#!/bin/bash
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   File:   ./tests/Sanity/basic-sanity/runtest.sh
#   Author: Jan Blazek <jblazek@redhat.com>
#           Jiri Kucera <jkucera@redhat.com>
#   Brief:  Basic sanity test for volume_key utility
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   Copyright (c) 2017-2020 Red Hat, Inc.
#
#   This program is free software: you can redistribute it and/or
#   modify it under the terms of the GNU General Public License as
#   published by the Free Software Foundation, either version 2 of
#   the License, or (at your option) any later version.
#
#   This program is distributed in the hope that it will be
#   useful, but WITHOUT ANY WARRANTY; without even the implied
#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
#   PURPOSE.  See the GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

_TESTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"

# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1

# Include utils
. ${_TESTDIR}/../../utils/utils.sh || {
  echo "${_TESTDIR}/../../utils/utils.sh cannot be included." >&2
  exit 1
}

# Include test settings:
. ${_TESTDIR}/../../settings/environment.sh || {
  errmsg "${_TESTDIR}/../../settings/environment.sh cannot be included."
  exit 1
}

PACKAGES="${PACKAGES:-volume_key}"
REQUIRES="${REQUIRES:-cryptsetup nss-tools expect tcllib}"

_GNUPG_DIR="${HOME}/.gnupg"
_IMAGE="image"
_IMAGE_IMG="${_IMAGE}.img"
_PACKET="packet"
_NEW_PACKET="new-packet"
_PACKET_ASYM="packet-asym"
_NEW_PACKET_ASYM="new-packet-asym"
_ESCROW="escrow"
_ESCROW_KEY="${_ESCROW}.key"
_ESCROW_CERT="${_ESCROW}.cert"
_ESCROW_PEM="${_ESCROW}.pem"
_ESCROW_P12="${_ESCROW}.p12"
_NSSDB="nssdb"

_LUKS_PASS="lukspass"
_PACKET_PASS="packetpass"
_NEW_PACKET_PASS="newpacketpass"
_CERT_PASS="certpass"
_NEW_LUKS_PASS="newlukspass"
_NEW_LUKS_PASS_ASYM="newlukspass-asym"

_TEMP_DIR=""
_VOLUME=""

# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~ Setup
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

function Setup() {
  LANG=C
  LC_ALL=C

  rlAssertRpm --all || return $?

  if [[ -d "${_GNUPG_DIR}" ]]; then
    rlFileBackup "${_GNUPG_DIR}" || return $?
    AtCleanup rlFileRestore
  else
    AtCleanup Cleanup_RemoveGnuPG
  fi

  rlRun CreateTemporaryDirectory || return $?
  _TEMP_DIR="${Result}"
  AtCleanup Cleanup_RemoveTemporaryDirectory

  PushDir "${_TEMP_DIR}" || return $?
  AtCleanup PopDir

  CreateEncryptedVolume \
    --image "${_IMAGE_IMG}" \
    --password "${_LUKS_PASS}" \
    ${USE_LOSETUP:+--with-losetup} \
  || return $?
  _VOLUME="${Result}"
  AtCleanup Cleanup_DestroyVolume

  CreateCertificate --name "${_ESCROW}" || return $?

  SetupNSSDatabase --dest "${_TEMP_DIR}/${_NSSDB}" \
    --cert-name "${_ESCROW}" --password "${_CERT_PASS}"
}

# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~ Cleanup
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

function Cleanup_RemoveGnuPG() {
  RunCmd rm -rfv "${_GNUPG_DIR}"
}

function Cleanup_RemoveTemporaryDirectory() {
  RunCmd rm -rfv "${_TEMP_DIR}"
}

function Cleanup_DestroyVolume() {
  if [[ "${USE_LOSETUP:+yes}" == "yes" ]]; then
    RunCmd losetup -d "${_VOLUME}"
  fi
}

# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~ Tests
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

function TestVolumeKeySave() {
  RunCmdX 0 \
    "volume_key --save ${_VOLUME} --output-format=passphrase -o ${_PACKET}" \
    ${SCRIPTDIR}/volume_key.exp -- \
    --password1 "${_LUKS_PASS}" --password2 "${_PACKET_PASS}" \
        ${USING_PINENTRY:+--pinentry} -- \
    --save "${_VOLUME}" --output-format=passphrase -o "${_PACKET}"
}
AddTest TestVolumeKeySave "save"

function TestVolumeKeyRestore() {
  ClearGpgAgentsCache
  RunCmdX 0 "volume_key --restore ${_VOLUME} ${_PACKET}" \
    ${SCRIPTDIR}/volume_key.exp -- \
    --password1 "${_PACKET_PASS}" --password2 "${_NEW_LUKS_PASS}" \
        ${USING_PINENTRY:+--pinentry} -- \
    --restore "${_VOLUME}" "${_PACKET}" \
  || return $?

  RunCmdX 0 "cryptsetup luksOpen ${_VOLUME} ${_IMAGE}" \
    ${SCRIPTDIR}/cryptsetup.exp -- --password "${_NEW_LUKS_PASS}" -- \
      luksOpen "${_VOLUME}" "${_IMAGE}" \
  || return $?

  RunCmd ls -la /dev/mapper
  rlAssertExists "/dev/mapper/${_IMAGE}"

  RunCmd cryptsetup luksClose "${_IMAGE}"
}
AddTest TestVolumeKeyRestore "restore"

RunTest