#!/bin/bash

# set +e
set -x

echo "Тест на применимость политики DEFAULT:PAM-GOST"

source library/sh_lib.sh

check=0

# 1. Reset policy to default
echo "Reset policy to default"
/usr/bin/update-crypto-policies --set DEFAULT
echo "---------------------------------------"

######################################
echo "Test 2. Default files test"

cat /etc/crypto-policies/back-ends/opensslcnf.config | /bin/grep gost
check=$(not_eq_is_success ${check} 0)

# файл /etc/crypto-policies/back-ends/auth.config - симлинк на пустой файл
ls -l /etc/crypto-policies/back-ends/auth.config
filename="/etc/crypto-policies/back-ends/auth.config"
filesize=$(stat -Lc%s ${filename})
if [ $filesize -eq 0 ]; then
    echo "File ${filename} length == 0 -- OK"
else
    echo "File ${filename} length == ${filesize} -- Error, should be empty"
    let check+=1
fi

# cat /etc/pam.d/password-auth | grep gost данная команда должна возвращать пустое значение и результат выполнения echo $? = 1
cat /etc/pam.d/password-auth | /bin/grep gost
check=$(not_eq_is_success ${check} 0)

# cat /etc/pam.d/system-auth | grep gost данная команда должна возвращать пустое значение и результат выполнения echo $? = 1
cat /etc/pam.d/system-auth | /bin/grep gost
check=$(not_eq_is_success ${check} 0)
echo "---------------------------------------"

######################################
echo "Test 3. Set PAM:GOST policy"

/usr/bin/update-crypto-policies --set DEFAULT:PAM-GOST
check=$(eq_is_success ${check} 0)
current_policy=$(/usr/bin/update-crypto-policies --show)
if [[ "$current_policy" == "DEFAULT:PAM-GOST" ]]; then
    echo "Current policy: ${current_policy} -- OK"
else
    echo "Current policy: ${current_policy} -- Error, should be DEFAULT:PAM-GOST"
    let check+=1
fi
echo "---------------------------------------"

######################################
echo "Test 4. Files test after set GOST policy"
cat /etc/crypto-policies/back-ends/opensslcnf.config
cat /etc/crypto-policies/back-ends/opensslcnf.config | /bin/grep gost
check=$(not_eq_is_success ${check} 0)

# файл /etc/crypto-policies/back-ends/auth.config - не пустой, его содержимое
#
#custom/minimal_gost
#with-gost
filename="/etc/crypto-policies/back-ends/auth.config"
filesize=$(stat -c%s ${filename})
if [ $filesize -eq 0 ]; then
    echo "File ${filename} length == 0 -- Error, should  not be empty"
    let check+=1
else
    echo "File ${filename} length == ${filesize} -- OK"
    cat /etc/crypto-policies/back-ends/auth.config | /bin/grep gost
    check=$(eq_is_success ${check} 0)
fi

# cat /etc/pam.d/password-auth | grep gost
# password    sufficient                                   pam_unix.so gost_yescrypt shadow nullok use_authtok
# cat /etc/pam.d/password-auth
cat /etc/pam.d/password-auth | /bin/grep gost
check=$(eq_is_success ${check} 0)

# cat /etc/pam.d/system-auth | grep gost вывод не должен быть пустым, должно выводиться:
# # cat /etc/pam.d/system-auth | grep gost
# password    sufficient                                   pam_unix.so gost_yescrypt shadow nullok use_authtok
# cat /etc/pam.d/system-auth
cat /etc/pam.d/system-auth | /bin/grep gost
check=$(eq_is_success ${check} 0)
echo "---------------------------------------"

echo "Reset policy to default"
/usr/bin/update-crypto-policies --set DEFAULT
echo "---------------------------------------"

check_test_status ${check} "$0"
exit ${check}