# Copyright 2002-2004 The Apache Software Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# All these setting come from the configure script
# We use configure to do most of the hard work as it is more
# designed to handle different system complexity than make
#

# A perl based test script for running all the interop examples

# There can be a number of failures.
#
# 1. the file http://xmldsig.pothole.com/xml-stylesheet.txt no
#    longer exists.  I have it on a test http server to make these
#    tests work.
# 2. If you are not online to the Internet, the checks for documents
#    at www.w3.org will also fail.

require 5.000;
use strict;

# Counters

my $dsig_failure_count = 0;
my $dsig_pass_count = 0;
my $dsig_skipped_count = 0;

my $xenc_failure_count = 0;
my $xenc_pass_count = 0;
my $xenc_skipped_count = 0;

my $failure_count = 0;
my $pass_count = 0;

my $total_dsig_count = 0;
my $total_xenc_count = 0;

# Checksig setup
my $checksig_args = "-x";

# Program setup

my $checksig;
my $cipher;

my $checksig_vc8 = "../Build/Win32/VC8/Debug/checksig.exe";
my $cipher_vc8 = "../Build/Win32/VC8/Debug/cipher.exe";

my $checksig_vc7 = "../Build/Win32/VC7/Debug/checksig.exe";
my $cipher_vc7 = "../Build/Win32/VC7/Debug/cipher.exe";

my $checksig_release = "../Build/Win32/VC6/Release/checksig.exe";
my $cipher_release = "../Build/Win32/VC6/Release/cipher.exe";

my $checksig_vc7release = "../Build/Win32/VC7/Release/checksig.exe";
my $cipher_vc7release = "../Build/Win32/VC7/Release/cipher.exe";

my $checksig_vc8release = "../Build/Win32/VC8/Release/checksig.exe";
my $cipher_vc8release = "../Build/Win32/VC8/Release/cipher.exe";

if ($^O =~ m/Win/) {
  $checksig = "../Build/Win32/VC6/Debug/checksig.exe";
  $cipher = "../Build/Win32/VC6/Debug/cipher.exe";
}
else {
  $checksig = ".libs/checksig";
  $cipher = ".libs/cipher";
}

# Directory setup
my $data_dir = "../../xml-security-java/src/test/resources";

# Digital Signature Tests

my $dsig_file = 0;
my $dsig_args = 1;
# Does this test require Xalan (y/n)
my $dsig_flag_xalan = 2;
# Does this test require pothole.com (y/n)
my $dsig_flag_pothole = 3;

# What components do we have available?
my $have_pothole = 1;
my $have_xalan = 1;
my $have_aes = 1;

# What kind of test results should we expect?
# Without xalan, 13 tests will fail
my $no_xalan_failures = 13;
my $expected_failures = 0;

# What tests should we run?

my $doenc = 1;
my $dosig = 1;

# The following array defines how checksig will be called to validate the sig
#
# The fields are:
# Filename = the file that contains the signature.  Relative to the data dir
# Flags = additional flags to pass to checksig
# Requires Xalan = y/n - if y only run if Xalan available
# Requires pothole = y/n - if y only run if pothole site available

my @dsig_array=(

"at/iaik/ixsil/coreFeatures/signatures/anonymousReferenceSignature.xml,-a,n,n",
"at/iaik/ixsil/coreFeatures/signatures/manifestSignature.xml,,n,n",

# will fail if no network

"at/iaik/ixsil/coreFeatures/signatures/signatureTypesSignature.xml,,y,n",
"at/iaik/ixsil/signatureAlgorithms/signatures/dSASignature.xml,,n,n",
"at/iaik/ixsil/signatureAlgorithms/signatures/hMACShortSignature.xml,-h secret,n,n",
"at/iaik/ixsil/signatureAlgorithms/signatures/hMACSignature.xml,-h secret,n,n",
"at/iaik/ixsil/signatureAlgorithms/signatures/rSASignature.xml,,n,n",

