# file      : tests/rep-auth.testscript
# license   : MIT; see accompanying LICENSE file

.include common.testscript auth.testscript config.testscript remote.testscript

# There is no rep-auth command, and this testscript contains tests for various
# authentication scenarios throughout different stages of repositories
# preparation and consumption. Note that by that reason usage of $* is
# meaningless.
#

# Source repository:
#
# rep-auth
# |-- expired
# |   |-- foo-1.tar.gz
# |   |-- packages.manifest
# |   |-- repositories.manifest
# |   `-- signature.manifest
# `-- unsigned
#     |-- foo-1.tar.gz
#     `-- repositories.manifest

# Prepare repositories used by tests if running in the local mode.
#
+if! $remote
  rc = [cmdline] $rep_create 2>!

  # Create the 'unsigned1' repository.
  #
  cp -r $src/unsigned $out/unsigned1
  $rc $out/unsigned1 &$out/unsigned1/packages.manifest

  # Create the 'unsigned2' repository. This is a copy of the just created
  # 'unsigned1' repository.
  #
  cp -r $out/unsigned1 $out/unsigned2

  # Create the 'signed' repository.
  #
  cp -r $src/unsigned $out/signed
  cat <<<$cert_manifest >+$out/signed/repositories.manifest

  $rc --key $key $out/signed &$out/signed/packages.manifest \
                             &$out/signed/signature.manifest

  # Create the 'self-match' repository. Note that its certificate name is
  # the '*build2.org' wildcard (matches build2.org and any single-level
  # subdomain).
  #
  cp -r $src/unsigned $out/self-match

  echo 'certificate:\'                 >+$out/self-match/repositories.manifest
  cat  <<<$src_base/auth/self-cert.pem >+$out/self-match/repositories.manifest
  echo '\'                             >+$out/self-match/repositories.manifest

  $rc --key $key $out/self-match &$out/self-match/packages.manifest \
                                 &$out/self-match/signature.manifest

  # Create the 'self-any-match' repository. Note that its certificate name is
  # the '**build2.org' wildcard (matches build2.org and any subdomain).
  #
  cp -r $src/unsigned $out/self-any-match

  echo 'certificate:\'                     >+$out/self-any-match/repositories.manifest
  cat  <<<$src_base/auth/self-any-cert.pem >+$out/self-any-match/repositories.manifest
  echo '\'                                 >+$out/self-any-match/repositories.manifest

  $rc --key $key $out/self-any-match &$out/self-any-match/packages.manifest \
                                     &$out/self-any-match/signature.manifest

  # Create the 'subdomain-match' repository. Note that its certificate name is
  # the '*.build2.org' wildcard (matches any single-level subdomain of
  # build2.org).
  #
  cp -r $src/unsigned $out/subdomain-match

  echo 'certificate:\'                      >+$out/subdomain-match/repositories.manifest
  cat  <<<$src_base/auth/subdomain-cert.pem >+$out/subdomain-match/repositories.manifest
  echo '\'                                  >+$out/subdomain-match/repositories.manifest

  $rc --key $key $out/subdomain-match &$out/subdomain-match/packages.manifest \
                                      &$out/subdomain-match/signature.manifest

  # Create the 'name-mismatch' repository. Note that its certificate name
  # mismatches the repository location.
  #
  cp -r $src/unsigned $out/name-mismatch

  echo 'certificate:\'                     >+$out/name-mismatch/repositories.manifest
  cat  <<<$src_base/auth/mismatch-cert.pem >+$out/name-mismatch/repositories.manifest
  echo '\'                                 >+$out/name-mismatch/repositories.manifest

  $rc --key $key $out/name-mismatch &$out/name-mismatch/packages.manifest \
                                    &$out/name-mismatch/signature.manifest

  # Create the 'expired' repository. This repository is "pre-created" and its
  # certificate is expired by now. So we just copy it from the source
  # directory.
  #
  cp -r $src/expired $out/expired

  # Create the 'sha256sum-mismatch' repository. This is a copy of the just
  # created 'signed' repository that has the sha256sum manifest value tampered.
  #
  cp -r $out/signed $out/sha256sum-mismatch

  v = 'd374c59b36fdbdbd0d4468665061d94fda9c6c687863dfe72b0bcc34ff9d5fb4'

  sed -i -e "s/^\(sha256sum: \).*\$/\\1$v/" \
      $out/sha256sum-mismatch/signature.manifest

