#!/usr/bin/env bash

# For the license, see the LICENSE file in the root directory.

ROOT=${abs_top_builddir:-$(dirname "$0")/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}

SWTPM_CERT=${SWTPM_CERT:-${ROOT}/src/swtpm_cert/swtpm_cert}

cert="$(mktemp)" || exit 1

trap "cleanup" SIGTERM EXIT


function cleanup()
{
	rm -f ${cert}
}

function check_cert_size()
{
	local cert="$1"
	local exp="$2"

	# Unfortunately different GnuTLS versions may create certs of different
	# sizes; deactivate this test for now
	return

	local size=$(stat -c%s ${cert} 2>/dev/null)
	if [ $size -ne $exp ]; then
		echo "Warning: Certificate file has unexpected size."
		echo "         Expected: $exp;  found: $size"
	fi
}

${SWTPM_CERT} \
	--tpm2 \
	--signkey ${TESTDIR}/data/signkey.pem \
	--issuercert ${TESTDIR}/data/issuercert.pem \
	--out-cert ${cert} \
	--ecc-x 61eaf811ea582656ca2a835dd1b9cd63eb196d7ff62711d6e9b8f85e580a47ca \
	--ecc-y a51efdc71fd6c791a24a75beb50526aa81b44cc598e65b2d5e116084aea4cb5b \
	--days 3650 \
	--pem \
	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 2.0 \
	--tpm-spec-family 2.0 --tpm-spec-revision 146 --tpm-spec-level 0

if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_CERT} returned error code."
	exit 1
fi

#expecting size to be constant
check_cert_size "{$cert}" 948

#certtool --certificate-info --infile ${cert}
#openssl x509 -in ${cert} -text

# truncate result file
echo -n > ${cert}
echo "Test 1: OK"

${SWTPM_CERT} \
	--tpm2 \
	--signkey ${TESTDIR}/data/signkey.pem \
	--issuercert ${TESTDIR}/data/issuercert.pem \
	--out-cert ${cert} \
	--ecc-x 61eaf811ea582656ca2a835dd1b9cd63eb196d7ff62711d6e9b8f85e580a47ca \
	--ecc-y a51efdc71fd6c791a24a75beb50526aa81b44cc598e65b2d5e116084aea4cb5b \
	--days 3650 \
	--subject "OU=foo,L=NewYork,ST=NY,C=US" \
	--pem \
	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
	--tpm-spec-family 2.0 --tpm-spec-revision 146 --tpm-spec-level 0

if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_CERT} returned error code."
	exit 1
fi

#expecting size to be constant
check_cert_size "{$cert}" 1025

# truncate result file
echo -n > ${cert}
echo "Test 2: OK"

${SWTPM_CERT} \
	--tpm2 \
	--signkey ${TESTDIR}/data/signkey.pem \
	--issuercert ${TESTDIR}/data/issuercert.pem \
	--out-cert ${cert} \
	--pubkey ${TESTDIR}/data/ecpubek.pem \
	--days 3650 \
	--subject "OU=foo,L=NewYork,ST=NY,C=US" \
	--pem \
	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
	--tpm-spec-family 2.0 --tpm-spec-revision 146 --tpm-spec-level 0

if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_CERT} returned error code."
	exit 1
fi

#expecting size to be constant
check_cert_size "{$cert}" 1025

# truncate result file
#certtool --certificate-info --infile ${cert}
echo -n > ${cert}
echo "Test 3: OK"


###################### Platform Certificate #####################

${SWTPM_CERT} \
	--tpm2 \
        --type platform \
	--signkey ${TESTDIR}/data/signkey.pem \
	--issuercert ${TESTDIR}/data/issuercert.pem \
	--pubkey ${TESTDIR}/data/ecpubek.pem \
	--out-cert ${cert} \
	--days 3650 \
	--subject "OU=foo,L=NewYork,ST=NY,C=US" \
	--pem \
	--tpm-manufacturer IBM --tpm-model swtpm-libtpms --tpm-version 1.2 \
	--platform-manufacturer Fedora \
	--platform-model QEMU \
	--platform-version 2.1

if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_CERT} returned error code."
	exit 1
fi

#expecting size to be constant
check_cert_size "{$cert}" 1070

# truncate result file
#certtool --certificate-info --infile ${cert}
echo -n > ${cert}
echo "Test 4: OK"
