#!/usr/bin/bash

##
#   run TLS TESTS
##

#-----------------------------------------------------------#
red() {
     echo -en "\\0033[1;31m"
     echo "$1"
     echo -en "\\0033[0;39m"
}

green() {
     echo -en "\\0033[1;32m"
     echo "$1"
     echo -en "\\0033[0;39m"

}

orange() {
     echo -en "\\0033[1;33m"
     echo "$1"
     echo -en "\\0033[0;39m"

}
#-----------------------------------------------------------#

/bin/mkdir -p cltls
echo "Preparing cltls for local home directory"

VER=$(/bin/cltls -version)
green  "Found cltls version ${VER}"
orange "You need at least cltls version 1.0 for this test"

cp /bin/cltls cltls/tls; /bin/sed -i '61s/^.*$/HOME = "home\/"/' cltls/tls

cd cltls
rm -f err log


DESC="\nCheck fingerprint authentication with SHA-1 ... "
rm -rf home; mkdir -p home/certs
cp ../fixed/senderek.ie.hash-sha1 home/certs/senderek.ie.hash
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
./tls GET senderek.ie / -debug  >> log 2>> err
RET=$?; echo "--> : $RET"  
if (( $RET == 10 )) >> log ; then green "OK failed SHA-1 fingerprint detected "; else red "FAILED [$RET]"; fi


DESC="\nCheck corrupt fingerprint ... "
echo "shit happens" > home/certs/senderek.ie.hash
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
./tls GET https://senderek.ie/ -debug  >> log 2>> err
RET=$?; echo "--> : $RET"  
if (( $RET == 10 )) >> log ; then green "OK corrupt fingerprint detected "; else red "FAILED [$RET]"; fi


DESC="\nSTORE current SHA-256 fingerprint for senderek.ie ... "
rm -f home/certs/senderek.ie.hash 
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
./tls  STORE senderek.ie -debug  >> log 2>> err
RET=$?; echo "--> : $RET"  
if (( $RET == 0 )) >> log ; then green "OK current fingerprint saved "; else red "FAILED [$RET]"; fi
ls -l home/certs


DESC="\nConnect using current fingerprint for senderek.ie ... "
rm -rf senderek.ie
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
./tls  get https://senderek.ie -debug  >> log 2>> err
RET=$?; echo "--> : $RET"  
if (( $RET == 0 )) >> log ; then green "OK connection established. "; else red "FAILED [$RET]"; fi
ls -l senderek.ie


DESC="\nCheck connection for senderek.ie without fingerprint and CA cert ... "
rm -rf senderek.ie home
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
./tls  get https://senderek.ie -debug  >> log 2>> err
RET=$?; echo "--> : $RET"  
if (( $RET == 3 )) >> log ; then green "OK untrusted connection aborted  "; else red "FAILED [$RET]"; fi


DESC="\nConnect using LE CA cert (ISRGRootX1.cert) for senderek.ie ... "
rm -rf senderek.ie home/certs/senderek.ie.*
mkdir -p home/certs/trusted
cp ../fixed/ISRGRootX1.cert home/certs/trusted
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
./tls  get https://senderek.ie -debug  >> log 2>> err
RET=$?; echo "--> : $RET"  
if (( $RET == 0 )) >> log ; then green "OK connection established. "; else red "FAILED [$RET]"; fi
ls -l senderek.ie

DESC="\nDownload the Cryptlib manual from senderek.ie ... "

echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
./tls  get https://senderek.ie/cryptlib/source/manual.pdf -debug  >> log 2>> err
RET=$?; echo "--> : $RET"  
if (( $RET == 0 )) >> log ; then green "OK connection established. "; else red "FAILED [$RET]"; fi

ls -l senderek.ie/cryptlib/source/manual.pdf
echo

orange "Redirection tests ..."

HOST="www.sap.de"
DESC="\nConnect to ${HOST} ... "
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
echo "yes" | ./tls  get https://${HOST} -debug -redirect -ask >> log 2>> err
RET=$?; echo "--> : $RET"  
if (( $RET == 6 )) >> log ; then green "OK redirection to a different server denied [$RET]"; else red "FAILED [$RET]"; fi


HOST="www.bsi.bund.de"
rm -rf ${HOST}
DESC="\nConnect to ${HOST} ... "
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
echo "yes" | ./tls  get https://${HOST} -debug -redirect -ask >> log 2>> err
RET=$?; echo "--> : $RET"  
if (( $RET == 0 )) >> log ; then green "OK redirection to ${HOST} established. "; else red "FAILED [$RET]"; fi
ls -lR ${HOST}

echo
orange "File upload tests (PUT) ..."

HOST="senderek.ie"
DESC="\nFile upload to ${HOST} ... "
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
echo "yes" | ./tls  PUT https://${HOST}/cgi-bin/echo ../fixed/meise -debug  >> log 2>> err
RET=$?; echo "--> : $RET"  
if (( $RET == 12 )) >> log ; then green "OK file upload to ${HOST} denied (not found) [$RET] "; else red "FAILED [$RET]"; fi

HOST="safewebdrop.com"
rm -rf ${HOST}
DESC="\nFile upload to ${HOST} ... "
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
echo "yes" | ./tls  PUT https://${HOST}/cgi-bin/testdrop ../fixed/meise -debug  >> log 2>> err
RET=$?; echo "--> : $RET"  
if (( $RET == 0 )) >> log ; then green "OK file upoad to ${HOST} successful "; else red "FAILED [$RET]"; fi
#ls -lR ${HOST}/cgi-bin
cat ${HOST}/cgi-bin/testdrop


HOST="microsoft.com"
DESC="\nConnect to ${HOST} ... "
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
echo "yes" | ./tls  get https://${HOST} -debug -redirect -ask >> log 2>> err
RET=$?; echo "--> : $RET"  
if (( $RET == 10 )) >> log ; then green "OK corrupt certificate detected [$RET]"; else red "FAILED [$RET]"; fi

HOST="www.microsoft.com"
echo
orange "www.microsoft.com is an alias for www.microsoft.com-c-3.edgekey.net"
DESC="\nConnect to ${HOST} ... "
echo -e "------ ${DESC}" >> log; echo -e "------ ${DESC}" >> err; echo -e ${DESC}
echo "yes" | ./tls  get https://${HOST} -debug -redirect -ask >> log 2>> err
RET=$?; echo "--> : $RET"  
if (( $RET == 0 )) >> log ; then green "OK connection to ${HOST} established."; else red "FAILED [$RET]"; fi


echo
orange "clstls tests finished."
echo

ls -l
