P -I bart.pub
  expect = /key $bartid added/
</test>

<test check-imported-public-key-info>
  cmd = $pcp -V $vault -t -i $bartid
  expect = /Serial Number: $bartserial/
</test>

<test check-if-delete-public-key-works>
  cmd = $pcp -V $vault -R -i $bartid
  expect = /Public key deleted/
</test>

<test check-if-vault-still-valid>
  cmd = $pcp -V $vault -t
  expect = /Vault version: 00000002/
</test>

<test check-if-deleted-public-key-is-away>
  cmd = $pcp -V $vault -t
  expect = /Public keys: 0/
</test>


#
# test file determination
<test check-determine-pub>
  cmd = $pcp -t -I unknown1
  expect = /Niemand/
</test>

<test check-determine-sec>
  cmd = $pcp -t -I unknown2
  expect = /secret key/
</test>

<test check-determine-empty-vault>
  cmd = $pcp -t -I unknown3
  expect = /empty/
</test>

<test check-determine-encrypted-file>
  cmd = $pcp -t -I unknown4
  expect = /encrypted/
</test>

<test check-determine-signature>
  cmd = $pcp -t -I unknown5
  expect = /ed25519/
</test>

#
# encryption tests
<test check-crypto-alicia-init>
  # alicias part
  prepare = echo ${md5msg} > testmessage
  <test check-crypto-alicia-import-secret>
    cmd = $pcp -V va -S -I key-alicia-sec -x a
    expect = /${idalicia}/
  </test>

  <test check-crypto-alicia-import-bobbys-key>
    cmd = $pcp -V va -P -I key-bobby-pub
    expect = /${idbobby}/
  </test>

  <test check-crypto-alicia-encrypt>
    cmd = $pcp -V va -e -i ${idbobby} -I testmessage -O testencrypted -x a
    expect = /for ${idbobby} successfully/
  </test>

  <test check-crypto-alicia-encrypted-file>
    cmd = cat testencrypted
    expect = /END PCP ENCRYPTED FILE/
  </test>
</test>

<test check-crypto-bobby-init>
  # bobbys part
  <test check-crypto-bobby-import-secret>
    cmd = $pcp -V vb -S -I key-bobby-sec -x b
    expect = /${idbobby}/
  </test>

  <test check-crypto-alicia-import-alicias-key>
    cmd = $pcp -V vb -P -I key-alicia-pub
    expect = /${idalicia}/
  </test>

  <test check-crypto-bobby-decrypt>
    cmd = $pcp -V vb -d -O testdecrypted -I testencrypted -x b
    expect = /from ${idalicia} successfully/
  </test>

  <test check-crypto-alicia-encrypted-file>
    cmd = cat testdecrypted
    expect = /${md5msg}/
  </test>
</test>

#
# same, now with derived keys, keypairs:
# alicia                       bobby
# secret: derived for bobby    secret:primary
# bobby's public: primary      alicia's public: derived for him
#
# derived by name
<test check-dcrypto-init>
  <test check-dcrypto-alicia-export-derived-byname>
    cmd = $pcp -V va -p -r Bobby -x a -O testpub-forbobby-name
    expect-file = testpub-forbobby-name
  </test>
  <test check-dcrypto-bobby-import-byname>
    cmd = $pcp -V vb -P -I testpub-forbobby-name
    expect = /added/
  </test>
  <test check-dcrypto-bobby-encrypt-byname>
    id = grep Key-ID testpub-forbobby-name | sed 's/^        //g' | cut -d' ' -f2
    cmd = $pcp -V vb -e -i %{id} -I testmessage -O testencrypted-name -x b
    expect = /success/
  </test>
  <test check-dcrypto-alicia-decrypt-byname>
    cmd = $pcp -V va -d -I testencrypted-name -x a
    expect = /success/
  </test>

  # repeat, but now use derived keys in both directions
  <test check-dcrypto-bobby-export-derived-byname>
    cmd = $pcp -V vb -p -r Alicia -x b -O testpub-foralicia-name
    expect-file = testpub-foralicia-name
  </test>
  <test check-dcrypto-alicia-import-byname>
    cmd = $pcp -V va -P -I testpub-foralicia-name
    expect = /added/
  </test>
  <test check-dcrypto-bobby-encrypt-byname-both>
    id = grep Key-ID testpub-forbobby-name | sed 's/^        //g' | cut -d' ' -f2
    cmd = $pcp -V vb -e -i %{id} -I testmessage -O testencrypted-name -x b -r Alicia
    expect = /success/
  </test>
  <test check-dcrypto-alicia-decrypt-byname-both>
    cmd = $pcp -V va -d -I testencrypted-name -x a
    expect = /success/
  </test>
</test>

