--- /dev/null
+### -*-autotest-*-
+###
+### Test script for key-management
+###
+### (c) 2008 Straylight/Edgeware
+###
+
+###----- Licensing notice ---------------------------------------------------
+###
+### This file is part of Trivial IP Encryption (TrIPE).
+###
+### TrIPE is free software; you can redistribute it and/or modify
+### it under the terms of the GNU General Public License as published by
+### the Free Software Foundation; either version 2 of the License, or
+### (at your option) any later version.
+###
+### TrIPE is distributed in the hope that it will be useful,
+### but WITHOUT ANY WARRANTY; without even the implied warranty of
+### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+### GNU General Public License for more details.
+###
+### You should have received a copy of the GNU General Public License
+### along with TrIPE; if not, write to the Free Software Foundation,
+### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+AT_SETUP([key management])
+AT_KEYWORDS([keys python])
+
+###--------------------------------------------------------------------------
+### Make sure that this has a chance of working.
+
+AT_CHECK([
+ case "$HAVE_PYTHON_TRUE$HAVE_PYCATACOMB_TRUE" in
+ "") ;;
+ *) exit 77 ;;
+ esac
+])
+
+AT_TESTED([curl key catsign rsync])
+
+###--------------------------------------------------------------------------
+### Create the initial environment.
+
+work=$(pwd)
+mkdir alice bob stage dist
+
+cd "$work"/alice
+
+cat <<EOF >tripe-keys.master
+## Distribution parameters.
+base-url = file://$work/dist/
+base-dir = $work/stage/
+upload-hook = rsync -aI --delete $work/stage/ $work/dist/
+
+## Cryptographic parameters.
+kx = ec
+kx-expire = now + 1 year
+sig-fresh = 1 month ago
+sig-expire now + 1 year
+master-keygen-flags =
+
+## Master key integrity.
+master-sequence = @MASTER-SEQUENCE@
+hk-master = @HK-MASTER@
+EOF
+
+###--------------------------------------------------------------------------
+### Simple key establishment.
+
+## Alice sets up her repository and generates a key.
+AT_CHECK([BUILDDIR/tripe-keys setup && test -d repos],, [ignore])
+AT_CHECK([BUILDDIR/tripe-keys generate alice],, [ignore])
+AT_CHECK([test -r peer-alice.pub])
+cp peer-alice.pub repos/
+AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore])
+AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])
+
+## Bob fetches a copy and generates his own key.
+cd "$work"/bob
+AT_CHECK([test -r "$work"/dist/tripe-keys.conf])
+cp "$work"/dist/tripe-keys.conf .
+AT_CHECK([BUILDDIR/tripe-keys update],, [ignore])
+AT_CHECK([BUILDDIR/tripe-keys generate bob],, [ignore])
+AT_CHECK([test -r peer-bob.pub])
+
+## Alice collects Bob's key and installs it.
+cd "$work/alice"
+cp "$work"/bob/peer-bob.pub repos/
+AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore])
+AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])
+
+## Bob fetches the new update and checks that his key's there.
+cd "$work"/bob
+AT_CHECK([BUILDDIR/tripe-keys update],, [ignore])
+AT_CHECK([cmp peer-bob.pub repos/peer-bob.pub])
+
+###--------------------------------------------------------------------------
+### Alice rolls over her master key.
+
+## Alice generates a new master key and publishes it.
+cd "$work"/alice
+AT_CHECK([BUILDDIR/tripe-keys newmaster],, [ignore])
+AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])
+
+cd "$work"/dist
+AT_CHECK([test -r tripe-keys.sig-0 && test -r tripe-keys.sig-1])
+
+## Bob fetches a new copy. He gets warned that something unusual has
+## happened.
+cd "$work"/bob
+AT_CHECK([BUILDDIR/tripe-keys update],, [ignore],
+[tripe-keys: configuration file changed: recommend running another update
+])
+
+## Alice can now destroy her old master key.
+cd "$work"/alice
+AT_CHECK([key -kmaster delete master-0])
+AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])
+
+## This is OK because Bob has rolled over to the new key.
+cd "$work"/bob
+AT_CHECK([BUILDDIR/tripe-keys update],, [ignore])
+
+###--------------------------------------------------------------------------
+### Check good behaviour on signature verification failures.
+
+## Corrupt the distribution tarball.
+cd "$work"/dist
+mkdir tmp
+cd tmp
+tar xfz ../tripe-keys.tar.gz
+touch repos/bogus-file
+tar cfz ../tripe-keys.tar.gz *
+
+## Bob tries fetching again. The update will notice the problem; none of his
+## files will change.
+cd "$work"/bob
+md5sum repos/* keyring keyring.pub tripe-keys.conf >old-state.md5
+AT_CHECK([BUILDDIR/tripe-keys update], [1], [ignore], [ignore])
+AT_CHECK([md5sum -c old-state.md5],, [ignore])
+
+###----- That's all, folks --------------------------------------------------
+
+AT_CLEANUP
~mdw / tripe / blobdiff