#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   runtest.sh of /CoreOS/lftp/Sanity/tls12
#   Description: Test TLS 1.2 support
#   Author: Martin Frodl <mfrodl@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   Copyright (c) 2016 Red Hat, Inc.
#
#   This program is free software: you can redistribute it and/or
#   modify it under the terms of the GNU General Public License as
#   published by the Free Software Foundation, either version 2 of
#   the License, or (at your option) any later version.
#
#   This program is distributed in the hope that it will be
#   useful, but WITHOUT ANY WARRANTY; without even the implied
#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
#   PURPOSE.  See the GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1

PACKAGES="lftp"

rlJournalStart
    rlPhaseStartSetup
        rlRun "rlImport distribution/epel" || rlDie
        rlRun "rlImport openssl/certgen" || rlDie
        rlAssertRpm --all

        if rlIsRHEL; then
            if rlIsRHEL '<=7'; then
                rlRun "yum -y --enablerepo epel --enablerepo epel-testing install proftpd" 0 "Install proftpd"
            else
                rlRun "yum -y --enablerepo epel --enablerepo epel-playground install proftpd" 0 "Install proftpd"
            fi
        fi

        CONF="/etc/proftpd.conf"
        rlFileBackup ${CONF}
        rlRun "cp proftpd.conf ${CONF}" 0 "Configuring FTP server"

        SYSCONF="/etc/sysconfig/proftpd"
        rlFileBackup ${SYSCONF}
        rlRun "echo 'PROFTPD_OPTIONS=\"-DANONYMOUS_FTP -DTLS\"' > ${SYSCONF}" 0 "Enabling anonymous access over TLS"

        rlRun "rlFileBackup --clean /var/ftp" 0 "Backing up FTP server contents"
        rlRun "echo 'Quack!' > /var/ftp/duck" 0 "Creating a test file on FTP server"

        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
        rlRun "cp fetch ${TmpDir}" 0 "Copying lftp script to tmp directory"
        rlRun "pushd ${TmpDir}"

        rlRun "x509KeyGen server" 0 "Generating server key pair"
        rlRun "x509KeyGen ca" 0 "Generating CA certificate"
        rlRun "x509SelfSign ca" 0 "Self-signing CA certificate"
        rlRun "x509CertSign --CA ca server" 0 "Signing server certificate"

        rlFileBackup --clean /etc/pki
        rlRun "cat $(x509Cert ca) >> /etc/pki/tls/certs/ca-bundle.crt"
        rlRun "cp $(x509Cert server) /etc/pki/tls/certs/localhost.crt"
        rlRun "cp $(x509Key server) /etc/pki/tls/private/localhost.key"

        rlRun "rlServiceStart proftpd" 0 "Starting FTP server"
    rlPhaseEnd

    rlPhaseStartTest
        rlRun -s "curl -v --ftp-ssl ftp://localhost/duck" 0 "Checking that FTP server is up and working properly"
        rlAssertGrep 'Quack!' ${rlRun_LOG}

        rlRun -s "lftp -d -f ./fetch" 0 "Downloading test file with lftp"
        rlAssertNotGrep 'A TLS packet with unexpected length was received' ${rlRun_LOG}
        rlAssertExists "duck"
        rlAssertGrep 'Quack!' "duck"
    rlPhaseEnd

    rlPhaseStartCleanup
        rlRun "rlServiceStop proftpd" 0 "Stopping FTP server"
        rlRun "x509RmAlias server"
        rlRun "x509RmAlias ca"
        rlRun "popd"
        rlRun "rm -r ${TmpDir}" 0 "Removing tmp directory"
        rlFileRestore
    rlPhaseEnd
rlJournalPrintText
rlJournalEnd