#
# check usage of unencrypted secret key
<test check-crypto-unencrypted-secret>
  cmd = (echo dau; echo foo; echo yes) | $pcp -V vcl -k -x ""
  expect = /added to/
</test>

<test check-crypto-unencrypted-secret-yaml>
  cmd = $pcp -V vcl -y
  expect = /encrypted:  no/
</test>

<test check-crypto-unencrypted-secret-message>
  prepare = $pcp -V vcl -I key-bobby-pub -P
  cmd     = echo HALLO | $pcp -V vcl -e -O testencrypted -i ${idbobby}
  expect  = /success/
</test>

<test check-crypto-unencrypted-secret-read>
  prepare = $pcp -V vcl -p | $pcp -V vb -P
  cmd = $pcp -V vb -d -I testencrypted -x b
  expect  = /HALLO/
</test>

#
# signature test
<test check-sign-to-bobby>
  cmd = $pcp -V va -g -I README -O testsig -x a
  expect-file testsig
</test>
<test check-verify-signature>
  cmd = $pcp -V vb -c testsig -I README
  expect = /verified/
</test>

#
# yaml export test
<test check-export-yaml>
  cmd = $pcp -V va -y | perl -Ilib -MYAML -MData::Dumper -e "print Dumper(Load(join('',<>)))"
  expect = /VAR1/
</test>

#
# raw C test with prepared keys, message and cipher
<test check-raw-decrypt>
  cmd = ./statictest
  expect = /ok/
</test>


#
# negative tests, check for error handling
<test check-if-catch-conflicting-params>
  cmd = $pcp -V $vault -S -P
  expect = /invalid combination of commandline parameters/
</test>

<test check-infile-error>
  cmd = $pcp -V $vault -I nonexist -P
  expect = /Could not open input file nonexist/
</test>

<test check-import-without-id-error>
  cmd = $pcp -V $vault -R
  expect = /You need to specify a key id/
</test>

<test check-catch-invalid-short-keyid>
  cmd = $pcp -V $vault -R -i 0x1
  expect = /is too short/
</test>

<test check-catch-invalid-long-keyid>
  cmd = $pcp -V $vault -R -i 0x1111111111111111111111111
  expect = /is too long/
</test>

<test check-catch-invalid-long-keyid-without-0x>
  cmd = $pcp -V $vault -R -i 11111111111111111
  expect = /is too long/
</test>

<test check-catch-delete-nonexist>
  cmd = $pcp -V $vault -R -i 0x0101010101010101
  expect = /No key with id 0x010101/
</test>

<test check-if-export-secret-catch-nonexistent-keyid>
  cmd = $pcp -V $vault -s -i 0x0101010101010101
  expect = /Could not find a secret key with id 0x010101/
</test>

<test check-if-export-secret-catch-no-primary>
  prepare = $pcp -V v2 -l # so we've got just an empty vault
  cmd = $pcp -V v2 -s
  expect = /no primary secret key in the vault/
</test>

<test check-if-export-secret-catch-outfile-error>
  cmd =  $pcp -V $vault -l | grep primary |cut -d ' ' -f 1 \
         | xargs $pcp -V $vault -s -O nonexistentdir/keyfile -i
  expect = /Could not create output file nonexistentdir/
</test>


<test check-if-export-public-catch-nonexistent-keyid>
  cmd = $pcp -V $vault -p -i 0x0101010101010101
  expect = /Could not find a public key with id 0x010101/
</test>

<test check-if-export-public-catch-no-primary>
  prepare = $pcp -V v3 -l # so we've got just an empty vault
  cmd = $pcp -V v3 -p
  expect = /no primary secret key in the vault/
</test>

<test check-if-export-public-catch-outfile-error>
  prepare = $pcp -V $vault -P -I bart.pub
  cmd =  $pcp -V $vault -l | grep public | cut -d ' ' -f 1 \
         | tail -1 | xargs $pcp -V $vault -p -O nonexistentdir/keyfile
  expect = /Could not create output file nonexistentdir/
</test>

<test check-if-catch-empty-input>
  prepare = touch testfile-empty
  cmd = $pcp -V $vault -P -I testfile-empty
  expect = /file is empty/
</test>

