#!/bin/bash
# SPDX-License-Identifier: GPL-3.0+
# Copyright (C) 2024 Hannes Reinecke, SUSE Labs
#
# Create TLS-encrypted connections

. tests/nvme/rc

DESCRIPTION="Create TLS-encrypted connections"
QUICK=1

requires() {
	_nvme_requires
	_have_loop
	_have_kernel_option NVME_TCP_TLS
	_have_kernel_option NVME_TARGET_TCP_TLS
	_require_kernel_nvme_fabrics_feature tls
	_require_nvme_trtype tcp
	_require_nvme_cli_tls
	_have_libnvme_ver 1 11
	_have_systemd_tlshd_service
}

set_conditions() {
	_set_nvme_trtype "$@"
}

test() {
	echo "Running ${TEST_NAME}"

	_setup_nvmet

	local hostkey
	local ctrl

	hostkey=$(nvme gen-tls-key -n "${def_hostnqn}" -c "${def_subsysnqn}" -m 1 -I 1 -i 2> /dev/null)
	if [ -z "$hostkey" ] ; then
		echo "nvme gen-tls-key failed"
		return 1
	fi

	_systemctl_start tlshd

	_nvmet_target_setup --blkdev file --tls

	# Test unencrypted connection
	echo "Test unencrypted connection w/ tls not required"
	_nvme_connect_subsys

	ctrl=$(_find_nvme_dev "${def_subsysnqn}")
	if _nvme_ctrl_tls_key "$ctrl" > /dev/null; then
		echo "WARNING: connection is encrypted"
	fi

	_nvme_disconnect_subsys

	# Test encrypted connection
	echo "Test encrypted connection w/ tls not required"
	_nvme_connect_subsys --tls

	ctrl=$(_find_nvme_dev "${def_subsysnqn}")
	if ! _nvme_ctrl_tls_key "$ctrl" > /dev/null ; then
                echo "WARNING: connection is not encrypted"
        fi

	_nvme_disconnect_subsys

	# Reset target configuration
	_nvmet_target_cleanup

	_nvmet_target_setup --blkdev file --force-tls

	# Test unencrypted connection
	echo "Test unencrypted connection w/ tls required (should fail)"
	_nvme_connect_subsys

	_nvme_disconnect_subsys

	# Test encrypted connection
	echo "Test encrypted connection w/ tls required"
	_nvme_connect_subsys --tls

	ctrl=$(_find_nvme_dev "${def_subsysnqn}")
	if ! _nvme_ctrl_tls_key "$ctrl" > /dev/null; then
                echo "WARNING: connection is not encrypted"
        fi

	_nvme_disconnect_subsys

	_nvmet_target_cleanup

	_systemctl_stop

	echo "Test complete"
}
