package example_filesystems

// Mount example filesystems, check that the example content (normal file, symlinks)
// is there and test mkdir and rmdir
//
// Runs all the tests twice, once with "-openssl=false" and once with
// "-openssl=true".

import (
	"flag"
	"fmt"
	"os"
	"os/exec"
	"syscall"
	"testing"

	"github.com/rfjakob/gocryptfs/internal/stupidgcm"
	"github.com/rfjakob/gocryptfs/tests/test_helpers"
)

var opensslOpt string

// tmpFsPath contains a private writeable copy of the example_filesystems
// folder.
var tmpFsPath string

func TestMain(m *testing.M) {
	// Make "testing.Verbose()" return the correct value
	flag.Parse()
	variants := []string{"-openssl=false"}
	if !stupidgcm.BuiltWithoutOpenssl {
		variants = append(variants, "-openssl=true")
	} else {
		fmt.Println("Skipping OpenSSL tests, I have been compiled without openssl support")
	}
	for _, opensslOpt = range variants {
		if testing.Verbose() {
			fmt.Printf("example_filesystems: testing with %q\n", opensslOpt)
		}
		test_helpers.ResetTmpDir(false)

		// Create a private copy of the example filesystems that we can
		// mess with
		cmd := exec.Command("cp", "-a", "../example_filesystems", test_helpers.TmpDir)
		cmd.Stderr = os.Stderr
		cmd.Stdout = os.Stdout
		err := cmd.Run()
		if err != nil {
			fmt.Printf("cp -a failed: %v\n", err)
			os.Exit(1)
		}
		tmpFsPath = test_helpers.TmpDir + "/example_filesystems/"

		r := m.Run()
		if r != 0 {
			os.Exit(r)
		}
	}
	os.Exit(0)
}

// This filesystem is not supported anymore.
func TestExampleFSv04(t *testing.T) {
	cDir := "v0.4"
	pDir := test_helpers.TmpDir + "/" + cDir
	cDir = tmpFsPath + cDir
	err := test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test", opensslOpt)
	if err == nil {
		t.Errorf("Mounting too old FS should fail")
	}
}

// This filesystem is not supported anymore.
func TestExampleFSv05(t *testing.T) {
	cDir := "v0.5"
	pDir := test_helpers.TmpDir + "/" + cDir
	cDir = tmpFsPath + cDir
	err := test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test", opensslOpt)
	if err == nil {
		t.Errorf("Mounting too old FS should fail")
	}
}

// This filesystem is not supported anymore.
func TestExampleFSv06(t *testing.T) {
	cDir := "v0.6"
	pDir := test_helpers.TmpDir + "/" + cDir
	cDir = tmpFsPath + cDir
	err := test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test", opensslOpt)
	if err == nil {
		t.Errorf("Mounting too old FS should fail")
	}
}

// This filesystem is not supported anymore.
func TestExampleFSv06PlaintextNames(t *testing.T) {
	cDir := "v0.6-plaintextnames"
	pDir := test_helpers.TmpDir + "/" + cDir
	cDir = tmpFsPath + cDir
	err := test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test", opensslOpt)
	if err == nil {
		t.Errorf("Mounting too old FS should fail")
	}
}

// Test example_filesystems/v0.7
// with password mount and -masterkey mount
// v0.7 adds 128 bit GCM IVs
func TestExampleFSv07(t *testing.T) {
	cDir := "v0.7"
	pDir := test_helpers.TmpDir + "/" + cDir
	cDir = tmpFsPath + cDir
	err := os.Mkdir(pDir, 0777)
	if err != nil {
		t.Fatal(err)
	}
	test_helpers.MountOrFatal(t, cDir, pDir, "-extpass", "echo test", opensslOpt)
	checkExampleFS(t, pDir, true)
	test_helpers.UnmountPanic(pDir)
	test_helpers.MountOrFatal(t, cDir, pDir, "-masterkey",
		"ed7f6d83-40cce86c-0e7d79c2-a9438710-575221bf-30a0eb60-2821fa8f-7f3123bf",
		"-raw64=false", "-hkdf=false", opensslOpt)
	checkExampleFS(t, pDir, true)
	test_helpers.UnmountPanic(pDir)
}

