#! /bin/bash

#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
# 
#   http://www.apache.org/licenses/LICENSE-2.0
# 
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
#


#===============================================================================
# This test creates a federated link between two brokers using SASL security.
# The SASL mechanism used is EXTERNAL, which is satisfied by SSL
# transport-layer security.
#===============================================================================

source ./test_env.sh


# This minimum value corresponds to sasl version 2.1.22
minimum_sasl_version=131350

sasl_version=`$QPID_TEST_EXEC_DIR/sasl_version`

# This test is necessary becasue this sasl version is the first one that permits 
# redirection of the sasl config file path.
if [ "$sasl_version" -lt  "$minimum_sasl_version" ]; then
  echo "sasl_fed: must have sasl version 2.1.22 or greater.  ( Integer value: $minimum_sasl_version )  Version is: $sasl_version"
  exit 0
fi

# In a distribution, the python tools will be absent.
if [ ! -f $QPID_CONFIG_EXEC ] || [ ! -f $QPID_ROUTE_EXEC ] ; then
    echo "python tools absent - skipping sasl_fed_ex."
    exit 0
fi

CERT_DIR=`pwd`/test_cert_db
CERT_PW_FILE=`pwd`/cert.password
TEST_HOSTNAME=127.0.0.1

create_certs() {
    #create certificate and key databases with single, simple, self-signed certificate in it
    mkdir ${CERT_DIR}
    certutil -N -d ${CERT_DIR} -f ${CERT_PW_FILE}
    certutil -S -d ${CERT_DIR} -n ${TEST_HOSTNAME} -s "CN=${TEST_HOSTNAME}" -t "CT,," -x -f ${CERT_PW_FILE} -z /usr/bin/certutil 2> /dev/null
}

delete_certs() {
    if [[ -e ${CERT_DIR} ]] ;  then
        rm -rf ${CERT_DIR}
    fi
}


CERTUTIL=$(type -p certutil)
if [[ !(-x $CERTUTIL) ]] ; then
    echo "No certutil, skipping ssl test";
    exit 0;
fi

delete_certs
create_certs || error "Could not create test certificate"


sasl_config_file=$builddir/sasl_config

my_random_number=$RANDOM
tmp_root=/tmp/sasl_fed_$my_random_number
mkdir -p $tmp_root

SRC_SSL_PORT=6667
DST_SSL_PORT=6666

SRC_TCP_PORT=5801
DST_TCP_PORT=5807

SSL_LIB=../.libs/ssl.so

export QPID_SSL_CERT_NAME=${TEST_HOSTNAME}

export QPID_NO_MODULE_DIR=1
export QPID_LOAD_MODULE=$SSLCONNECTOR_LIB
export QPID_SSL_CERT_DB=${CERT_DIR}
export QPID_SSL_CERT_PASSWORD_FILE=${CERT_PW_FILE}
export QPID_SSL_CERT_NAME=${TEST_HOSTNAME}



#######################################
# Understanding this Plumbing
#######################################
#  1. when you establish the route with qpid-route,
#     here is the best termiology to use:
#
#        qpid-route route add  DST  SRC
#
#  2. DST will connect to SRC through the ssl port of SRC.
#
#  3. sender client connects to the tcp port of SRC.
#
#  4. sender specifies mechanism ANONYMOUS.
#
#  5. DST pulls messages off the temp queue on SRC to itself.
#



#echo "-----------------------"
#echo "Starting SRC broker"
#echo "-----------------------"
$QPIDD_EXEC                                  \
  --port=${SRC_TCP_PORT}                     \
  --ssl-port ${SRC_SSL_PORT}                 \
  --ssl-sasl-no-dict                         \
  --sasl-config=$sasl_config_file            \
  --ssl-require-client-authentication        \
  --auth yes                                 \
  --ssl-cert-db $CERT_DIR                    \
  --ssl-cert-password-file $CERT_PW_FILE     \
  --ssl-cert-name $TEST_HOSTNAME             \
  --no-data-dir                              \
  --no-module-dir                            \
  --load-module ${SSL_LIB}                   \
  --mgmt-enable=yes                          \
  --log-enable info+                         \
  --log-source yes                           \
  --daemon                                   \
  --log-to-file $tmp_root/qpidd_src.log 2> /dev/null


