#!/bin/sh
# 20181028
# Jan Mojzis
# Public domain.

# change directory to $AUTOPKGTEST_TMP
cd "${AUTOPKGTEST_TMP}"

# we need tools from /usr/sbin
PATH="/usr/sbin:${PATH}"
export PATH

# backup ~/.ssh
rm -rf ~/.ssh.tinysshtest.bk
[ -d ~/.ssh ] && mv ~/.ssh ~/.ssh.tinysshtest.bk
mkdir -p ~/.ssh
chmod 700 ~/.ssh

# run tinysshd on port 10000
rm -rf sshkeydir
tinysshd-makekey -q sshkeydir
tcpserver -HRDl0 127.0.0.1 10000 tinysshd -- sshkeydir &
tcpserverpid=$!

cleanup() {
  ex=$?
  rm -rf ~/.ssh sshkeydir
  [ -d ~/.ssh.tinysshtest.bk ] && mv ~/.ssh.tinysshtest.bk ~/.ssh
  #kill tcpserver
  kill -TERM "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
  kill -KILL "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
  exit "${ex}"
}
trap "cleanup" EXIT TERM INT

# create authorization keys
ssh-keygen -t ed25519 -q -N '' -f ~/.ssh/id_ed25519 || exit 2

KEYTYPE=`cut -d ' ' -f1 < ~/.ssh/id_ed25519.pub`
KEY=`cut -d ' ' -f2 < ~/.ssh/id_ed25519.pub`
REST=`cut -d ' ' -f3- < ~/.ssh/id_ed25519.pub`

# now create malformed lines in authorization_keys
# login MUST FAIL
(
  #extra space before key-type
  echo " ${KEYTYPE} ${KEY} ${REST}"
  #extra space after key-type
  echo "${KEYTYPE}  ${KEY} ${REST}"
  #extra character before key-type
  echo "a${KEYTYPE} ${KEY} ${REST}"
  #extra character after key-type
  echo "${KEYTYPE}a ${KEY} ${REST}"
  #extra character before key
  echo "${KEYTYPE} a${KEY} ${REST}"
  #extra character after key
  echo "${KEYTYPE} ${KEY}a ${REST}"
) > ~/.ssh/authorized_keys
(
  echo "malformed authorization_keys:"
  cat ~/.ssh/authorized_keys >&2
  echo
) >&2

ssh -o StrictHostKeyChecking=no -p 10000 127.0.0.1 'exit 0'
exitcode=$?
if [ "${exitcode}" -eq 0 ]; then
  echo "ssh 127.0.0.1:10000 login using malformed authorized_keys succeeded, too bad" >&2
  exit 3
else
  echo "ssh 127.0.0.1:10000 login using malformed authorized_keys failed, this is correct behavior" >&2
fi

# now add correct line to authorized_keys
echo "${KEYTYPE} ${KEY}" >> ~/.ssh/authorized_keys

ssh -o StrictHostKeyChecking=no -p 10000 127.0.0.1 'exit 0'
exitcode=$?
if [ ! "${exitcode}" -eq 0 ]; then
  echo "ssh 127.0.0.1:10000 login using correct authorized_keys failed, too bad" >&2
  exit 4
else
  echo "ssh 127.0.0.1:10000 login using correct authorized_keys succeeded, this is correct behavior" >&2
fi

exit 0
