#!/bin/bash -x
# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
#
# Copyright (c) 2016 Red Hat, Inc.
# Author: Nathaniel McCallum <npmccallum@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
 
function on_exit() {
    if [ "$PID" ]; then kill $PID; wait $PID || true; fi
    [ -d "$TMP" ] && rm -rf $TMP
}
 
trap 'on_exit' EXIT
trap 'exit' ERR
 
export TMP=`mktemp -d`
mkdir -p $TMP/db
mkdir -p $TMP/cache
 
# Generate the server keys
tangd-keygen $TMP/db sig exc
tangd-update $TMP/db $TMP/cache
 
# Generate the client keys
exc_kid=`jose jwk thp -i $TMP/db/exc.jwk`
tmp=`jose fmt -j $TMP/db/exc.jwk -Od x -d y -d d -o-`
jose jwk gen -i "$tmp" -o $TMP/exc.jwk
jose jwk pub -i $TMP/exc.jwk -o $TMP/exc.pub.jwk
 
# Start the server
port=`shuf -i 1024-65536 -n 1`
$SD_ACTIVATE -l 127.0.0.1:$port -a $VALGRIND tangd $TMP/cache &
export PID=$!
sleep 0.5
 
# Make sure that GET fails
! curl -sf http://127.0.0.1:$port/rec
! curl -sf http://127.0.0.1:$port/rec/
 
# Make a recovery request (NOTE: this is insecure! Don't do this in real code!)
good=`jose jwk exc -i '{"alg":"ECMR","key_ops":["deriveKey"]}' -l $TMP/exc.jwk -r $TMP/db/exc.jwk`
test=`curl -sf -X POST \
           -H "Content-Type: application/jwk+json" \
           --data-binary @- \
           http://127.0.0.1:$port/rec/${exc_kid} < $TMP/exc.pub.jwk`
[ "$good" == "$test" ]