### -*-autotest-*-
###
### Test script for key-management
###
### (c) 2008 Straylight/Edgeware
###

###----- Licensing notice ---------------------------------------------------
###
### This file is part of Trivial IP Encryption (TrIPE).
###
### TrIPE is free software: you can redistribute it and/or modify it under
### the terms of the GNU General Public License as published by the Free
### Software Foundation; either version 3 of the License, or (at your
### option) any later version.
###
### TrIPE is distributed in the hope that it will be useful, but WITHOUT
### ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
### FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
### for more details.
###
### You should have received a copy of the GNU General Public License
### along with TrIPE.  If not, see <https://www.gnu.org/licenses/>.

AT_SETUP([key management])
AT_KEYWORDS([keys python])

###--------------------------------------------------------------------------
### Make sure that this has a chance of working.

AT_CHECK([
  case "$HAVE_PYTHON_TRUE$HAVE_PYCATACOMB_TRUE" in
    "") ;;
    *) exit 77 ;;
  esac
])

AT_TESTED([curl key catsign rsync])

###--------------------------------------------------------------------------
### Create the initial environment.

work=$(pwd)
mkdir alice bob stage dist

cd "$work"/alice

cat <<EOF >tripe-keys.master
## Distribution parameters.
base-url = file://$work/dist/
base-dir = $work/stage/
upload-hook = rsync -aI --delete $work/stage/ $work/dist/

## Cryptographic parameters.
kx = ec
kx-expire = now + 1 year
sig-fresh = 1 month ago
sig-expire now + 1 year
master-keygen-flags =

## Master key integrity.
master-sequence = @MASTER-SEQUENCE@
hk-master = @HK-MASTER@
EOF

###--------------------------------------------------------------------------
### Simple key establishment.

## Alice sets up her repository and generates a key.
AT_CHECK([BUILDDIR/tripe-keys setup && test -d repos],, [ignore])
AT_CHECK([BUILDDIR/tripe-keys generate alice],, [ignore])
AT_CHECK([test -r peer-alice.pub])
cp peer-alice.pub repos/
AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore])
AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])

## Bob fetches a copy and generates his own key.
cd "$work"/bob
AT_CHECK([test -r "$work"/dist/tripe-keys.conf])
cp "$work"/dist/tripe-keys.conf .
AT_CHECK([BUILDDIR/tripe-keys update],, [ignore])
AT_CHECK([BUILDDIR/tripe-keys generate bob],, [ignore])
AT_CHECK([test -r peer-bob.pub])

## Alice collects Bob's key and installs it.
cd "$work/alice"
cp "$work"/bob/peer-bob.pub repos/
AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore])
AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])

## Bob fetches the new update and checks that his key's there.
cd "$work"/bob
AT_CHECK([BUILDDIR/tripe-keys update],, [ignore])
AT_CHECK([cmp peer-bob.pub repos/peer-bob.pub])

###--------------------------------------------------------------------------
### Alice rolls over her master key.

## Alice generates a new master key and publishes it.
cd "$work"/alice
AT_CHECK([BUILDDIR/tripe-keys newmaster],, [ignore])
AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])

cd "$work"/dist
AT_CHECK([test -r tripe-keys.sig-0 && test -r tripe-keys.sig-1])

## Bob fetches a new copy.  He gets warned that something unusual has
## happened.
cd "$work"/bob
AT_CHECK([BUILDDIR/tripe-keys update],, [ignore],
[tripe-keys: configuration file changed: recommend running another update
])

## Alice can now destroy her old master key.
cd "$work"/alice
AT_CHECK([key -kmaster delete master-0])
AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])

## This is OK because Bob has rolled over to the new key.
cd "$work"/bob
AT_CHECK([BUILDDIR/tripe-keys update],, [ignore])

###--------------------------------------------------------------------------
### Check good behaviour on signature verification failures.

## Corrupt the distribution tarball.
cd "$work"/dist
mkdir tmp
cd tmp
tar xfz ../tripe-keys.tar.gz
touch repos/bogus-file
tar cfz ../tripe-keys.tar.gz *

## Bob tries fetching again.  The update will notice the problem; none of his
## files will change.
cd "$work"/bob
md5sum repos/* keyring keyring.pub tripe-keys.conf >old-state.md5
AT_CHECK([BUILDDIR/tripe-keys update], [1], [ignore], [ignore])
AT_CHECK([md5sum -c old-state.md5],, [ignore])

###----- That's all, folks --------------------------------------------------

AT_CLEANUP