# SPDX-FileCopyrightText: 2023 Heiko Schaefer <heiko@schaefer.name>
# SPDX-License-Identifier: CC0-1.0

FROM registry.gitlab.com/hkos/virtual-piv/pivapplet-gnupg

RUN dnf install -y expect pinentry

COPY cli/ci/gpgsm/gnupg-init-piv.sh /

COPY cli/ci/gpgsm/generate9d.exp /
COPY cli/ci/gpgsm/writecert9d.exp /
COPY cli/ci/gpgsm/certificate9c.exp /
COPY cli/ci/gpgsm/writecert9c.exp /
COPY cli/ci/gpgsm/full-gen-key.exp /
COPY cli/ci/gpgsm/disable-aead.exp /

COPY cli/ci/gpgsm/dummy-pinentry /

# Patch local copy of scdaemon to allow "writekey" command
# for non-yubikey cards (including this pivapplet)
COPY cli/ci/gpgsm/allow-writekey.patch /
RUN cd gnupg \
 && patch -p1 < /allow-writekey.patch \
 && cd scd \
 && make

# dummy pinentry that always returns "123456"
RUN chmod 0755 /dummy-pinentry \
 && echo "pinentry-program /dummy-pinentry" >> /root/.gnupg/gpg-agent.conf

# Setup for GnuPG testing
COPY cli/ci/gpgsm/gnupg-test.sh /

# Setup for testing with this crate
RUN dnf install -y git rustc cargo nettle-devel clang-devel pcsc-lite-devel

COPY . /build
WORKDIR /build
RUN cargo build

# 1. Start the virtual card

# 2. Perform GnuPG PIV initialization workflow as described on
#    https://gnupg.org/documentation/manuals/gnupg/gpg_002dcard.html

# 3. Run tests against the PIV card, using GnuPG

# 4. Run tests against the PIV card using openpgp-piv-tools

RUN cd / \
&&  sh -x /start.sh >/dev/null \
 && sh -x /gnupg-init-piv.sh \
 && sh -x /gnupg-test.sh \
 && gpg --export -a test@example.org > /tmp/test.pub \
 && gpgconf --kill scdaemon \
 && cd build \
 && cat /tmp/enc | cargo run decrypt --serial 3510058635 --cert /tmp/test.pub