# #-- cookie_file.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh

first_secret=dd3bdf9344b678b185a6f5cb60fca715
second_secret=445536bcd2513298075a5d379663c962


teststep "Add first secret"
echo ">> add_cookie_secret $first_secret"
$PRE/unbound-control -c ub.conf add_cookie_secret $first_secret
# check secret is persisted
outfile=cookie_secrets.1
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
if ! grep -q "$first_secret" $outfile
then
	sleep 1
	$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "$first_secret" $outfile
then
	sleep 1
	$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "$first_secret" $outfile
then
	sleep 1
	$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "^active.*$first_secret" $outfile
then
	cat $outfile
	echo "First secret was not provisioned"
	exit 1
fi
echo ">> print_cookie_secrets"
cat $outfile


teststep "Get a valid cookie for this secret"
outfile=dig.output.1
dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=3132333435363738 > $outfile
if ! grep -q "BADCOOKIE" $outfile
then
	cat $outfile
	echo "Did not get a BADCOOKIE response for a client-only cookie"
	exit 1
fi
if ! grep -q "COOKIE: 3132333435363738" $outfile
then
	cat $outfile
	echo "Did not get a cookie in the response"
	exit 1
fi
first_cookie=$(grep "; COOKIE:" $outfile | cut -d ' ' -f 3)
cat $outfile
echo "first cookie: $first_cookie"


teststep "Verify the first cookie can be reused"
outfile=dig.output.2
dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile
if grep -q "BADCOOKIE" $outfile
then
	cat $outfile
	echo "Got BADCOOKIE response for a valid cookie"
	exit 1
fi
if ! grep -q "COOKIE: $first_cookie" $outfile
then
	cat $outfile
	echo "Did not get the same first cookie in the response"
	exit 1
fi


teststep "Add second secret"
outfile=cookie_secrets.2
echo ">> add_cookie_secret $second_secret"
$PRE/unbound-control -c ub.conf add_cookie_secret $second_secret
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
if ! grep -q "$second_secret" $outfile
then
	sleep 1
	$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "$second_secret" $outfile
then
	sleep 1
	$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "$second_secret" $outfile
then
	sleep 1
	$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "^staging.*$second_secret" $outfile \
	|| ! grep -q "^active.*$first_secret" $outfile
then
		cat $outfile
		echo "Secrets were not provisioned"
		exit 1
fi
echo ">> print_cookie_secrets"
cat $outfile
echo ">> cookie_secrets.txt"
cat cookie_secrets.txt


teststep "Verify the first cookie can be reused"
outfile=dig.output.3
dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile
if grep -q "BADCOOKIE" $outfile
then
	cat $outfile
	echo "Got BADCOOKIE response for a valid cookie"
	exit 1
fi
if ! grep -q "COOKIE: $first_cookie" $outfile
then
	cat $outfile
	echo "Did not get the same first cookie in the response"
	exit 1
fi


teststep "Secret rollover"
outfile=cookie_secrets.3
$PRE/unbound-control -c ub.conf activate_cookie_secret
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
if ! grep -q "^active.*$second_secret" $outfile
then
	sleep 1
	$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "^active.*$second_secret" $outfile
then
	sleep 1
	$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "^active.*$second_secret" $outfile
then
	sleep 1
	$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if ! grep -q "^active.*$second_secret" $outfile \
	|| ! grep -q "^staging.*$first_secret" $outfile
then
	cat $outfile
	echo "Second secret was not activated"
	exit 1
fi
echo ">> activate cookie secret, printout"
cat $outfile
echo ">> cookie_secrets.txt"
cat cookie_secrets.txt


teststep "Verify the first cookie can be reused but a new cookie is returned from the second secret"
outfile=dig.output.4
dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile
if grep -q "BADCOOKIE" $outfile
then
	cat $outfile
	echo "Got BADCOOKIE response for a valid cookie"
	exit 1
fi
if ! grep -q "COOKIE: 3132333435363738" $outfile
then
	cat $outfile
	echo "Did not get a cookie in the response"
	exit 1
fi
if grep -q "COOKIE: $first_cookie" $outfile
then
	cat $outfile
	echo "Got the same first cookie in the response while the second secret is active"
	exit 1
fi
second_cookie=$(grep "; COOKIE:" $outfile | cut -d ' ' -f 3)
cat $outfile
echo "second cookie: $second_cookie"


teststep "Drop cookie secret"
outfile=cookie_secrets.4
$PRE/unbound-control -c ub.conf drop_cookie_secret
$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
if grep -q "^staging.*$first_secret" $outfile
then
	sleep 1
	$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if grep -q "^staging.*$first_secret" $outfile
then
	sleep 1
	$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if grep -q "^staging.*$first_secret" $outfile
then
	sleep 1
	$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile
fi
if grep -q "^staging.*$first_secret" $outfile
then
	cat $outfile
	echo "First secret was not dropped"
	exit 1
fi
echo ">> drop cookie secret, printout"
cat $outfile
echo ">> cookie_secrets.txt"
cat cookie_secrets.txt


teststep "Verify the first cookie can not be reused and the second cookie is returned instead"
outfile=dig.output.4
dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile
if ! grep -q "BADCOOKIE" $outfile
then
	cat $outfile
	echo "Did not get BADCOOKIE response for an invalid cookie"
	exit 1
fi
if ! grep -q "COOKIE: 3132333435363738" $outfile
then
	cat $outfile
	echo "Did not get a cookie in the response"
	exit 1
fi
if grep -q "COOKIE: $first_cookie" $outfile
then
	cat $outfile
	echo "Got the same first cookie in the response while the second secret is active"
	exit 1
fi
if ! grep -q "COOKIE: .* (good)$" $outfile
then
	# dig can generate a different cookie value here than previous cookies.
	# but make sure the output contains a valid cookie
	cat $outfile
	echo "Did not get a valid cookie in the response"
	exit 1
fi

exit 0