<test check-if-catch-missing-newlines>
  prepare = perl -e 'print "X" x 5000; print "\n"' > testfile-toolong
  cmd = $pcp -V $vault -P -I testfile-toolong
  expect = /line is too long/
</test>

/*
 * Currently disabled, because ZeroMQ's zmq_z85_decode() doesn't really
 * catch invalid z85, it only checks the input length and not the actual
 * encoding. Re-enable, once that bug is fixed.
<test check-if-catch-invalid-z85>
  prepare = ./jot 30 | while read ignore; do \
            echo XXXXXXXXXXXXXXXXXX; done > testfile-noz85
  cmd = $pcp -V $vault -P -I testfile-noz85
  expect = /could not decode input/
</test>
*/

<test check-if-catch-nokey-behind-z85>
  prepare = ./jot 30 | while read ignore; do echo XXXXX; done \
            | $pcp -z > testfile-nokey
  cmd = $pcp -V $vault -P -I testfile-nokey
  expect = /result to a proper sized key/
</test>

<test check-if-sanity-catch-nosecret>
  cmd = $pcp -V $vault -S -I bart.pub
  expect = /result to a proper sized key/
</test>

<test check-if-sanity-catch-keyexists>
  cmd = $pcp -V $vault -P -I bart.pub
  expect = /there already exists a key/
</test>

<test check-if-catch-nokeys>
  prepare = $pcp -V v3 -l
  cmd = $pcp -V v3 -l
  expect = /contain any keys so far/
</test>


<test check-testkey-invalid-id>
  prepare = ./invalidkeys
  cmd = $pcp -V $vault -S -I testkey-invalid-id
  expect /(invalid key id|could not decode input)/
</test>

<test check-testkey-not-encrypted>
  cmd = $pcp -V $vault -S -I testkey-not-encrypted
  expect = /secret key contained in key seems to be empty/
</test>

<test check-testkey-wrong-serial>
  cmd = $pcp -V $vault -S -I testkey-wrong-serial
  # sometimes the created key is invalid in another way
  expect = /(invalid serial number|could not decode input)/
</test>

<test check-testkey-wrong-type>
  cmd = $pcp -V $vault -S -I testkey-wrong-type
  expect = /key type is not SECRET/
</test>

<test check-testkey-wrong-version>
  cmd = $pcp -V $vault -S -I testkey-wrong-version
  expect = /unknown key version/
</test>



<test check-testpubkey-invalid-id>
  prepare = ./invalidkeys
  cmd = $pcp -V $vault -P -I testpubkey-invalid-id
  expect = /nvalid key id/
</test>

<test check-testpubkey-wrong-serial>
  cmd = $pcp -V $vault -P -I testpubkey-wrong-serial
  expect = /invalid serial number/
</test>

<test check-testpubkey-wrong-type>
  cmd = $pcp -V $vault -P -I testpubkey-wrong-type
  expect = /key type is not PUBLIC/
</test>

<test check-testpubkey-wrong-version>
  cmd = $pcp -V $vault -P -I testpubkey-wrong-version
  expect = /unknown key version/
</test>

<test check-vault-invalid-header>
  cmd = $pcp -V testvault-invalidheader -l
  expect = /Unexpected vault file format/
</test>

<test check-vault-invalid-version>
  cmd = $pcp -V testvault-invalidversion -l
  expect = /Unexpected vault file format/
</test>

<test check-vault-invalid-itemtype>
  cmd = $pcp -V testvault-invaliditemtype -l
  expect = /invalid key type/
</test>

<test check-vault-invalid-keytype>
  cmd = $pcp -V testvault-invalidkeytype -l
  expect = /contain any keys so far./
</test>

<test check-encryptionkeys-dont-collide>
  cmd = ./pwhashes
  expect = /ok/
</test>



#
# input handling tests
<test check-large-meta>
  cmd = (./jot 300 | while read m; do echo -n m; done; echo xxx) \
        | $pcp -V $vault -k -x $passwd
  expect = /Generated new secret key/
</test>


#
# test the c++ api
<test check-cpp-crypto>
  cmd = ./cpptest 0
  expect = /ok/
</test>

<test check-cpp-vault>
  cmd = ./cpptest 1
  expect = /ok/
</test>

<test check-cpp-import-pub>
  cmd = ./cpptest 2
  expect = /ok/
</test>

<test check-cpp-signature>
  cmd = ./cpptest 3
  expect = /ok/
</test>