# sm-verify 
#
# Verify a few distributed signatures.
# Requirements: 
#

srcdir = getenv srcdir

# Check an opaque signature
sig = openfile $srcdir/text-1.osig.pem
out = createfile msg.unsig
pipeserver $GPGSM
send INPUT FD=$sig
expect-ok
send OUTPUT FD=$out
expect-ok
badsig  = count-status BADSIG
goodsig = count-status GOODSIG
trusted = count-status TRUST_FULLY
send VERIFY
expect-ok
echo badsig=$badsig goodsig=$goodsig trusted=$trusted
fail-if $badsig
fail-if !$goodsig
fail-if !$trusted
send BYE
expect-ok

sig =
out =
cmpfiles $srcdir/text-1.txt msg.unsig
fail-if !$?

# Check a detached signature.
sig = openfile $srcdir/text-1.dsig.pem
plain = openfile $srcdir/text-1.txt
pipeserver $GPGSM
send INPUT FD=$sig
expect-ok
send MESSAGE FD=$plain
expect-ok
badsig  = count-status BADSIG
goodsig = count-status GOODSIG
trusted = count-status TRUST_FULLY
send VERIFY
expect-ok
echo badsig=$badsig goodsig=$goodsig trusted=$trusted
fail-if $badsig
fail-if !$goodsig
fail-if !$trusted
send BYE
expect-ok

# Check a tampered opaque message
sig = openfile $srcdir/text-1.osig-bad.pem
out = createfile msg.unsig

pipeserver $GPGSM
send INPUT FD=$sig
expect-ok
send OUTPUT FD=$out
expect-ok
badsig  = count-status BADSIG
goodsig = count-status GOODSIG
trusted = count-status TRUST_FULLY
send VERIFY
expect-ok
echo badsig=$badsig goodsig=$goodsig trusted=$trusted
fail-if $goodsig
fail-if !$badsig
fail-if $trusted
send BYE
expect-ok

# Check another opaque signature but without asking for the output.
sig = openfile $srcdir/text-2.osig.pem

pipeserver $GPGSM
send INPUT FD=$sig
expect-ok
badsig  = count-status BADSIG
goodsig = count-status GOODSIG
trusted = count-status TRUST_FULLY
send VERIFY
expect-ok
echo badsig=$badsig goodsig=$goodsig trusted=$trusted
fail-if $badsig
fail-if !$goodsig
fail-if !$trusted
send BYE
expect-ok

# We als have tampered version.
sig = openfile $srcdir/text-2.osig-bad.pem

pipeserver $GPGSM
send INPUT FD=$sig
expect-ok
badsig  = count-status BADSIG
goodsig = count-status GOODSIG
trusted = count-status TRUST_FULLY
send VERIFY
expect-ok
echo badsig=$badsig goodsig=$goodsig trusted=$trusted
fail-if $goodsig
fail-if !$badsig
fail-if $trusted
send BYE
expect-ok


quit