#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture "i386"

buildsimplenativepackage 'apt' 'all' '1.0' 'stable'

# setup http redirecting to https
getlabelfromsuite() { echo 'Testcases'; }
setupaptarchive --no-update
changetohttpswebserver -o 'aptwebserver::support::http=false'
webserverconfig 'aptwebserver::redirect::replace::/downgrademe/' "http://localhost:${APTHTTPPORT}/"
webserverconfig 'aptwebserver::redirect::replace::/redirectme/' "https://localhost:${APTHTTPSPORT}/"
sed -i -e "s#:${APTHTTPSPORT}/#:${APTHTTPPORT}/redirectme#" -e 's# https:# http:#' rootdir/etc/apt/sources.list.d/*

testsuccess aptget update -o Debug::Acquire::http=1 -o Debug::Acquire::https=1 -o Debug::pkgAcquire::Worker=1

msgtest 'Test that the webserver does not answer' 'http requests'
downloadfile "http://localhost:${APTHTTPPORT}/pool/main/a/apt/apt_1.0/changelog" changelog >/dev/null 2>&1 && msgfail || msgpass

echo "Acquire::Changelogs::URI::Label::Testcases \"http://localhost:${APTHTTPPORT}/redirectme/pool/@CHANGEPATH@/changelog\";" > rootdir/etc/apt/apt.conf.d/changelog.conf
testsuccessequal "'http://localhost:${APTHTTPPORT}/redirectme/pool/main/a/apt/apt_1.0/changelog' apt.changelog" aptget changelog apt --print-uris

cd downloaded
testsuccess aptget changelog apt -d
testsuccess test -s apt.changelog
rm -f apt.changelog

testsuccess aptget download apt
testsuccess test -s apt_1.0_all.deb
rm apt_1.0_all.deb
cd - >/dev/null

testsuccess aptget install apt -y
testdpkginstalled 'apt'

cd downloaded
testfailureequal "E: The method 'https' is explicitly disabled via configuration.
N: If you meant to use Tor remember to use tor+https instead of https." aptget download apt -o Dir::Bin::Methods::https=false
testfailure test -e apt_1.0_all.deb
cd - >/dev/null

# check that downgrades from https to http are not allowed
webserverconfig 'aptwebserver::support::http' 'true'
sed -i -e "s#:${APTHTTPPORT}/redirectme#:${APTHTTPSPORT}/downgrademe#" -e 's# http:# https:#' rootdir/etc/apt/sources.list.d/*
testfailure aptget update --allow-insecure-repositories -o Acquire::https::Timeout=1