#!/bin/bash

# Copyright Canonical, 2013.   Author: Chad MILLER <chad.miller@canonical.com>

PATH=debian/tmp/usr/lib/chromium-browser:$PATH

set -o errexit
set -o nounset

failures=""

python3 -u -m http.server 0 >webserver-out 2>webserver-err &
webserver_pid=$!

trap "echo FAILURE" ERR
trap ":" USR1  # Clean-up after every test
trap ":" USR2  # Clean-up after every test
trap "kill -KILL ${webserver_pid} || echo No web server.; kill -USR1 $$ || echo No cleanup 1.; kill -USR2 $$ || echo No cleanup 2." EXIT

retrylimit=100
retry=0
while test "$retry" -lt "$retrylimit"; do
	retry=$(($retry + 1))
	sleep 0.1
	# "Serving HTTP on 0.0.0.0 port 49074 ..."
	grep "\\.\\.\\." webserver-out >/dev/null || continue

	webserver_port=$(head -1 webserver-out |cut -d\  -f6)
	break
done
test "$retry" -lt ${retrylimit}

mkdir profile_storage

# Now everything is set up for a series of tests.

echo -n "Test command-line URL retrieves page from server: "

# TEST one
# Create a file that our web server can read. Run chromium with that URL and
# see that the web server receives a request for that file/resource.
f=one$$.txt
echo proc$$test >$f

chromium-browser --window-size=400,200 --window-position=100,100 --user-data-dir=profile_storage http://localhost:${webserver_port}/$f >browser_stdout 2>browser_stderr &
webclient_pid=$!
trap "kill -KILL ${webclient_pid}" USR1

retrylimit=1000
retry=0
while test "$retry" -lt "$retrylimit"; do
	retry=$(($retry + 1))
	sleep 0.1
	grep $f webserver-err >/dev/null || continue
	echo okay
	break
done
#kill -USR1 $$  # cleanup
test "$retry" -lt ${retrylimit} || echo BAD
test "$retry" -lt ${retrylimit} || failures="one:serveraccess  $failures"
test "$retry" -lt ${retrylimit} || { echo "    retry $retry < limit ${retrylimit}.  web server stderr:"; cat -n webserver-err; echo "   web server stdout:"; cat -n webserver-out; }

# TEST two-a two-b
# While we have a chromium running, let's use it. Test that the processes are constrained by a sandbox.

echo -n "Test security enclosure: "
if ps h --ppid ${webclient_pid} -o label |grep _sandbox\$ >/dev/null; then
	# At least one process's security label ends with "_sandbox".

	if { ps h -p ${webclient_pid} -o label; ps h --ppid ${webclient_pid} -o label; } |grep unconfined >/dev/null; then
		# No processes created immediately by chromium are unconstrained 
		echo BAD
		failures="two-b:unconfined  $failures"
	else
		echo okay
	fi

else
	echo BAD
	echo "Expected '_sandbox' at end of ps lines."
	ps h --ppid ${webclient_pid} -o label
	failures="two-a:sandbox  $failures"
fi




# All tests are done.
#
# Report results
test -z "$failures" && touch result-success || echo "failure list:  $failures"
test -z "$failures" || exit 1