"at/iaik/ixsil/transforms/signatures/base64DecodeSignature.xml,,n,n",
"at/iaik/ixsil/transforms/signatures/c14nSignature.xml,,n,n",
"at/iaik/ixsil/transforms/signatures/envelopedSignatureSignature.xml,,n,n",
"at/iaik/ixsil/transforms/signatures/xPathSignature.xml,,y,n",



"com/rsasecurity/bdournaee/certj201_enveloped.xml,,n,n",
"com/rsasecurity/bdournaee/certj201_enveloping.xml,,n,n",
"ie/baltimore/merlin-examples/ec-merlin-iaikTests-two/signature.xml,,y,n",
"ie/baltimore/merlin-examples/merlin-exc-c14n-one/exc-signature.xml,,n,n",

"ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-keyname.xml,-i,n,n",
"ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-retrievalmethod-rawx509crt.xml,-i,n,n",
"ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-crt-crl.xml,-i,n,n",
"ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-crt.xml,,n,n",
"ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-is.xml,-i,n,n",
"ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-ski.xml,-i,n,n",
"ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-sn.xml,-i,n,n",



"ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloped-dsa.xml,,n,n",
"ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-b64-dsa.xml,,y,n",
"ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-dsa.xml,,n,n",
"ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-hmac-sha1-40.xml,-h secret,n,n",
"ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-hmac-sha1.xml,-h secret,n,n",
"ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-rsa.xml,,n,n",
"ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-external-b64-dsa.xml,,n,y",
"ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-external-dsa.xml,,n,n",

# These two are removed, as this is a pre-release syntax that the library
# does not understand

# testSig $data_dir/ie/baltimore/merlin-examples/merlin-xmldsig-filter2-one/sign-xfdl.xml
# testSig $data_dir/ie/baltimore/merlin-examples/merlin-xmldsig-filter2-one/signature.xml

"ie/baltimore/merlin-examples/merlin-xmldsig-sixteen/signature.xml,,y,y",
"interop/c14n/Y1/exc-signature.xml,,n,n",

# MD5 now implemented

"interop/c14n/Y2/signature-joseph-exc.xml,,y,n",
"interop/c14n/Y3/signature.xml,,y,n",
"interop/c14n/Y4/signature.xml,,y,n",
"interop/c14n/Y5/signature.xml,,y,n",
"interop/c14n/Y5/signatureCommented.xml,,y,n",

# XPath Filter

"interop/xfilter2/merlin-xpath-filter2-three/sign-spec.xml,,y,n",
"interop/xfilter2/merlin-xpath-filter2-three/sign-xfdl.xml,,y,n",

# Extra unit tests provided for bug reports

"org/apache/xml/security/testcases/SAML2ArtifactResponse.xml,--id ID,n,n",

);

# XML Encryption Tests

my $xenc_result = 0;
my $xenc_file = 1;
my $xenc_args = 2;
my $xenc_flag_xalan = 3;
my $xenc_flag_aes = 4;

my @xenc_array=(
#bad-encrypt-content-aes128-cbc-kw-aes192.xml
#decryption-transform-except.xml
#decryption-transform.xml
"<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.xml,-i -de,n,y",
"<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.xml,-i -de,n,y",
"<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-content-tripledes-cbc.xml,-i -de,n,n",

"top secret message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-aes128-cbc.xml,-i,n,y",
"top secret message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.xml,-i,n,y",
"top secret message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.xml,-i,n,y",
"top secret message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.xml,-i,n,n",

# NOT Supported as of V1.2 (OpenSSL 0.9.8 supports SHA256 digest, not OAEP)
#"top secret message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml,-i,n,n",

"<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.xml,-i -de,n,y",

# CipherRef now supported

"<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes192-cbc-ref.xml,-i -de,y,y",

"<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes256-cbc-carried-kw-aes256.xml,-i -de,n,y",
"<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256.xml,-i -de,n,y",
"<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.xml,-i -de,n,y",