// gocryptfs v0.7 filesystem created with "-plaintextnames"
func TestExampleFSv07PlaintextNames(t *testing.T) {
	cDir := "v0.7-plaintextnames"
	pDir := test_helpers.TmpDir + "/" + cDir + ".mnt"
	cDir = tmpFsPath + cDir

	test_helpers.MountOrFatal(t, cDir, pDir, "-extpass", "echo test", opensslOpt)
	checkExampleFS(t, pDir, true)
	test_helpers.UnmountPanic(pDir)
	// The actual unmount takes some time, this causes weird problems. Just don't
	// reuse the mountpoint.
	pDir = pDir + ".2"
	test_helpers.MountOrFatal(t, cDir, pDir, "-plaintextnames", "-masterkey",
		"6d96397b-585631e1-c7cba69d-61e738b6-4d5ad2c2-e21f0fb3-52f60d3a-b08526f7",
		"-raw64=false", "-hkdf=false", opensslOpt)
	checkExampleFS(t, pDir, true)
	test_helpers.UnmountPanic(pDir)
}

// Test example_filesystems/v0.9
// (gocryptfs v0.9 introduced long file name support)
func TestExampleFSv09(t *testing.T) {
	cDir := "v0.9"
	pDir := test_helpers.TmpDir + "/" + cDir
	cDir = tmpFsPath + cDir
	err := os.Mkdir(pDir, 0777)
	if err != nil {
		t.Fatal(err)
	}
	test_helpers.MountOrFatal(t, cDir, pDir, "-extpass", "echo test", opensslOpt)
	checkExampleFSLongnames(t, pDir)
	test_helpers.UnmountPanic(pDir)
	pDir = pDir + ".2"
	test_helpers.MountOrFatal(t, cDir, pDir, "-masterkey",
		"1cafe3f4-bc316466-2214c47c-ecd89bf3-4e078fe4-f5faeea7-8b7cab02-884f5e1c",
		"-raw64=false", "-hkdf=false", opensslOpt)
	checkExampleFSLongnames(t, pDir)
	test_helpers.UnmountPanic(pDir)
}

// gocryptfs v1.1 introduced AES-SIV
func TestExampleFSv11(t *testing.T) {
	cDir := "v1.1-aessiv"
	pDir := test_helpers.TmpDir + "/" + cDir
	cDir = tmpFsPath + cDir
	err := os.Mkdir(pDir, 0777)
	if err != nil {
		t.Fatal(err)
	}
	test_helpers.MountOrFatal(t, cDir, pDir, "-extpass", "echo test", opensslOpt)
	checkExampleFSLongnames(t, pDir)
	test_helpers.UnmountPanic(pDir)
	pDir = pDir + ".2"
	test_helpers.MountOrFatal(t, cDir, pDir, "-masterkey",
		"eaf371c3-f9a55336-8819f22b-7bccd7c2-a738cf61-7261c658-14c28a03-9428992b",
		"-aessiv", "-raw64=false", "-hkdf=false", opensslOpt)
	checkExampleFSLongnames(t, pDir)
	test_helpers.UnmountPanic(pDir)
}

// gocryptfs v1.1 introduced reverse mode
func TestExampleFSv11reverse(t *testing.T) {
	dirA := "v1.1-reverse"
	dirB := test_helpers.TmpDir + "/" + dirA + ".B"
	err := os.Mkdir(dirB, 0700)
	if err != nil {
		t.Fatal(err)
	}
	dirC := test_helpers.TmpDir + "/" + dirA + ".C"
	err = os.Mkdir(dirC, 0700)
	if err != nil {
		t.Fatal(err)
	}
	dirA = tmpFsPath + dirA
	test_helpers.MountOrFatal(t, dirA, dirB, "-reverse", "-extpass", "echo test", opensslOpt)
	c := dirB + "/gocryptfs.conf"
	if !test_helpers.VerifyExistence(c) {
		t.Errorf("%s missing", c)
	}
	test_helpers.MountOrFatal(t, dirB, dirC, "-extpass", "echo test", opensslOpt)
	checkExampleFSrw(t, dirC, false)
	test_helpers.UnmountPanic(dirC)
	test_helpers.UnmountPanic(dirB)

