#!/bin/bash
#
# Copyright (C) 2015 Red Hat, Inc.
#
# This file is part of ocserv.
#
# ocserv is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at
# your option) any later version.
#
# ocserv is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}

# Test whether DPD, keepalive per user are actually set, and whether
# the expose-iroutes option has an effect to other users.

. `dirname $0`/common.sh

eval "${GETPORT}"

echo "Testing ocserv and user route application... "

TMPFILE1=${srcdir}/test-user-config.tmp
TMPFILE2=${srcdir}/test-user-config-2.tmp

rm -f ${TMPFILE1}
rm -f ${TMPFILE2}

update_config test-user-config.config
launch_simple_server -d 3 -f -c "${CONFIG}"
PID=$!
wait_server $PID

echo -n "Connecting to obtain cookie (with certificate)... "
( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null ) ||
	fail $PID "Could not connect with certificate!"

echo ok

echo -n "Re-connecting to force script run... "
$OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >/dev/null &
kpid1=$!
echo ok

sleep 2

echo -n "Re-connecting to check the iroutes... "
$OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE1} 2>&1 &
kpid2=$!

echo ok
sleep 3

echo -n "Checking if max-same-clients is considered... "

timeout 15s $OPENCONNECT localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE2} 2>&1
if test $? = 124;then
	fail $PID "Max-same-clients directive was ignored"
fi

CONTENTS=`cat ${TMPFILE2}|grep "HTTP/1.1 401"`
if test -z "$CONTENTS";then
	cat ${TMPFILE2}
	fail $PID "Max-same-clients directive was ignored"
fi

echo ok

sleep 2

kill $kpid1
kill $kpid2

echo -n "Checking if proper dns was sent... "

CONTENTS=`cat ${TMPFILE1}|grep "X-CSTP-DNS: 8.8.8.8"`
if test -z "$CONTENTS";then
	cat ${TMPFILE1}|grep X-CSTP-DNS
	fail $PID "Expected DNS was not sent"
fi

echo ok

echo -n "Checking if routes have been sent... "

CONTENTS=`cat ${TMPFILE1}|grep X-CSTP-Split-Include|grep 192.168.1.0`
if test -z "$CONTENTS";then
	cat ${TMPFILE1}|grep X-CSTP-Split-Include
	fail $PID "Temporary file contents are not correct; iroute was not found"
fi

echo ok

echo -n "Checking if split-dns has been sent... "

CONTENTS=`cat ${TMPFILE1}|grep X-CSTP-Split-DNS|grep example6.com`
if test -z "$CONTENTS";then
	cat ${TMPFILE1}|grep X-CSTP-Split-DNS
	fail $PID "Temporary file contents are not correct; X-CSTP-Split-DNS was not found"
fi

echo ok

echo -n "Checking if split-dns has not been sent... "

cat ${TMPFILE1}|grep X-CSTP-Split-DNS|grep example.com >/dev/null
if test $? = 0;then
	cat ${TMPFILE1}|grep X-CSTP-Split-DNS
	fail $PID "Temporary file contents are not correct; X-CSTP-Split-DNS contained main config value"
fi

echo ok

echo -n "Checking if user-specific DPD has been sent... "

CONTENTS=`cat ${TMPFILE1}|grep X-DTLS-DPD|grep 880`
if test -z "$CONTENTS";then
	cat ${TMPFILE1}|grep X-DTLS-DPD
	fail $PID "Temporary file contents are not correct; dpd was not the expected (880)"
fi

echo ok

echo -n "Checking if user-specific Keep alive has been sent... "

CONTENTS=`cat ${TMPFILE1}|grep X-CSTP-Keep|grep 14400`
if test -z "$CONTENTS";then
	cat ${TMPFILE1}|grep X-CSTP-Keep
	fail $PID "Temporary file contents are not correct; keepalive was not the expected (14400)"
fi

echo ok

echo -n "Checking if user-specific hostname has been sent... "

CONTENTS=`cat ${TMPFILE1}|grep X-CSTP-Hostname|grep xxxx`
if test -z "$CONTENTS";then
	cat ${TMPFILE1}|grep X-CSTP-Hostname
	fail $PID "Temporary file contents are not correct; hostname was not the expected (xxxx)"
fi

echo ok

rm -f ${TMPFILE1}
rm -f ${TMPFILE2}

echo -n "Re-connecting to check the ipv4-network... "
$OPENCONNECT -v localhost:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-testipnet.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE1} 2>&1 & kpid3=$!

echo ok
sleep 3

CONTENTS=`cat ${TMPFILE1}|grep X-CSTP-Netmask|grep '255.255.0.0'`
if test -z "$CONTENTS";then
	cat ${TMPFILE1}|grep X-CSTP-Netmask
	fail $PID "Temporary file contents are not correct; netmask was not the expected (255.255.0.0)"
fi

CONTENTS=`cat ${TMPFILE1}|grep X-CSTP-Address|grep ' 10.9.'`
if test -z "$CONTENTS";then
	cat ${TMPFILE1}|grep X-CSTP-Address
	fail $PID "Temporary file contents are not correct; address was not the expected (10.9.)"
fi

echo -n "Checking if main config split-dns has been sent... "

cat ${TMPFILE1}|grep X-CSTP-Split-DNS|grep example.com >/dev/null
if test $? != 0;then
	cat ${TMPFILE1}|grep X-CSTP-Split-DNS
	fail $PID "Temporary file contents are not correct; X-CSTP-Split-DNS did not contain main config value"
fi

echo ok


kill $kpid3
rm -f ${TMPFILE1} ${CONFIG}
rm -f ${TMPFILE2}
kill $PID
wait

exit 0