#echo "-----------------------"
#echo "Starting DST broker"
#echo "-----------------------"
$QPIDD_EXEC                                  \
  --port=${DST_TCP_PORT}                     \
  --ssl-port ${DST_SSL_PORT}                 \
  --ssl-cert-db $CERT_DIR                    \
  --ssl-cert-password-file $CERT_PW_FILE     \
  --ssl-cert-name $TEST_HOSTNAME             \
  --ssl-sasl-no-dict                         \
  --ssl-require-client-authentication        \
  --sasl-config=$sasl_config_file            \
  --no-data-dir                              \
  --no-module-dir                            \
  --load-module ${SSL_LIB}                   \
  --mgmt-enable=yes                          \
  --log-enable info+                         \
  --log-source yes                           \
  --daemon                                   \
  $COMMON_BROKER_OPTIONS                     \
  --log-to-file $tmp_root/qpidd_dst.log 2> /dev/null


# I am not randomizing these names, because this test creates its own brokers.
QUEUE_NAME=sasl_fed_queue
ROUTING_KEY=sasl_fed_queue
EXCHANGE_NAME=sasl_fedex


#echo "-----------------------"
#echo "add exchanges"
#echo "-----------------------"
$QPID_CONFIG_EXEC -a localhost:${SRC_TCP_PORT} add exchange direct $EXCHANGE_NAME
$QPID_CONFIG_EXEC -a localhost:${DST_TCP_PORT} add exchange direct $EXCHANGE_NAME


#echo "-----------------------"
#echo "add queues"
#echo "-----------------------"
$QPID_CONFIG_EXEC -a localhost:${SRC_TCP_PORT} add queue $QUEUE_NAME
$QPID_CONFIG_EXEC -a localhost:${DST_TCP_PORT} add queue $QUEUE_NAME


#echo "-----------------------"
#echo "create bindings"
#echo "-----------------------"
$QPID_CONFIG_EXEC -a localhost:${SRC_TCP_PORT} bind $EXCHANGE_NAME $QUEUE_NAME $ROUTING_KEY
$QPID_CONFIG_EXEC -a localhost:${DST_TCP_PORT} bind $EXCHANGE_NAME $QUEUE_NAME $ROUTING_KEY


#echo "-----------------------"
#echo "qpid-route route add"
#echo "-----------------------"
# NOTE: The SRC broker *must* be referred to as $TEST_HOSTNAME, and not as "localhost".
#       It must be referred to by the exact string given as the Common Name (CN) in the cert,
#       which was created in the function create_certs, above.
$QPID_ROUTE_EXEC route add localhost:${DST_TCP_PORT}   $TEST_HOSTNAME:${SRC_SSL_PORT} -t ssl $EXCHANGE_NAME $ROUTING_KEY "" "" EXTERNAL

#echo "-----------------------"
#echo "view the route :"
#echo "-----------------------"
#$PYTHON_COMMANDS/qpid-route route list localhost:${DST_TCP_PORT} 

# I don't know how to avoid this sleep yet.  It has to come after route-creation.
sleep 5

n_messages=100

./datagen --count ${n_messages} | ./sender --broker localhost --port ${SRC_TCP_PORT} --exchange ${EXCHANGE_NAME} --routing-key ${ROUTING_KEY} --mechanism ANONYMOUS


#echo "-----------------------"
#echo "Examine DST Broker"
#echo "-----------------------"
dst_message_count=`qpid-stat -q localhost:${DST_TCP_PORT} | grep sasl_fed_queue | awk '{print $2}'`


#echo "-----------------------"
#echo "Asking brokers to quit."
#echo "-----------------------"
$QPIDD_EXEC --port ${SRC_TCP_PORT} --quit
$QPIDD_EXEC --port ${DST_TCP_PORT} --quit


#echo "-----------------------"
#echo   "Removing temporary directory $tmp_root"
#echo "-----------------------"
rm -rf $tmp_root

if [ "$dst_message_count" -eq  "$n_messages" ]; then
  #echo "good: |$dst_message_count| == |$n_messages|"
  exit 0
else
   #echo "not ideal: |$dst_message_count| != |$n_messages|"
  exit 1
fi