	m := "68b51855-042abd80-635ae1ba-90152a78-2ec2d243-832ac72a-eab0561a-f2d37913"
	test_helpers.MountOrFatal(t, dirA, dirB, "-reverse", "-masterkey", m,
		"-raw64=false", "-hkdf=false", opensslOpt)
	if !test_helpers.VerifyExistence(c) {
		t.Errorf("%s missing", c)
	}
	test_helpers.MountOrFatal(t, dirB, dirC, "-aessiv", "-masterkey", m,
		"-raw64=false", "-hkdf=false", opensslOpt)
	checkExampleFSrw(t, dirC, false)
	test_helpers.UnmountPanic(dirC)
	test_helpers.UnmountPanic(dirB)
}

// gocryptfs v1.1 introduced reverse mode
func TestExampleFSv11reversePlaintextnames(t *testing.T) {
	dirA := "v1.1-reverse-plaintextnames"
	dirB := test_helpers.TmpDir + "/" + dirA + ".B"
	err := os.Mkdir(dirB, 0700)
	if err != nil {
		t.Fatal(err)
	}
	dirC := test_helpers.TmpDir + "/" + dirA + ".C"
	err = os.Mkdir(dirC, 0700)
	if err != nil {
		t.Fatal(err)
	}
	dirA = tmpFsPath + dirA
	test_helpers.MountOrFatal(t, dirA, dirB, "-reverse", "-extpass", "echo test", opensslOpt)
	c := dirB + "/gocryptfs.conf"
	if !test_helpers.VerifyExistence(c) {
		t.Errorf("%s missing", c)
	}
	test_helpers.MountOrFatal(t, dirB, dirC, "-extpass", "echo test", opensslOpt)
	checkExampleFSrw(t, dirC, false)
	test_helpers.UnmountPanic(dirC)
	test_helpers.UnmountPanic(dirB)

	m := "e7fb8f0d-2a81df9e-26611e4b-5540b218-e48aa458-c2a623af-d0c82637-1466b5f2"
	test_helpers.MountOrFatal(t, dirA, dirB, "-reverse", "-masterkey", m,
		"-raw64=false", "-hkdf=false", opensslOpt)
	if !test_helpers.VerifyExistence(c) {
		t.Errorf("%s missing", c)
	}
	test_helpers.MountOrFatal(t, dirB, dirC, "-aessiv", "-masterkey", m,
		"-raw64=false", "-hkdf=false", opensslOpt)
	checkExampleFSrw(t, dirC, false)
	test_helpers.UnmountPanic(dirC)
	test_helpers.UnmountPanic(dirB)
}

// gocryptfs v1.3 introduced HKDF
func TestExampleFSv13(t *testing.T) {
	cDir := "v1.3"
	pDir := test_helpers.TmpDir + "/" + cDir
	cDir = tmpFsPath + cDir
	err := os.Mkdir(pDir, 0777)
	if err != nil {
		t.Fatal(err)
	}
	test_helpers.MountOrFatal(t, cDir, pDir, "-extpass", "echo test", opensslOpt)
	checkExampleFSLongnames(t, pDir)
	test_helpers.UnmountPanic(pDir)

	pDir = pDir + "_m"
	test_helpers.MountOrFatal(t, cDir, pDir, "-masterkey",
		"fd890dab-86bf61cf-ec5ad460-ad3ed01f-9c52d546-2a31783d-a56b088d-3d05232e",
		opensslOpt)
	checkExampleFSLongnames(t, pDir)
	test_helpers.UnmountPanic(pDir)
}

