#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/bind/Sanity/rndc-and-pkcs11
# Description: rndc-and-pkcs11
# Author: Petr Sklenar <psklenar@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2018 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="bind"
rlJournalStart
rlPhaseStartSetup "service setup"
rlAssertRpm $PACKAGE
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlFileBackup --clean /var/lib/softhsm/tokens/*
rlFileBackup --clean /etc/rndc.key
rlPhaseEnd
rlPhaseStartSetup "PKCS11 initializatoon"
### SETUP
PIN='petr'
rlFileBackup /etc/sysconfig/named
rlFileBackup /etc/softhsm2.conf
rlFileBackup /var/lib/softhsm/tokens
export SOFTHSM2_CONF="/etc/softhsm2.conf"
export OPENSSL_FORCE_FIPS_MODE=1
echo 'OPENSSL_FORCE_FIPS_MODE=1' >> /etc/sysconfig/named
rlRun "softhsm2-util --init-token --free --label rpm --pin $PIN --so-pin $PIN"
### PERMISSIONS
TOKEN=$(ls /var/lib/softhsm/tokens)
echo $TOKEN
chgrp named -R /var/lib/softhsm/tokens
chmod g+rX -R /var/lib/softhsm/tokens
rlRun "usermod -aG ods named"
### START
rlRun "rlServiceStart named-pkcs11"
rlRun "systemctl status named-pkcs11"
###DEBUG
rlLog "SOFTHSM2_CONF=`echo $SOFTHSM2_CONF`"
rlLog "pkcs11-tokens: `pkcs11-tokens`"
rlLog "/var/lib/softhsm/tokens `ls -lad /var/lib/softhsm/tokens;ls -la /var/lib/softhsm/tokens`"
rlPhaseEnd
rlPhaseStartTest "Normal test"
rlRun "rm -rf /etc/rndc.key"
rlRun "systemctl restart named-pkcs11"
rlRun "rndc reload"
rlRun "pkcs11-tokens"
for i in `seq 1 10`;do rndc reload;done
rlLog "/etc/rndc.key `cat /etc/rndc.key`"
rlRun "rndc reload" 0
rlRun "rndc scan" 0
rlRun "rndc sync" 0
rlRun "rndc thaw" 0
rlRun "systemctl status named-pkcs11"
rlPhaseEnd
rlPhaseStartTest "Manual confgen test"
rlRun "rndc-confgen -a -A hmac-md5" 0
RETURN=0 # it depends on fips mode status
rlRun "systemctl restart named-pkcs11" 0
for i in `seq 1 10`;do rndc reload;done
rlLog "/etc/rndc.key `cat /etc/rndc.key`"
rlRun "rndc reload" $RETURN
rlRun "rndc scan" $RETURN
rlRun "rndc sync" $RETURN
rlRun "rndc thaw" $RETURN
rlRun "systemctl status named-pkcs11" 0 "named-pkcs11 should survive"
rlRun "pgrep named-pkcs11"
rlPhaseEnd
rlPhaseStartCleanup
unset OPENSSL_FORCE_FIPS_MODE
rlRun "systemctl restart named-pkcs11" 0
rlServiceRestore named-pkcs11
rm -rf /etc/softhsm2.conf /var/lib/softhsm/tokens
rlFileRestore
rlPhaseEnd
rlJournalPrintText
rlJournalEnd