#!/bin/sh

. $srcdir/defs.inc || exit 3

check_exported_public_key()
{
    $GPG --list-packets $1 >$1.packets
    grep '^:public key packet:' $1.packets >/dev/null
    grep "^	keyid: .*$KEY$" $1.packets >/dev/null
    grep '^:user ID packet:' $1.packets >/dev/null
    grep "^:signature packet:.*keyid.*$KEY" $1.packets >/dev/null
    rm $1.packets
}

check_armored_public_key()
{
    grep '^-----BEGIN PGP PUBLIC KEY BLOCK-----$' $1 >/dev/null
    grep '^-----END PGP PUBLIC KEY BLOCK-----$' $1 >/dev/null
    check_exported_public_key $1
}

check_exported_private_key()
{
    $GPG --list-packets $1 >$1.packets
    grep '^:secret key packet:' $1.packets >/dev/null
    grep "^	keyid: .*$KEY$" $1.packets >/dev/null
    grep '^:user ID packet:' $1.packets >/dev/null
    grep "^:signature packet:.*keyid.*$KEY" $1.packets >/dev/null
    rm $1.packets
}

check_armored_private_key()
{
    grep '^-----BEGIN PGP PRIVATE KEY BLOCK-----$' $1 >/dev/null
    grep '^-----END PGP PRIVATE KEY BLOCK-----$' $1 >/dev/null
    check_exported_private_key $1
}

logfile="`pwd`/pinentry.log"
ppfile="`pwd`/passphrases"
rm -f -- $logfile $ppfile
touch $ppfile

prepare_passphrase()
{
    echo $* >>$ppfile
}

prepare_passphrase_confirm()
{
    echo "fake-entry being started to CONFIRM the weak phrase" >>$ppfile
}

assert_passphrases_consumed()
{
    if test -s $ppfile; then
        echo "Expected $ppfile to be empty, but these are enqueued:" >&2
        cat "$ppfile" >&2
        exit 1
    fi
    rm -f -- $logfile
}

export PINENTRY_USER_DATA="--logfile=$logfile --passphrasefile=$ppfile"

info "Checking key export."
for KEY in D74C5F22 C40FDECF ECABF51D
do
    progress $KEY

    $GPG --export $KEY >$KEY.public
    check_exported_public_key $KEY.public
    rm $KEY.public

    $GPG --armor --export $KEY >$KEY.public
    check_armored_public_key $KEY.public
    rm $KEY.public

    # test without --armor:

    if [ $KEY = D74C5F22 ]; then
        # Key D74C5F22 is protected by a passphrase.  Prepare this
        # one.  Currently, GnuPG does not ask for an export passphrase
        # in this case.
        prepare_passphrase "$usrpass1"
    fi

    $GPG --export-secret-keys $KEY >$KEY.private
    check_exported_private_key $KEY.private
    rm $KEY.private

    assert_passphrases_consumed

    # test with --armor:

    if [ $KEY = D74C5F22 ]; then
        # Key D74C5F22 is protected by a passphrase.  Prepare this
        # one.  Currently, GnuPG does not ask for an export passphrase
        # in this case.
        prepare_passphrase "$usrpass1"
    fi

    $GPG --armor --export-secret-keys $KEY >$KEY.private
    check_armored_private_key $KEY.private
    rm $KEY.private

    assert_passphrases_consumed
done

progress_end