#!/usr/bin/bash

##
#   run_keys TESTS
##

#-----------------------------------------------------------#
red() {
     echo -en "\\0033[1;31m"
     echo "$1"
     echo -en "\\0033[0;39m"
}

green() {
     echo -en "\\0033[1;32m"
     echo "$1"
     echo -en "\\0033[0;39m"

}

orange() {
     echo -en "\\0033[1;33m"
     echo "$1"
     echo -en "\\0033[0;39m"

}
#-----------------------------------------------------------#

/bin/mkdir -p clkeys


VER=$(/bin/claes -version)
green  "Found claes version ${VER}"
orange "You need clkeys version 1.2 for this test"

echo "Preparing clkeys for canned password"
cp /bin/clkeys clkeys/keys; /bin/sed -i '116s/^/ASKPASS = "echo deadbeefdead"/' clkeys/keys
cd clkeys
rm -f err log

### generation

DESC="\nGenerate a RSA key pair with default length of 2048 bits ... "
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
KEY="testkey1"
rm -f $KEY.p15 $KEY.cert.pem $KEY.p15.KEYID
./keys generate $KEY >> log 2>> err
echo "--> : $?"  
if ls -l $KEY.cert.pem ; then green "OK"; else red "FAILED"; fi

DESC="\nGenerate a RSA key pair with size 3977 bits ... "
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
KEY="testkey2"
rm -f $KEY.p15 $KEY.cert.pem $KEY.p15.KEYID
./keys generate $KEY -size 3977 >> log 2>> err
echo "--> : $?"  
if ls -l $KEY.cert.pem ; then green "OK"; else red "FAILED"; fi

DESC="\nGenerate a RSA keypair of max size (4096 bit) with a specific KEYID=James O\'Connor Jr"
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
KEY="testkey3"
rm -f $KEY.p15 $KEY.cert.pem $KEY.p15.KEYID
./keys generate $KEY -SIZE 4096 -CN James O\'Connor Jr >> log 2>> err
echo "--> : $?"  
if ls -l $KEY.cert.pem ; then green "OK"; else red "FAILED"; fi

DESC="\nGenerate a DSA key with a specific KEYID=Paul O\'Neill Sen"
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
KEY="testkey4"
rm -f $KEY.p15 $KEY.cert.pem $KEY.p15.KEYID
./keys generate $KEY -DSA -CN Paul O\'Neill Sen >> log 2>> err
echo "--> : $?"  
if ls -l $KEY.cert.pem ; then green "OK"; else red "FAILED"; fi


### requests


DESC="\nProduce a CSR with minimal info based on generated testkey1"
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
KEY="testkey1"
rm -f $KEY.CSR.pem $KEY.CSR.der
echo -e "IE\n.\n.\n.\n.\n\ndummy@test1.ie\n" | ./keys request $KEY >> log 2>> err
echo "--> : $?"  
if ls -l $KEY.CSR.pem $KEY.CSR.der ; then green "OK"; else red "FAILED"; fi


DESC="\nProduce a CSR based on testkey3 with all components and a specific KEYID"
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
KEY="testkey3"
rm -f $KEY.CSR.pem $KEY.CSR.der
echo -e "IE\nKerry\nTralee\nKerry Petroleum\nDelivery\n\nJames.OConnor@kerrypetroleum.ie\n" | ./keys request $KEY -CN James O\'Connor Jr >> log 2>> err
echo "--> : $?"  
if ls -l $KEY.CSR.pem $KEY.CSR.der ; then green "OK"; else red "FAILED"; fi


DESC="\nProduce a DSA CSR with minimal info and a specific KEYID"
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
KEY="testkey4"
rm -f $KEY.CSR.pem $KEY.CSR.der
echo -e "IE\n.\n.\n.\n.\n\nshit@test4.de\n" | ./keys request $KEY -CN Paul O\'Neill Sen >> log 2>> err
echo "--> : $?"  
if ls -l $KEY.CSR.pem $KEY.CSR.der ; then green "OK"; else red "FAILED"; fi


### import

DESC="\nImport the SELFSIGNED cert  into a copy of testkey3"
KEY="JamesOConnorSelfsign"
rm -f $KEY.p15 $KEY.cert.pem
cp testkey3.p15 ./$KEY.p15
cp testkey3.p15 ./$KEY.p15.original
cp testkey3.cert.pem JamesOConnorSelfsign.cert.pem
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
./keys import $KEY $KEY.cert.pem  >> log 2>> err
echo "--> : $?"  
if diff $KEY.p15 $KEY.p15.original ; then red "Import FAILED"; else green "Import OK."; fi


