#! /bin/sh

# $NetBSD: t_netpgpverify.sh,v 1.7 2026/01/30 09:01:08 wiz Exp $

#
# Copyright (c) 2016 The NetBSD Foundation, Inc.
# All rights reserved.
#
# This code is derived from software contributed to The NetBSD Foundation
# by Alistair Crooks (agc@NetBSD.org)
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
# AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#

# Define test sets with atf_test_case
# There may well be only one test set - these are tests for different
# functionality, so netpgpverify has 2 sets, 1 for RSA and 1 for DSA
# each test set has a
# + *_head() function, to define the set, and
# + *_body(), to set up the supporting input and expected output files
#	and some atf_check calls, which actually carry out the tests

# any binary files should be uuencoded
# we need to give the input and expected output files like this as tests
# take place in a clean directory, so we need to be able to set them up
# from the shell script

# Test set 1 (rsa_signatures) for netpgpverify
atf_test_case netpgpverify_testset_1_rsa_signatures

netpgpverify_testset_1_rsa_signatures_head() {
	atf_set "descr" "Test set 1 (rsa_signatures) for netpgpverify"
}
netpgpverify_testset_1_rsa_signatures_body() {
	data=$(atf_get_srcdir)/data
	gzcat ${data}/NetBSD-6.0_hashes.asc.gz > NetBSD-6.0_hashes.asc
	# expected output contains full file names, so we need the input files locally
	for i in pubring.gpg b.gpg a.gpg jj.asc det det.sig
	do
		cp ${data}/${i} .
	done

	atf_check -s exit:0 -o file:${data}/expected16 -e empty env TZ=US/Pacific netpgpverify -k pubring.gpg -c verify b.gpg
	atf_check -s exit:0 -o file:${data}/expected18 -e empty env TZ=US/Pacific netpgpverify -k pubring.gpg -c verify a.gpg
#	atf_check -s exit:0 -o file:${data}/expected19 -e empty env TZ=US/Pacific netpgpverify -k pubring.gpg -c verify NetBSD-6.0_hashes.asc
	atf_check -s exit:0 -o file:${data}/expected20 -e empty env TZ=US/Pacific netpgpverify -k pubring.gpg -c cat jj.asc
	atf_check -s exit:0 -o file:${data}/expected21 -e empty env TZ=US/Pacific netpgpverify -k pubring.gpg < a.gpg
	atf_check -s exit:0 -o file:${data}/expected22 -e empty env TZ=US/Pacific netpgpverify -k pubring.gpg < jj.asc
#	atf_check -s exit:0 -o file:${data}/expected23 -e empty env TZ=US/Pacific netpgpverify < NetBSD-6.0_hashes.asc
	atf_check -s exit:0 -o file:${data}/expected24 -e empty env TZ=US/Pacific netpgpverify -k pubring.gpg < b.gpg
	#atf_check -s exit:0 -o file:${data}/expected25 -e empty netpgpverify NetBSD-6.0_hashes.gpg
	#atf_check -s exit:0 -o file:${data}/expected26 -e empty netpgpverify < NetBSD-6.0_hashes.gpg
	atf_check -s exit:0 -o file:${data}/expected27 -e empty env TZ=US/Pacific netpgpverify -k pubring.gpg < NetBSD-6.0_hashes.asc
	atf_check -s exit:0 -o file:${data}/expected28 -e empty env TZ=US/Pacific netpgpverify -k pubring.gpg NetBSD-6.0_hashes.asc
	#atf_check -s exit:0 -o file:${data}/expected29 -e empty netpgpverify NetBSD-6.0_hashes_ascii.gpg
	#atf_check -s exit:0 -o file:${data}/expected30 -e empty netpgpverify < NetBSD-6.0_hashes_ascii.gpg
	atf_check -s exit:0 -o file:${data}/expected31 -e empty env TZ=US/Pacific netpgpverify -k pubring.gpg -c cat b.gpg b.gpg b.gpg
	atf_check -s exit:0 -o file:${data}/expected32 -e empty env TZ=US/Pacific netpgpverify -k pubring.gpg b.gpg b.gpg b.gpg
	atf_check -s exit:0 -o file:${data}/expected33 -e empty env TZ=US/Pacific netpgpverify -k pubring.gpg -c cat b.gpg jj.asc b.gpg
	atf_check -s exit:0 -o file:${data}/expected34 -e empty env TZ=US/Pacific netpgpverify -k pubring.gpg det.sig
	atf_check -s exit:0 -o file:${data}/expected35 -e empty env TZ=US/Pacific netpgpverify -k pubring.gpg -c cat det.sig
	#atf_check -s exit:0 -o file:${data}/expected46 -e empty netpgpverify -k problem-pubring.gpg NetBSD-6.0_hashes.asc
}