# Unsupported Key-wraps
#encrypt-content-aes192-cbc-dh-sha512.xml
#encrypt-element-aes256-cbc-kw-aes256-dh-ripemd160.xml

# Don't yet support encrypted keysin signatures (or SHA-2/Ripemd)

#encsig-hmac-sha256-dh.xml
#encsig-hmac-sha256-kw-tripledes-dh.xml
#encsig-hmac-sha256-rsa-1_5.xml
#encsig-hmac-sha256-rsa-oaep-mgf1p.xml
#encsig-ripemd160-hmac-ripemd160-kw-tripledes.xml
#encsig-sha256-hmac-sha256-kw-aes128.xml
#encsig-sha384-hmac-sha384-kw-aes192.xml
#encsig-sha512-hmac-sha512-kw-aes256.xml

# Don't yet check for bad encryption

#bad-encrypt-content-aes128-cbc-kw-aes192.xml

# Don't yet support signature decryption transforms

#decryption-transform-except.xml
#decryption-transform.xml

# PHAOS interop tests.  Commented out tests are currently
# not supported
# bad-alg-enc-element-aes128-kw-3des.xml
"<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-3des-kw-aes192.xml,-i -de,n,y",
"<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-aes128-kw-3des.xml,-i -de,n,y",
"<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-aes192-kw-aes256.xml,-i -de,n,y",
"<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.xml,-i -de,n,y",
# enc-element-3des-ka-dh.xml
"<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.xml,-i -de,n,n",
"<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.xml,-i -de,n,n",
# enc-element-3des-kt-rsa_oaep_sha256.xml
# enc-element-3des-kt-rsa_oaep_sha512.xml
"<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-3des-kw-3des.xml,-i -de,n,n",
# enc-element-aes128-ka-dh.xml
"<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.xml,-i -de,n,y",
"<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.xml,-i -de,n,y",
"<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kw-aes128.xml,-i -de,n,y",
"<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kw-aes256.xml,-i -de,n,y",
# enc-element-aes192-ka-dh.xml
"<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.xml,-i -de,n,y",
"<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes192-kw-aes192.xml,-i -de,n,y",
# enc-element-aes256-ka-dh.xml
"<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes256-kw-aes256.xml,-i -de,n,y",
"4019 2445 0277 5567,com/phaos/phaos-xmlenc-3/enc-text-3des-kw-aes256.xml,-i,n,y",
"4019 2445 0277 5567,com/phaos/phaos-xmlenc-3/enc-text-aes128-kw-aes192.xml,-i,n,y",
"4019 2445 0277 5567,com/phaos/phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.xml,-i,n,y",
"4019 2445 0277 5567,com/phaos/phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.xml,-i,n,y"

);

sub print_args {

  print STDERR "\nUsage: basicTests.pl [--noxalan] [--nopothole] [--noaes] [--vc8] [--vc8release] [--vc7] [--vc7release] [--vc6release] [--nosig] --[noenc]\n\n";
  exit(1);

}

# Process command line options

foreach (@ARGV) {

 SWITCH: {
    if (/^--noxalan$/ || /^-x$/) {$have_xalan = 0; last SWITCH;}
    if (/^--nopothole$/ || /^-p$/) {$have_pothole = 0; last SWITCH;}
    if (/^--noaes$/ || /^-a$/) {$have_aes = 0; last SWITCH;}
    if (/^--vc8$/) {$checksig = $checksig_vc8 ; $cipher = $cipher_vc8; last SWITCH;}
    if (/^--vc8release$/) {$checksig = $checksig_vc8release ; $cipher = $cipher_vc8release; last SWITCH;}
    if (/^--vc7$/) {$checksig = $checksig_vc7 ; $cipher = $cipher_vc7; last SWITCH;}
    if (/^--vc7release$/) {$checksig = $checksig_vc7release ; $cipher = $cipher_vc7release; last SWITCH;}
    if (/^--vc6release$/) {$checksig = $checksig_release ; $cipher = $cipher_release; last SWITCH;}
	if (/^--nosig$/) {$dosig = 0; last SWITCH;}
	if (/^--noenc$/) {$doenc = 0; last SWITCH;}
    print STDERR "Unknown command : " . $_ . "\n\n";
    print_args();
  }
}

