examples/python/file_signature/file_signature_test.sh

#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################

set -euo pipefail

#############################################################################
##### Tests for file_mac python example.

FILE_SIGN_CLI="$1"
KEYSET_FILE_PRIVATE="$2"
KEYSET_FILE_PUBLIC="$3"

DATA_FILE="$TEST_TMPDIR/example_data.txt"
EXPECTED_SIGNATURE_FILE="$TEST_TMPDIR/expected_signature.txt"

echo "This is some message to be verified." > $DATA_FILE
CORRECT_SIGNATURE="01622abd92012330a2de153af7db5f3097d61dcc55c678215c1f6b871509d52e7a37fb038ca14879cc47f5ee11409f63dc24bc38d5ca2272ababc0d24a164438a80cb4db00"

#############################################################################

# A helper function for getting the return code of a command that may fail
# Temporarily disables error safety and stores return value in $TEST_STATUS
# Usage:
# % test_command somecommand some args
# % echo $TEST_STATUS
test_command() {
  set +e
  "$@"
  TEST_STATUS=$?
  set -e
}

#############################################################################
#### Test good key and correct signature verification.
test_name="normal_verification"
echo "+++ Starting test $test_name..."

##### Create a plaintext and actual MAC.
echo "$CORRECT_SIGNATURE" > $EXPECTED_SIGNATURE_FILE

##### Run verification
test_command $FILE_SIGN_CLI verify $KEYSET_FILE_PUBLIC $DATA_FILE $EXPECTED_SIGNATURE_FILE

if [[ $TEST_STATUS -eq 0 ]]; then
  echo "+++ Success: Signature is valid."
else
  echo "--- Failure: the Signature is invalid."
  exit 1
fi


#############################################################################
#### Test good key and incorrect Signature verification.
test_name="incorrect_signature_verification"
echo "+++ Starting test $test_name..."

##### Create a plaintext and wrong signature.
echo "ABCABCABCD" > $EXPECTED_SIGNATURE_FILE

##### Run verification.
test_command $FILE_SIGN_CLI verify $KEYSET_FILE_PUBLIC $DATA_FILE $EXPECTED_SIGNATURE_FILE

if [[ $TEST_STATUS -ne 0 ]]; then
  echo "+++ Success: Signature verification failed for invalid signature."
else
  echo "--- Failure: Signature passed for an invalid signature."
  exit 1
fi


#############################################################################
#### Test good key signature computation.
test_name="signature_computation"
echo "+++ Starting test $test_name..."

##### Create a plaintext and actual signature.
SIGNATURE_OUTPUT_FILE="$TEST_TMPDIR/computed_signature_log.txt"

##### Run computation.
$FILE_SIGN_CLI sign $KEYSET_FILE_PRIVATE $DATA_FILE --alsologtostderr 2> $SIGNATURE_OUTPUT_FILE
##### Check that the correct signature was produced in the logs
test_command grep --quiet --ignore-case "$CORRECT_SIGNATURE" "$SIGNATURE_OUTPUT_FILE"

if [[ $TEST_STATUS -eq 0 ]]; then
  echo "+++ Success: Signature computation was successful."
else
  echo "--- Failure: Signature computation was unsuccessful"
  exit 1
fi


#############################################################################
#### Test Signature computation with wrong keyset.
test_name="public_key_computation"
echo "+++ Starting test $test_name..."

##### Run computation.
test_command $FILE_SIGN_CLI sign $KEYSET_FILE_PUBLIC $DATA_FILE

if [[ $TEST_STATUS -ne 0 ]]; then
  echo "+++ Success: Signature computation failed with public keyset."
else
  echo "--- Failure: Signature computation did not fail with public keyset."
  exit 1
fi