// Check that the masterkey=stdin cli option works.
func TestExampleFSv13MasterkeyStdin(t *testing.T) {
	cDir := "v1.3"
	pDir := test_helpers.TmpDir + "/TestExampleFSv13MasterkeyStdin.mnt"
	cDir = tmpFsPath + cDir
	err := os.Mkdir(pDir, 0777)
	if err != nil {
		t.Fatal(err)
	}
	args := []string{"-q", "-masterkey=stdin", opensslOpt, cDir, pDir}
	cmd := exec.Command(test_helpers.GocryptfsBinary, args...)
	cmd.Stdout = os.Stdout
	cmd.Stderr = os.Stderr
	p, err := cmd.StdinPipe()
	if err != nil {
		t.Fatal(err)
	}
	err = cmd.Start()
	if err != nil {
		t.Error(err)
	}
	// Write masterkey to stdin
	p.Write([]byte("fd890dab-86bf61cf-ec5ad460-ad3ed01f-9c52d546-2a31783d-a56b088d-3d05232e"))
	p.Close()
	err = cmd.Wait()
	if err != nil {
		t.Error(err)
	}
	// Check that the fs decrypts ok & unmount
	checkExampleFSLongnames(t, pDir)
	test_helpers.UnmountPanic(pDir)
}

// gocryptfs v1.3 introduced HKDF.
// We check the md5 sum of the encrypted version of a file to make sure we don't
// accidentally change the ciphertext generation.
// Create a full crypto round-trip by mounting two times:
// dirA -> reverse mount -> dirB -> forward mount -> dirC
func TestExampleFSv13reverse(t *testing.T) {
	var R_OK uint32 = 4
	// Prepare directories
	dirA := "v1.3-reverse"
	dirB := test_helpers.TmpDir + "/" + dirA + ".B"
	err := os.Mkdir(dirB, 0700)
	if err != nil {
		t.Fatal(err)
	}
	dirC := test_helpers.TmpDir + "/" + dirA + ".C"
	err = os.Mkdir(dirC, 0700)
	if err != nil {
		t.Fatal(err)
	}
	dirA = tmpFsPath + dirA
	// Mount using password
	test_helpers.MountOrFatal(t, dirA, dirB, "-reverse", "-extpass", "echo test", opensslOpt)
	c := dirB + "/gocryptfs.conf"
	if !test_helpers.VerifyExistence(c) {
		t.Errorf("%s missing", c)
	}
	test_helpers.MountOrFatal(t, dirB, dirC, "-extpass", "echo test", opensslOpt)
	// Test
	checkExampleFSrw(t, dirC, false)
	// Access to encrypted version of '..' should fail
	cPath := dirB + "/D8VwRPqWW8x7M5OEoMs0Eg"
	err = syscall.Access(cPath, R_OK)
	if err != syscall.ENOENT {
		t.Errorf("want ENOENT, got: %v", err)
	}
	// Access to encrypted version of '.' should fail
	cPath = dirB + "/kkmARPseVj4XQFW-EL42-w"
	err = syscall.Access(cPath, R_OK)
	if err != syscall.ENOENT {
		t.Errorf("want ENOENT, got: %v", err)
	}
	// Encrypted version of dir1/dir2/file (10000 zero bytes)
	cPath = dirB + "/zOsW1-BUX54hC2hmhu2EOw/4ZqrpGQdw5r07KR1qw2ZeQ/tfCm9Sp9J_Dvc-jD7J6p8g"
	want := "9818501d214c5eb42ca2472caf6c82a1"
	actual := test_helpers.Md5fn(cPath)
	if actual != want {
		t.Errorf("wrong md5")
	}
	// Unmount
	test_helpers.UnmountPanic(dirC)
	test_helpers.UnmountPanic(dirB)

	// Mount using masterkey
	m := "2290a7f4-3e1908fb-b006f7d9-261bdaf1-4b72bc38-3b24956c-db7d8a8d-d996076a"
	test_helpers.MountOrFatal(t, dirA, dirB, "-reverse", "-masterkey", m, opensslOpt)
	if !test_helpers.VerifyExistence(c) {
		t.Errorf("%s missing", c)
	}
	test_helpers.MountOrFatal(t, dirB, dirC, "-aessiv", "-masterkey", m, opensslOpt)
	// Test
	checkExampleFSrw(t, dirC, false)
	actual = test_helpers.Md5fn(cPath)
	if actual != want {
		t.Errorf("wrong md5")
	}
	// Unmmount
	test_helpers.UnmountPanic(dirC)
	test_helpers.UnmountPanic(dirB)
}