# Run the signature tests

if ($dosig) {

  print "\n\n";
  print "Running XML Digital Signature Interop Tests\n";
  print "-------------------------------------------\n\n";

  foreach (@dsig_array) {

	$total_dsig_count++;

	my @fields = split(/\,/, $_);
	my $file_name = $fields[$dsig_file];
	my $args = $fields[$dsig_args];
	my $xalan_flag = $fields[$dsig_flag_xalan];
	my $pothole_flag = $fields[$dsig_flag_pothole];

	if ((($xalan_flag eq "n") | $have_xalan) & (($pothole_flag eq 'n') || $have_pothole)) {
	
	  my $result = `$checksig $checksig_args $args $data_dir/$file_name`;

	  if ($? == 0) {
		print "$file_name OK\n";
		$dsig_pass_count++;
	  }
	  else {
		print "\nFAILURE\n";
		print "---------\n";
		print "\n$file_name failed.  \n\nMessage was \n\n$result\n\n";
		print "---------\n\n";
		$dsig_failure_count++;
	  }
	} else {

	  print "$file_name SKIPPED\n";
	  $dsig_skipped_count++;

	}

  };

  print "\n\n";
  print "DSIG Tests complete\n\n";
  print "Total Tests    = $total_dsig_count\n";
  print "Number Passed  = $dsig_pass_count\n";
  print "Number Skipped = $dsig_skipped_count\n";
  print "Number Failed  = $dsig_failure_count\n\n";
  print "-------------------------------------------\n\n";
}

# Now run the encryption tests

if ($doenc) {

  print "\n\n";
  print "Running XML Encryption Interop Tests\n";
  print "------------------------------------\n\n";

  foreach (@xenc_array) {

	$total_xenc_count++;

	my @fields = split(/\s*,\s*/, $_);
	my $expected_result = $fields[$xenc_result];
	my $file_name = $fields[$xenc_file];
	my $args = $fields[$xenc_args];
	my $xalan_flag = $fields[$xenc_flag_xalan];
	my $aes_flag = $fields[$xenc_flag_aes];

	if ((($xalan_flag eq "n") | $have_xalan) & (($aes_flag eq "n") | $have_aes)) {

	  my $result = `$cipher $args $data_dir/$file_name`;

	  if ($? == 0 && $result =~ /$expected_result/) {
		print "$file_name OK\n";
		$xenc_pass_count++;
	  }
	  else {
		print "\nFAILURE\n";
		print "---------\n";
		print "\n$file_name failed.  \n\nOutput was \n\n$result\n\n";
		print "---------\n\n";
		$xenc_failure_count++;
	  }
	} else {

	  print "$file_name SKIPPED\n";
	  $xenc_skipped_count++;
	}	

  };

  print "\n\n";
  print "XENC Tests complete\n\n";
  print "Total Tests    = $total_xenc_count\n";
  print "Number Passed  = $xenc_pass_count\n";
  print "Number Skipped = $xenc_skipped_count\n";
  print "Number Failed  = $xenc_failure_count\n\n";
}

# Now the totals

my $total_count = $total_dsig_count + $total_xenc_count;
my $total_passed = $dsig_pass_count + $xenc_pass_count;
my $total_failed = $dsig_failure_count + $xenc_failure_count;
my $total_skipped = $dsig_skipped_count + $xenc_skipped_count;

print "All tests complete.\n\n";
print "Total Tests   = $total_count\n";
print "Total Passed  = $total_passed\n";
print "Total Skipped = $total_skipped\n";
print "Total Failed  = $total_failed\n\n";

# Now calculate error code
exit ($total_failed);