#!/bin/sh

. ../../../prepare.inc.sh
. ../../../toolbox.inc.sh


# ---- do the actual testing ----

result=PASS
echo "++++ BEGINNING TEST" >$OUTPUTFILE

# create a keyring and attach it to the session keyring
marker "ADD KEYRING"
create_keyring wibble @s
expect_keyid keyringid

# stick a key in the keyring
marker "ADD KEY"
create_key user lizard gizzard $keyringid
expect_keyid keyid

# check that the key is in the keyring
marker "LIST KEYRING"
list_keyring $keyringid
expect_keyring_rlist rlist $keyid

# read the contents of the key
marker "PRINT KEY"
print_key $keyid
expect_payload payload "gizzard"

# pipe the contents of the key and add a LF as the key doesn't have one
marker "PIPE KEY"
pipe_key $keyid
echo >>$OUTPUTFILE
expect_payload payload "gizzard"

# read the key as hex
marker "READ KEY"
read_key $keyid
expect_payload payload "67697a7a 617264"

# read the contents of the keyring as hex and match it to the key ID
marker "READ KEYRING"
read_key $keyringid
tmp=`printf %08x $keyid`
if [ "$endian" = "LE" ]
then
    tmp=`echo $tmp | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/'`
fi
expect_payload payload $tmp

# remove read permission from the key and try reading it again
# - we should still have read permission because it's searchable in our
#   keyrings
marker "REMOVE READ PERM"
set_key_perm $keyid 0x3d0000
print_key $keyid
expect_payload payload "gizzard"

# remove search permission from the key as well
# - we should still have read permission because it's searchable in our
#   keyrings
marker "REMOVE SEARCH PERM"
set_key_perm $keyid 0x350000
print_key --fail $keyid
expect_error EACCES

# check that we can read it if we have to rely on possessor perms
# - we should still have read permission because it's searchable in our
#   keyrings
marker "CHECK POSSESSOR READ"
set_key_perm $keyid 0x3d000000
print_key $keyid
expect_payload payload "gizzard"

# put read permission back again
marker "REINSTATE READ PERM"
set_key_perm $keyid 0x370000
print_key $keyid
expect_payload payload "gizzard"

# revoke the key
marker "REVOKE KEY"
revoke_key $keyid
print_key --fail $keyid
expect_error EKEYREVOKED

# remove the keyring we added
marker "UNLINK KEYRING"
unlink_key $keyringid @s

echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE

# --- then report the results in the database ---
toolbox_report_result $TEST $result