#!/bin/sh
# PCP QA Test No. 966
# Test pmcd startup with secure connections misconfigured.
#
# Copyright (c) 2014,2022 Red Hat.
#

seq=`basename $0`
echo "QA output created by $seq"

. ./common.secure

_check_tls

_cleanup()
{
    _restore_config $PCP_TLSCONF_PATH
    unset PCP_SECURE_SOCKETS

    _service pmcd restart 2>&1 | _filter_pcp_restart
    _wait_for_pmcd
    _restore_auto_restart pmcd
    _service pmlogger restart 2>&1 | _filter_pcp_restart
    _wait_for_pmlogger
    _restore_auto_restart pmlogger

    $sudo rm -rf $tmp.*
}

status=1	# failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15

_save_config $PCP_TLSCONF_PATH
_stop_auto_restart pmcd
_stop_auto_restart pmlogger
if ! _service pmlogger stop 2>&1; then _exit 1; fi \
| _filter_pcp_stop
_wait_pmlogger_end || _exit 1
if ! _service pmcd stop 2>&1; then _exit 1; fi \
| _filter_pcp_stop
_wait_pmcd_end || _exit 1

_filter_tls()
{
    sed \
	-e 's/value [0-9][0-9]*/value NUMBER/' \
	-e '/pminfo([0-9][0-9]*)/s//pminfo(PID)/' \
	-e "s/host \"$hostname\"/host LOCALHOST/g" \
	-e 's/^\[[A-Z].. [A-Z]..  *[0-9][0-9]* ..:..:..]/[DATE]/' \
    #end
}

# real QA test starts here
_setup_tls

if ! _service pmcd start || ! _wait_for_pmcd
then
    echo "--- cert & key files and sum by user $PCP_USER"
    for file in $tmp.tls/*
    do
	ls -l $file
	sudo -u $PCP_USER sum $file
    done
    echo "--- openssl.log from key & cert setup"
    cat $tmp.tls/openssl.log
    _exit 1
fi | _filter_pcp_start

echo
echo "checking client, secure connection.  should pass..." | tee -a $seq_full
export PCP_SECURE_SOCKETS=1
yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq_full | _filter_tls

# verify that pmcd still starts and accepts insecure connections
# when the TLS configuration is corrupted / partially missing.
#
echo
echo "checking client, bad secure config.  should fail..." | tee -a $seq_full
cp $PCP_TLSCONF_PATH $tmp.tls.conf
sed -i -e 's,^tls-cert-file = .*,tls-cert-file = /dev/null,g' $tmp.tls.conf
$sudo cp $tmp.tls.conf $PCP_TLSCONF_PATH
yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq_full | _filter_tls

echo
echo "checking client, insecure connection.  should pass..."
unset PCP_SECURE_SOCKETS
yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq_full | _filter_tls

echo
echo "checking client, connecting via 'local:'.  should pass..."
unset PCP_SECURE_SOCKETS
yes | pminfo -h local: -f hinv.ncpu 2>&1 | tee -a $seq_full | _filter_tls

# success, all done
status=0
exit
