#!/bin/bash

set -eu
trap cleanup EXIT

priv=testonly/ssh
pub=testonly/ssh.pub
domain_hint=_sigsum_v0.ssh.test.sigsum.org
msg=msg-$(date +%s)
num_msg=3

function cleanup() {
	set +e

	rm -f sigsum
	for i in $(seq 1 $num_msg); do
		rm -f $msg-$i{,.trunnel,.sig}
	done

	exit
}

go build .

files=""
for i in $(seq 1 $num_msg); do
    echo $msg-$i > $msg-$i
    if ! openssl dgst -binary $msg-$i | ssh-keygen \
					    -Y sign \
					    -O hashalg=sha256 \
					    -f $priv \
					    -n $(./sigsum namespace) > $msg-$i.sig ; then
	echo "[FAIL] sign for $num_msg ssh message(s)" >&2
	exit 1
    fi
    files=$(echo -n $files $msg-$i)
done

echo "[PASS] sign for $num_msg ssh message(s)" >&2

if ! ./sigsum bundle -t ssh -k $pub -d $domain_hint $files; then
	echo "[FAIL] bundle for $num_msg ssh message(s)" >&2
	exit 1
fi

echo "[PASS] bundle for $num_msg ssh message(s)" >&2

if ! ./sigsum verify -t ssh -k $pub $files; then
	echo "[FAIL] verify for $num_msg ssh message(s)" >&2
	exit 1
fi

echo "[PASS] verify for $num_msg ssh message(s)" >&2