  # Create the 'signature-mismatch' repository. This is a copy of the just
  # created 'signed' repository that has the signature manifest value tampered.
  #
  cp -r $out/signed $out/signature-mismatch

  # Here we tamper the last signature line (the one of 76 chars length, without
  # spaces and terminated with '=').
  #
  v = 'mnBAsS529NUdNIQy8EB4si/UK26ICaMywbLeHDVvWOB+AsqZ5rj8VjGDamLbmUrDr3ru7BU1gJU='
  sed -i -e "s%^[^ ]{75}=\$%$v%" $out/signature-mismatch/signature.manifest
end

pkg_status += -d cfg
rep_add    += -d cfg 2>!
rep_fetch  += -d cfg

# Check if rep-fetch command was successfull or not.
#
fetched     = [cmdline] $pkg_status foo >'foo available 1'
not_fetched = [cmdline] $pkg_status foo >'foo unknown'

sc = " " # Space character to append to here-document line when required.

: no-auth
:
: Test that local repositories do not require authentication by default.
:
{
  r = 1/signed
  +mkdir 1/
  +cp -r $src/unsigned $r
  +cat <<<$cert_manifest >+$r/repositories.manifest
  +$rep_create --key $key $r &$r/packages.manifest &$r/signature.manifest 2>!

  : rep-fetch
  :
  {
    $clone_root_cfg && $rep_add ../$r;

    $rep_fetch 2>>/~%EOE%
      %fetching .+/no-auth/signed%
      1 package(s) in 1 repository(s)
      EOE
  }

  : rep-info
  :
  $clone_root_cfg;
  $rep_info --cert-name ../$r >'name:build2.org'
}

: signed
:
{
  : rep-fetch
  :
  {
    +$clone_root_cfg && $rep_add $rep/signed
    rep_fetch += --auth all &?cfg/.bpkg/certs/**

    : no-auth
    :
    {
      $clone_cfg;

      $rep_fetch 2>>"EOE" != 0;
        fetching pkg:build2.org/rep-auth/signed
        warning: authenticity of the certificate for repository pkg:build2.org/rep-auth/signed cannot be established
        certificate is for build2.org, "Code Synthesis" <info@build2.org>
        certificate SHA256 fingerprint:
        $cert_fp
        trust this certificate? [y/n]$sc
        error: unable to read y/n answer from stdin
        EOE

      $not_fetched
    }

    : trust-fp
    :
    {
      $clone_cfg;

      $rep_fetch --trust $cert_fp 2>>EOE;
        fetching pkg:build2.org/rep-auth/signed
        1 package(s) in 1 repository(s)
        EOE

      $fetched
    }

    : trust-fp-no
    :
    {
      $clone_cfg;

      $rep_fetch --trust-no --trust $cert_fp 2>>EOE;
        fetching pkg:build2.org/rep-auth/signed
        1 package(s) in 1 repository(s)
        EOE

      $fetched
    }

    : trust-yes
    :
    {
      $clone_cfg;

      $rep_fetch --trust-yes 2>>EOE;
        fetching pkg:build2.org/rep-auth/signed
        1 package(s) in 1 repository(s)
        EOE

      $fetched
    }

    : trust-no
    :
    {
      $clone_cfg;

      $rep_fetch --trust-no 2>>EOE != 0;
        fetching pkg:build2.org/rep-auth/signed
        error: authenticity of the certificate for repository pkg:build2.org/rep-auth/signed cannot be established
        EOE

      $not_fetched
    }

    : trust-yes-no
    :
    {
      $clone_cfg;

      $rep_fetch --trust-yes --trust-no 2>>EOE != 0;
        fetching pkg:build2.org/rep-auth/signed
        error: --trust-yes and --trust-no are mutually exclusive
        EOE

      $not_fetched
    }

    : already-trusted
    :
    {
      $clone_cfg;

      $rep_fetch --trust-yes 2>>EOE;
        fetching pkg:build2.org/rep-auth/signed
        1 package(s) in 1 repository(s)
        EOE

      $rep_fetch 2>>EOE;
        fetching pkg:build2.org/rep-auth/signed
        1 package(s) in 1 repository(s)
        EOE

      $fetched;

      $rep_fetch --trust-no 2>>EOE;
        fetching pkg:build2.org/rep-auth/signed
        1 package(s) in 1 repository(s)
        EOE

