#!/bin/bash

srcdir="${srcdir:-.}"
SERV="${SERV:-../../src/gnutls-serv} -q"
CLI="${CLI:-../../src/gnutls-cli}"
PORT="${PORT:-5557}"
unset RETCODE

fail() {
   echo "Failure: $1" >&2
   RETCODE=${RETCODE:-${2:-1}}
}

echo "Checking OpenPGP certificate verification"

$SERV -p $PORT --pgpcertfile $srcdir/srv-public-127.0.0.1-signed.gpg --pgpkeyfile $srcdir/srv-secret.gpg >/dev/null 2>&1 &

# give the server a chance to initialize
sleep 2

#gnutls currently only considers PGP certificates verified only if
#all user IDs in the certificate were signed.

#$CLI -p $PORT 127.0.0.1 --pgpkeyring ca-public.gpg </dev/null >/dev/null || \
#  fail "Connection to verified IP address should have succeeded! (error code $?)" $?

$CLI -p $PORT 127.0.0.2 --pgpkeyring $srcdir/ca-public.gpg </dev/null >/dev/null && \
  fail "Connection to unrecognized IP address should have failed!"

$CLI -p $PORT localhost --pgpkeyring $srcdir/ca-public.gpg </dev/null >/dev/null && \
  fail "Connection to unverified (but present) 'localhost' should have failed!"

kill %1
wait

$SERV -p $PORT --pgpcertfile $srcdir/srv-public-localhost-signed.gpg --pgpkeyfile $srcdir/srv-secret.gpg >/dev/null 2>&1 &
# give the server a chance to initialize
sleep 2

echo | $CLI -p $PORT 127.0.0.1 --pgpkeyring $srcdir/ca-public.gpg </dev/null >/dev/null && \
  fail "Connection to unverified IP address should have failed! (error code $?)" $?

$CLI -p $PORT 127.0.0.2 --pgpkeyring $srcdir/ca-public.gpg </dev/null >/dev/null && \
  fail "Connection to unrecognized IP address should have failed!"

#see reason above
#$CLI -p $PORT localhost --pgpkeyring ca-public.gpg </dev/null >/dev/null || \
#  fail "Connection to verified 'localhost' should have succeded! (error code $?)" $?

kill %1 >/dev/null 2>&1
wait

$SERV -p $PORT --pgpcertfile $srcdir/srv-public-all-signed.gpg --pgpkeyfile $srcdir/srv-secret.gpg >/dev/null 2>&1 &
# give the server a chance to initialize
sleep 2
echo | $CLI -p $PORT 127.0.0.1 --pgpkeyring $srcdir/ca-public.gpg </dev/null >/dev/null || \
  fail "Connection to signed PGP certificate should have succeeded! (error code $?)" $?

$CLI -p $PORT 127.0.0.2 --pgpkeyring $srcdir/ca-public.gpg </dev/null >/dev/null && \
  fail "Connection to unrecognized IP address should have failed!"

kill %1 >/dev/null 2>&1
wait

exit ${RETCODE:-0}