# Test set 2 (dsa_signatures) for netpgpverify
atf_test_case netpgpverify_testset_2_dsa_signatures

netpgpverify_testset_2_dsa_signatures_head() {
	atf_set "descr" "Test set 2 (dsa_signatures) for netpgpverify"
}
netpgpverify_testset_2_dsa_signatures_body() {
	data=$(atf_get_srcdir)/data
	for i in dsa-pubring.gpg in1.gpg in1.asc in2.gpg in2.asc
	do
		cp ${data}/${i} .
	done

	atf_check -s exit:0 -o file:${data}/expected36 -e empty env TZ=US/Pacific netpgpverify -k dsa-pubring.gpg in1.gpg
	atf_check -s exit:0 -o file:${data}/expected37 -e empty env TZ=US/Pacific netpgpverify -k dsa-pubring.gpg < in1.gpg
	atf_check -s exit:0 -o file:${data}/expected38 -e empty env TZ=US/Pacific netpgpverify -k dsa-pubring.gpg in1.asc
	atf_check -s exit:0 -o file:${data}/expected39 -e empty env TZ=US/Pacific netpgpverify -k dsa-pubring.gpg < in1.asc
	atf_check -s exit:0 -o file:${data}/expected40 -e empty env TZ=US/Pacific netpgpverify -k dsa-pubring.gpg -c cat in1.gpg
	atf_check -s exit:0 -o file:${data}/expected41 -e empty env TZ=US/Pacific netpgpverify -k dsa-pubring.gpg -c cat < in1.gpg
	atf_check -s exit:0 -o file:${data}/expected42 -e empty env TZ=US/Pacific netpgpverify -k dsa-pubring.gpg -c cat in1.asc
	atf_check -s exit:0 -o file:${data}/expected43 -e empty env TZ=US/Pacific netpgpverify -k dsa-pubring.gpg -c cat < in1.asc
	atf_check -s exit:0 -o file:${data}/expected44 -e empty env TZ=US/Pacific netpgpverify -k dsa-pubring.gpg in2.gpg
	atf_check -s exit:0 -o file:${data}/expected45 -e empty env TZ=US/Pacific netpgpverify -k dsa-pubring.gpg in2.asc
}

# Test set 3 - test signatures made by GnuPG v1 and v2
atf_test_case netpgpverify_testset_3_gnupg_version_signatures

netpgpverify_testset_3_gnupg_version_signatures_head() {
	atf_set "descr" "Test set 3 (signatures by GnuPG v1 and v2) for netpgpverify"
}

netpgpverify_testset_3_gnupg_version_signatures_body() {
        atf_expect_fail "PR bin/59936 - does not support signatures generated by gnugp2"
	data=$(atf_get_srcdir)/data
	for i in message message.v1.asc message.v1.sig message.v2.asc message.v2.sig
	do
		cp ${data}/${i} .
	done
	ln -s message message.v1
	ln -s message message.v2

	# signature made by GnuPG 1.x
	atf_check -s exit:0 -o file:${data}/message.v1.asc.expected -e empty env TZ=Europe/Vienna netpgpverify -k ${data}/message.keyring message.v1.asc
	atf_check -s exit:0 -o file:${data}/message.v1.sig.expected -e empty env TZ=Europe/Vienna netpgpverify -k ${data}/message.keyring message.v1.sig
	# signature made by GnuPG 2.x
	atf_check -s exit:0 -o file:${data}/message.v2.asc.expected -e empty env TZ=Europe/Vienna netpgpverify -k ${data}/message.keyring message.v2.asc
	atf_check -s exit:0 -o file:${data}/message.v2.sig.expected -e empty env TZ=Europe/Vienna netpgpverify -k ${data}/message.keyring message.v2.sig
}

# all test sets
atf_init_test_cases() {
	atf_add_test_case netpgpverify_testset_1_rsa_signatures
	atf_add_test_case netpgpverify_testset_2_dsa_signatures
	atf_add_test_case netpgpverify_testset_3_gnupg_version_signatures
}