#!/bin/bash

# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k

# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#

#   runtest.sh of /CoreOS/lftp/Sanity/tls12

#   Description: Test TLS 1.2 support

#   Author: Martin Frodl <mfrodl@redhat.com>

#

# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#

#   Copyright (c) 2016 Red Hat, Inc.

#

#   This program is free software: you can redistribute it and/or

#   modify it under the terms of the GNU General Public License as

#   published by the Free Software Foundation, either version 2 of

#   the License, or (at your option) any later version.

#

#   This program is distributed in the hope that it will be

#   useful, but WITHOUT ANY WARRANTY; without even the implied

#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR

#   PURPOSE.  See the GNU General Public License for more details.

#

#   You should have received a copy of the GNU General Public License

#   along with this program. If not, see http://www.gnu.org/licenses/.

#

# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Include Beaker environment

. /usr/share/beakerlib/beakerlib.sh || exit 1

PACKAGES="lftp"

rlJournalStart

    rlPhaseStartSetup

        rlRun "rlImport distribution/epel" || rlDie

        rlRun "rlImport openssl/certgen" || rlDie

        rlAssertRpm --all

        if rlIsRHEL; then

            if rlIsRHEL '<=7'; then

                rlRun "yum -y --enablerepo epel --enablerepo epel-testing install proftpd" 0 "Install proftpd"

            else

                rlRun "yum -y --enablerepo epel --enablerepo epel-playground install proftpd" 0 "Install proftpd"

            fi

        fi

        CONF="/etc/proftpd.conf"

        rlFileBackup ${CONF}

        rlRun "cp proftpd.conf ${CONF}" 0 "Configuring FTP server"

        SYSCONF="/etc/sysconfig/proftpd"

        rlFileBackup ${SYSCONF}

        rlRun "echo 'PROFTPD_OPTIONS=\"-DANONYMOUS_FTP -DTLS\"' > ${SYSCONF}" 0 "Enabling anonymous access over TLS"

        rlRun "rlFileBackup --clean /var/ftp" 0 "Backing up FTP server contents"

        rlRun "echo 'Quack!' > /var/ftp/duck" 0 "Creating a test file on FTP server"

        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"

        rlRun "cp fetch ${TmpDir}" 0 "Copying lftp script to tmp directory"

        rlRun "pushd ${TmpDir}"

        rlRun "x509KeyGen server" 0 "Generating server key pair"

        rlRun "x509KeyGen ca" 0 "Generating CA certificate"

        rlRun "x509SelfSign ca" 0 "Self-signing CA certificate"

        rlRun "x509CertSign --CA ca server" 0 "Signing server certificate"

        rlFileBackup --clean /etc/pki

        rlRun "cat $(x509Cert ca) >> /etc/pki/tls/certs/ca-bundle.crt"

        rlRun "cp $(x509Cert server) /etc/pki/tls/certs/localhost.crt"

        rlRun "cp $(x509Key server) /etc/pki/tls/private/localhost.key"

        rlRun "rlServiceStart proftpd" 0 "Starting FTP server"

    rlPhaseEnd

    rlPhaseStartTest

        rlRun -s "curl -v --ftp-ssl ftp://localhost/duck" 0 "Checking that FTP server is up and working properly"

        rlAssertGrep 'Quack!' ${rlRun_LOG}

        rlRun -s "lftp -d -f ./fetch" 0 "Downloading test file with lftp"

        rlAssertNotGrep 'A TLS packet with unexpected length was received' ${rlRun_LOG}

        rlAssertExists "duck"

        rlAssertGrep 'Quack!' "duck"

    rlPhaseEnd

    rlPhaseStartCleanup

        rlRun "rlServiceStop proftpd" 0 "Stopping FTP server"

        rlRun "x509RmAlias server"

        rlRun "x509RmAlias ca"

        rlRun "popd"

        rlRun "rm -r ${TmpDir}" 0 "Removing tmp directory"

        rlFileRestore

    rlPhaseEnd

rlJournalPrintText

rlJournalEnd