#!/usr/bin/env bash

if [ ${SWTPM_TEST_EXPENSIVE:-0} -eq 0 ]; then
	exit 77
fi

ROOT=${abs_top_builddir:-$(pwd)/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}

SWTPM_SERVER_PORT=65426
SWTPM_SERVER_NAME=127.0.0.1
SWTPM_CTRL_PORT=65427
SWTPM_INTERFACE=socket+socket

function cleanup() {
	pid=${SWTPM_PID}
	if [ -n "$pid" ]; then
		kill_quiet -9 $pid
	fi
	if [ -n ${WORKDIR} ]; then
		rm -rf ${WORKDIR}
	fi
}

trap "cleanup" EXIT

source ${TESTDIR}/common
WORKDIR=$(mktemp -d)

REGLOG=${WORKDIR}/reglog

SWTPM_SERVER_NO_DISCONNECT="1" run_swtpm ${SWTPM_INTERFACE} \
	--tpm2 \
	--tpmstate dir=${WORKDIR} \
	--flags not-need-init

pushd ${WORKDIR} &>/dev/null

git clone https://git.code.sf.net/p/ibmtpm20tss/tss ibmtpm20tss-tss

pushd ibmtpm20tss-tss &>/dev/null

git checkout tags/v1.4.0
if [ $? -ne 0 ]; then
	echo "'Git checkout' failed."
	exit 1
fi

# A v1.4.0 bug work-around:
pushd utils/regtests &>/dev/null
# We cannot run the EK certificate tests since rootcerts.txt points to
# files we do not have
sed -i "133s/./\#\0/" testcredential.sh
sed -i "134s/./\#\0/" testcredential.sh
sed -i "135s/./\#\0/" testcredential.sh
popd &>/dev/null

autoreconf --force --install
unset CFLAGS LDFLAGS LIBS
./configure --disable-tpm-1.2
make -j4

pushd utils

sed -i 's/export CRYPTOLIBRARY.*/export CRYPTOLIBRARY=openssl/' reg.sh

# Adjust test suite to TPM 2.0 revision libtpms is implementing
revision=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --info 1 |
           sed 's/.*,"revision":\([^\}]*\).*/\1/')
echo "Libtpms implements TPM 2.0 revision ${revision}."
if [ $revision -lt 155 ]; then
	echo "Removing revision 155 test cases."
	for t in regtests/testattest155.sh regtests/testx509.sh
	do
		rm "${t}"
		touch "${t}"
		chmod 777 "${t}"
	done
fi

rsa3072=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --info 4 |
          sed -n 's/.*"RSAKeySizes":\[\([0-9,]*\)\].*/\1/p' |
          grep 3072)
if [ -z "$rsa3072" ]; then
	pushd regtests &>/dev/null

	echo "Modifying test cases related to RSA 3072 keys."
	# We do not support 3072 bit RSA keys at this point, so eliminate all 3072
	# RSA key tests
	for f in initkeys.sh testrsa.sh testsign.sh; do
		sed -i "s| 3072||" "${f}"
	done

	sed -i "s| \"-rsa 3072\"||" testsalt.sh

	popd &>/dev/null
else
	echo "swptm/libtpms support RSA 3072 bit keys"
fi

export TPM_SERVER_NAME=127.0.0.1
export TPM_INTERFACE_TYPE=socsim
export TPM_COMMAND_PORT=${SWTPM_SERVER_PORT}
export TPM_PLATFORM_PORT=${SWTPM_CTRL_PORT}

export SWTPM_IOCTL

cat <<_EOF_ > powerup
#!/usr/bin/env bash
\${SWTPM_IOCTL} -i --tcp \${TPM_SERVER_NAME}:\${TPM_PLATFORM_PORT}
exit \$?
_EOF_
chmod 755 powerup

./startup
if [ $? -ne 0 ]; then
	echo "Startup of TPM2 failed"
	exit 1
fi

./reg.sh -a 2>&1 | tee ${REGLOG}

ret=0

if [ -n "$(grep -E "^ ERROR:" ${REGLOG})" ]; then
	echo "There were test failures running the IBM TSS 2 tests"
	grep -E "^ ERROR:" ${REGLOG} -B2 -A2
	ret=1
fi

# Shut down
run_swtpm_ioctl ${SWTPM_INTERFACE} -s
if [ $? -ne 0 ]; then
	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	ret=1
fi

if wait_process_gone ${SWTPM_PID} 4; then
	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	ret=1
fi

popd &>/dev/null
popd &>/dev/null
popd &>/dev/null

[ $ret -eq 0 ] && echo "OK"

exit $ret