#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/lftp/Sanity/tls12
# Description: Test TLS 1.2 support
# Author: Martin Frodl <mfrodl@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2016 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGES="lftp"
rlJournalStart
rlPhaseStartSetup
rlRun "rlImport --all"
rlAssertRpm 'proftpd' || rlDie "Package proftpd not installed"
rlAssertRpm $PACKAGES || rlDie "Package $PACKAGES not installed"
if rlIsRHEL '<=7'; then
rlRun "yum -y install proftpd --enablerepo \*" 0 "Install proftpd"
fi
CONF="/etc/proftpd.conf"
rlFileBackup ${CONF}
rlRun "cp proftpd.conf ${CONF}" 0 "Configuring FTP server"
SYSCONF="/etc/sysconfig/proftpd"
rlFileBackup ${SYSCONF}
rlRun "echo 'PROFTPD_OPTIONS=\"-DANONYMOUS_FTP -DTLS\"' > ${SYSCONF}" 0 "Enabling anonymous access over TLS"
rlRun "rlFileBackup --clean /var/ftp" 0 "Backing up FTP server contents"
rlRun "echo 'Quack!' > /var/ftp/duck" 0 "Creating a test file on FTP server"
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "cp fetch ${TmpDir}" 0 "Copying lftp script to tmp directory"
rlRun "pushd ${TmpDir}"
rlRun "x509KeyGen server" 0 "Generating server key pair"
rlRun "x509KeyGen ca" 0 "Generating CA certificate"
rlRun "x509SelfSign ca" 0 "Self-signing CA certificate"
rlRun "x509CertSign --CA ca server" 0 "Signing server certificate"
rlFileBackup --clean /etc/pki
rlRun "cat $(x509Cert ca) >> /etc/pki/tls/certs/ca-bundle.crt"
rlRun "cp $(x509Cert server) /etc/pki/tls/certs/localhost.crt"
rlRun "cp $(x509Key server) /etc/pki/tls/private/localhost.key"
rlRun "rlServiceStart proftpd" 0 "Starting FTP server"
rlPhaseEnd
rlPhaseStartTest
rlRun -s "curl -v --ftp-ssl ftp://localhost/duck" 0 "Checking that FTP server is up and working properly"
rlAssertGrep 'Quack!' ${rlRun_LOG}
rlRun -s "lftp -d -f ./fetch" 0 "Downloading test file with lftp"
rlAssertNotGrep 'A TLS packet with unexpected length was received' ${rlRun_LOG}
rlAssertExists "duck"
rlAssertGrep 'Quack!' "duck"
rlPhaseEnd
rlPhaseStartCleanup
rlRun "rlServiceStop proftpd" 0 "Stopping FTP server"
rlRun "x509RmAlias server"
rlRun "x509RmAlias ca"
rlRun "popd"
rlRun "rm -r ${TmpDir}" 0 "Removing tmp directory"
rlFileRestore
rlPhaseEnd
rlJournalPrintText
rlJournalEnd