#!/bin/sh

# Copyright (C) 2014 Nikos Mavrogiannopoulos
#
# This file is part of GnuTLS.
#
# GnuTLS is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GnuTLS is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
GREP="${GREP:-grep}"

# check keys with password
"${CERTTOOL}" --to-p8 --load-privkey  "${srcdir}/key-ca.pem" --password "1234" \
	--outfile tmp-key-ca.p8 2>/dev/null

${GREP} "BEGIN ENCRYPTED PRIVATE KEY" tmp-key-ca.p8  >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
	echo "Error in converting key to PKCS #8 with password"
	exit ${rc}
fi

"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca.pem" --password "1234" >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
	echo "Error in reading PKCS #8 key with password"
	exit ${rc}
fi

"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca-1234.p8" --password "1234" >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
	echo "Error in reading saved PKCS #8 key with password"
	exit ${rc}
fi

#keys encrypted with empty password
"${CERTTOOL}" --to-p8 --load-privkey  "${srcdir}/key-ca.pem" --password "" \
		--outfile tmp-key-ca.p8 2>/dev/null

${GREP} "BEGIN PRIVATE KEY" tmp-key-ca.p8  >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
	echo "Error in converting key to PKCS #8 with empty password"
	exit ${rc}
fi

"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca.pem" --password "" >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
	echo "Error in reading PKCS #8 key with empty password"
	exit ${rc}
fi

"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca-empty.p8" --password "" >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
	echo "Error in reading saved PKCS #8 key with empty password"
	exit ${rc}
fi

#keys encrypted with null password
"${CERTTOOL}" --to-p8 --load-privkey  "${srcdir}/key-ca.pem" --null-password \
	--outfile tmp-key-ca.p8 2>/dev/null

${GREP} "BEGIN ENCRYPTED PRIVATE KEY" tmp-key-ca.p8 >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
	echo "Error in converting key to PKCS #8 with null password"
	exit ${rc}
fi

"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca.pem" --null-password >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
	echo "Error in reading PKCS #8 key with null password"
	exit ${rc}
fi

"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca-null.p8" --null-password >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
	echo "Error in reading saved PKCS #8 key with null password"
	exit ${rc}
fi

# Tests for PKCS #8 ECC keys

"${CERTTOOL}" -k --infile "${srcdir}/key-ecc.pem" >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
	echo "Error in reading saved ECC key"
	exit ${rc}
fi

"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ecc.p8" >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
	echo "Error in reading saved PKCS #8 ECC key"
	exit ${rc}
fi

"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/openssl-key-ecc.p8" >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
	echo "Error in reading saved openssl PKCS #8 ECC key"
	exit ${rc}
fi

rm -f tmp-key-ca.p8

exit 0