DESC="\nImport a cert into a copy of testkey3 (James O'Connor Jr)"
KEY="JamesOConnor"
rm -f $KEY.p15 $KEY.cert.pem
cp ../fixed/testkey3.p15 ./JamesOConnor.p15
cp ../fixed/testkey3.p15 ./JamesOConnor.p15.original
cp ../fixed/12.pem JamesOConnor.cert.pem
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
./keys import JamesOConnor JamesOConnor.cert.pem >> log 2>> err
echo "--> : $?"  
if diff $KEY.p15 $KEY.p15.original ; then red "Import FAILED"; else green "Import OK."; fi


DESC="\nImport a DSA certificate into a copy of testkey4 (Paul O'Neill Sen)"
KEY="PaulONeill"
rm -f $KEY.p15 $KEY.cert.pem
cp ../fixed/testkey4.p15 ./PaulONeill.p15
cp ../fixed/testkey4.p15 ./PaulONeill.p15.original
cp ../fixed/13.pem PaulONeill.cert.pem
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
./keys import $KEY $KEY.cert.pem >> log 2>> err
echo "--> : $?"  
if diff $KEY.p15 $KEY.p15.original ; then red "Import FAILED"; else green "Import OK."; fi


### CA sign

KEY="CAkey1"
DESC="\nGenerate a CA signing key of 4096 bits $KEY (Test CA Rootkey 2024)"
rm -f $KEY.*
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
./keys generate $KEY -size 4096 -cn Test CA Rootkey 2024 >> log 2>> err
echo "--> : $?"  
if ls -l $KEY.p15 $KEY.base.p15 ; then green "OK"; else red "FAILED"; fi
cp CAkey1* ../fixed

CAKEY="CAkey1"
CSR=testkey3
DESC="\nGenerate a CA signed certificate from a CSR (RSA James Oconnor Jr)"
rm -f $CSR
CSR=JamesOConnor
cp testkey3.CSR.der ${CSR}.CSR.der
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
echo "yes" | ./keys casign $CAKEY ${CSR}.CSR.der  >> log 2>> err
RET=$?
echo "--> : $RET"  
if (( $RET == 1)); then green "OK ERROR detected no CA cert in P15 file"; else red "FAILED "; fi



DESC="\nGenerate a CA signed certificate from a CSR (RSA James Oconnor Jr)"
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
echo "Import the CA certificate into the p15 file first!"
./keys import $CAKEY $CAKEY.cert.pem  >> log 2>> err
echo "Now signing the cert request with this updated CA key"
echo "yes" | ./keys casign $CAKEY ${CSR}.CSR.der  >> log 2>> err
RET=$?
echo "--> : $RET"  
ls -l $CAKEY.p15 $CSR.newcert.pem 
if (( $RET == 0)); then green "OK CSR signed successfully"; else red "FAILED "; fi


DESC="\nImport the new cert signed by this CAkey1 into James.p15"
KEY="James"
rm -f $KEY.p15
cp testkey3.p15 James.p15
cp James.p15 James.p15.original
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
./keys import James JamesOConnor.newcert.pem >> log 2>> err
echo "--> : $?"  
if diff $KEY.p15 $KEY.p15.original ; then red "Import FAILED"; else green "Import OK."; fi
cp $KEY.p15 ../fixed
cp JamesOConnor.newcert.pem ../fixed/$KEY.cert


DESC="\nGenerate a CA signed certificate from a CSR (DSA, Paul ONeill Sen)"
CSR=PaulONeill
cp testkey4.CSR.der ${CSR}.CSR.der
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
echo "Signing the cert request with the updated CA key"
echo "yes" | ./keys casign $CAKEY ${CSR}.CSR.der  >> log 2>> err
RET=$?
echo "--> : $RET"  
ls -l  $CSR.newcert.pem 
if (( $RET == 0)); then green "OK CSR signed successfully"; else red "FAILED "; fi


DESC="\nImport the new cert signed by this CAkey1 into Paul.p15"
KEY="Paul"
rm -f $KEY.p15
cp testkey4.p15 $KEY.p15
cp $KEY.p15 $KEY.p15.original
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
./keys import $KEY PaulONeill.newcert.pem >> log 2>> err
echo "--> : $?"  
if diff $KEY.p15 $KEY.p15.original ; then red "Import FAILED"; else green "Import OK."; fi
cp $KEY.p15 ../fixed
cp PaulONeill.newcert.pem ../fixed/$KEY.cert



echo
orange "clkeys tests finished."
echo

ls -l; 