      $fetched
    }
  }

  : rep-info
  :
  {
    rep_info += --cert-name --auth all $rep/signed

    : no-auth
    :
    $rep_info 2>>"EOE" != 0
      warning: authenticity of the certificate for repository pkg:build2.org/rep-auth/signed cannot be established
      certificate is for build2.org, "Code Synthesis" <info@build2.org>
      certificate SHA256 fingerprint:
      $cert_fp
      trust this certificate? [y/n]$sc
      error: unable to read y/n answer from stdin
      EOE

    : trust-fp
    :
    $rep_info --trust $cert_fp >'name:build2.org'

    : trust-yes
    :
    $rep_info --trust-yes >'name:build2.org'

    : trust-no
    :
    $rep_info --trust-no 2>>EOE != 0
      error: authenticity of the certificate for repository pkg:build2.org/rep-auth/signed cannot be established
      EOE

    : already-trusted
    :
    {
      $clone_root_cfg;
      rep_info += -d cfg;

      $rep_info --trust "$cert_fp" &cfg/.bpkg/certs/** >>EOO;
        name:build2.org
        EOO

      $rep_info >'name:build2.org'
    }
  }

  : subdomain-wildcard
  :
  {
    rep_info += --auth all --trust-yes --cert-name

    : self
    :
    {
      : exact
      :
      $rep_info $rep/self-match >'name:*build2.org'

      : subdomain
      :
      if! $remote
      {
        : first-level
        :
        {
          r = $canonicalize([dir_path] $~/pkg/1/a.build2.org/);
          mkdir -p $r;
          cp -r $rep/self-match $r;

          $rep_info $r/self-match >'name:*build2.org'
        }

        : second-level
        :
        {
          r = $canonicalize([dir_path] $~/pkg/1/b.a.build2.org/);
          mkdir -p $r;
          cp -r $rep/self-match $r;

          $rep_info $r/self-match 2>>EOE != 0
            error: certificate name mismatch for repository pkg:b.a.build2.org/self-match
              info: certificate name is *build2.org
            EOE
        }
      }
    }

    : self-any
    :
    {
      : exact
      :
      $rep_info $rep/self-any-match >'name:**build2.org'

      : subdomain
      :
      if! $remote
      {
        : first-level
        :
        {
          r = $canonicalize([dir_path] $~/pkg/1/a.build2.org/);
          mkdir -p $r;
          cp -r $rep/self-any-match $r;

          $rep_info $r/self-any-match >'name:**build2.org'
        }

        : second-level
        :
        {
          r = $canonicalize([dir_path] $~/pkg/1/b.a.build2.org/);
          mkdir -p $r;
          cp -r $rep/self-any-match $r;

          $rep_info $r/self-any-match >'name:**build2.org'
        }
      }
    }

    : subdomain
    :
    {
      : exact
      :
      $rep_info $rep/subdomain-match 2>>EOE != 0
        error: certificate name mismatch for repository pkg:build2.org/rep-auth/subdomain-match
          info: certificate name is *.build2.org
        EOE

      : subdomain
      :
      if! $remote
      {
        : first-level
        :
        {
          r = $canonicalize([dir_path] $~/pkg/1/a.build2.org/);
          mkdir -p $r;
          cp -r $rep/subdomain-match $r;

          $rep_info $r/subdomain-match >'name:*.build2.org'
        }

        : second-level
        :
        {
          r = $canonicalize([dir_path] $~/pkg/1/b.a.build2.org/);
          mkdir -p $r;
          cp -r $rep/subdomain-match $r;

          $rep_info $r/subdomain-match 2>>EOE != 0
            error: certificate name mismatch for repository pkg:b.a.build2.org/subdomain-match
              info: certificate name is *.build2.org
            EOE
        }
      }
    }
  }
}

: unsigned
:
{
  : rep-fetch
  :
  {
    +$clone_root_cfg && $rep_add $rep/unsigned1
    rep_fetch += --auth all

    : no-auth
    :
    {
      $clone_cfg;

      $rep_fetch 2>>~%EOE% != 0;
        fetching pkg:build2.org/rep-auth/unsigned1
        warning: repository pkg:build2.org/rep-auth/unsigned1 is unsigned
        %continue without authenticating repositories at .+\? \[y/n\] %
        error: unable to read y/n answer from stdin
        EOE

      $not_fetched
    }

    : trust-yes
    :
    {
      $clone_cfg;

