#!/bin/bash
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################

set -euo pipefail

#############################################################################
##### Tests for digital signature Java example.

FILE_SIGN_CLI="$1"
KEYSET_FILE_PRIVATE="$2"
KEYSET_FILE_PUBLIC="$3"

DATA_FILE="$TEST_TMPDIR/example_data.txt"
SIGNATURE_FILE="$TEST_TMPDIR/expected_signature.txt"

echo "This is some message to be verified." > $DATA_FILE

#############################################################################

# A helper function for getting the return code of a command that may fail
# Temporarily disables error safety and stores return value in $TEST_STATUS
# Usage:
# % test_command somecommand some args
# % echo $TEST_STATUS
test_command() {
  set +e
  "$@"
  TEST_STATUS=$?
  set -e
}

#############################################################################
#### Test basic signature signing and verification.
test_name="normal_signing_and_verification"
echo "+++ Starting test $test_name..."

##### Run signing
test_command $FILE_SIGN_CLI sign $KEYSET_FILE_PRIVATE $DATA_FILE $SIGNATURE_FILE

##### Run verification
test_command $FILE_SIGN_CLI verify $KEYSET_FILE_PUBLIC $DATA_FILE $SIGNATURE_FILE

if [[ $TEST_STATUS -eq 0 ]]; then
  echo "+++ Success: Signature is valid."
else
  echo "--- Failure: the Signature is invalid."
  exit 1
fi

#############################################################################
#### Test verification fails with incorrect signature.
test_name="signature_verification_fails_with_incorrect_signature"
echo "+++ Starting test $test_name..."

##### Create a wrong signature.
echo "ABCABCABCD" > $SIGNATURE_FILE

##### Run verification.
test_command $FILE_SIGN_CLI verify $KEYSET_FILE_PUBLIC $DATA_FILE $SIGNATURE_FILE

if [[ $TEST_STATUS -ne 0 ]]; then
  echo "+++ Success: Signature verification failed for invalid signature."
else
  echo "--- Failure: Signature passed for an invalid signature."
  exit 1
fi


#############################################################################
#### Test verification fails with an incorrect data.
test_name="signature_verification_fails_with_incorrect_data"
echo "+++ Starting test $test_name..."

##### Run signing
test_command $FILE_SIGN_CLI sign $KEYSET_FILE_PRIVATE $DATA_FILE $SIGNATURE_FILE

##### Modify the data.
echo "ABCABCABCD" >> $DATA_FILE

##### Run verification.
test_command $FILE_SIGN_CLI verify $KEYSET_FILE_PUBLIC $DATA_FILE $SIGNATURE_FILE

if [[ $TEST_STATUS -ne 0 ]]; then
  echo "+++ Success: Signature verification failed for invalid signature."
else
  echo "--- Failure: Signature passed for an invalid signature."
  exit 1
fi


#############################################################################
#### Test signing fails with a wrong keyset.
test_name="singing_fails_with_a_wrong_keyset"
echo "+++ Starting test $test_name..."

##### Run computation.
test_command $FILE_SIGN_CLI sign $KEYSET_FILE_PUBLIC $DATA_FILE $SIGNATURE_FILE

if [[ $TEST_STATUS -ne 0 ]]; then
  echo "+++ Success: Signature computation failed with public keyset."
else
  echo "--- Failure: Signature computation did not fail with public keyset."
  exit 1
fi