      $rep_fetch --trust-yes 2>>EOE;
        fetching pkg:build2.org/rep-auth/unsigned1
        1 package(s) in 1 repository(s)
        EOE

      $fetched
    }

    : trust-no
    :
    {
      $clone_cfg;

      $rep_fetch --trust-no 2>>EOE != 0;
        fetching pkg:build2.org/rep-auth/unsigned1
        error: repository pkg:build2.org/rep-auth/unsigned1 is unsigned
        EOE

      $not_fetched
    }

    : already-trusted
    :
    {
      $clone_cfg;

      $rep_fetch --trust-yes 2>>EOE;
        fetching pkg:build2.org/rep-auth/unsigned1
        1 package(s) in 1 repository(s)
        EOE

      $rep_fetch 2>>EOE;
        fetching pkg:build2.org/rep-auth/unsigned1
        1 package(s) in 1 repository(s)
        EOE

      $fetched;

      $rep_fetch --trust-no 2>>EOE;
        fetching pkg:build2.org/rep-auth/unsigned1
        1 package(s) in 1 repository(s)
        EOE

      $fetched;

      $rep_add $rep/unsigned2;

      $rep_fetch 2>>EOE;
        fetching pkg:build2.org/rep-auth/unsigned1
        fetching pkg:build2.org/rep-auth/unsigned2
        1 package(s) in 2 repository(s)
        EOE

      $fetched
    }
  }

  : rep-info
  :
  {
    rep_info += --name --auth all $rep/unsigned1

    : no-auth
    :
    $rep_info 2>>~%EOE% != 0
      warning: repository pkg:build2.org/rep-auth/unsigned1 is unsigned
      %continue without authenticating repositories at .+\? \[y/n\] %
      error: unable to read y/n answer from stdin
      EOE

    : trust-yes
    :
    $rep_info --trust-yes >>"EOO"
      pkg:build2.org/rep-auth/unsigned1 ($rep/unsigned1)
      EOO

    : trust-no
    :
    $rep_info --trust-no 2>>EOE != 0
      error: repository pkg:build2.org/rep-auth/unsigned1 is unsigned
      EOE

    : already-trusted
    :
    {
      $clone_root_cfg;
      rep_info += -d cfg;

      $rep_info --trust-yes >>"EOO";
        pkg:build2.org/rep-auth/unsigned1 ($rep/unsigned1)
        EOO
      $rep_info >>"EOO"
        pkg:build2.org/rep-auth/unsigned1 ($rep/unsigned1)
        EOO
    }
  }
}

: faulty
:
{
  rep_info += --auth all --trust-yes

  : name-mismatch
  :
  $rep_info $rep/name-mismatch 2>>EOE != 0
    error: certificate name mismatch for repository pkg:build2.org/rep-auth/name-mismatch
      info: certificate name is build2.org/mismatched/name
    EOE

  : expired
  :
  $rep_info $rep/expired 2>>EOE != 0
    error: certificate for repository pkg:build2.org/rep-auth/expired has expired
    EOE

  : sha256sum-mismatch
  :
  $rep_info $rep/sha256sum-mismatch 2>>EOE != 0
    error: packages manifest file checksum mismatch for pkg:build2.org/rep-auth/sha256sum-mismatch
      info: try again
    EOE

  : signature-mismatch
  :
  $rep_info $rep/signature-mismatch 2>>~%EOE% != 0
    %.*
    %error: unable to authenticate repository pkg:build2.org/rep-auth/signature-mismatch: .*%
    EOE

  : create-rep
  :
  {
    : no-email
    :
    {
      cp -r $src/unsigned rep;

      echo 'certificate:\'                    >+rep/repositories.manifest;
      cat  <<<$src_base/auth/noemail-cert.pem >+rep/repositories.manifest;
      echo '\'                                >+rep/repositories.manifest;

      $rep_create --key $key rep &rep/packages.manifest 2>>/EOE != 0
        added foo 1
        error: invalid certificate for rep/: no email
        EOE
    }

    : expired
    :
    {
      cp -r $src/unsigned rep;

      echo 'certificate:\'                    >+rep/repositories.manifest;
      cat  <<<$src_base/auth/expired-cert.pem >+rep/repositories.manifest;
      echo '\'                                >+rep/repositories.manifest;

      $rep_create --key $key rep &rep/packages.manifest 2>>/EOE != 0
        added foo 1
        error: certificate for repository rep/ has expired
        EOE
    }
  }
}