#!/usr/bin/env python3
#
# Copyright (C) 2023-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import unittest

from base_accel_ppp_test import BasicAccelPPPTest
from configparser import ConfigParser
from vyos.utils.process import cmd


class TestVPNL2TPServer(BasicAccelPPPTest.TestCase):
    @classmethod
    def setUpClass(cls):
        cls._base_path = ['vpn', 'l2tp', 'remote-access']
        cls._config_file = '/run/accel-pppd/l2tp.conf'
        cls._chap_secrets = '/run/accel-pppd/l2tp.chap-secrets'
        cls._protocol_section = 'l2tp'
        # call base-classes classmethod
        super(TestVPNL2TPServer, cls).setUpClass()

    @classmethod
    def tearDownClass(cls):
        super(TestVPNL2TPServer, cls).tearDownClass()

    def basic_protocol_specific_config(self):
        pass

    def test_l2tp_server_authentication_protocols(self):
        # Test configuration of local authentication protocols
        self.basic_config()

        # explicitly test mschap-v2 - no special reason
        self.set( ['authentication', 'protocols', 'mschap-v2'])

        # commit changes
        self.cli_commit()

        # Validate configuration values
        conf = ConfigParser(allow_no_value=True)
        conf.read(self._config_file)

        self.assertEqual(conf['modules']['auth_mschap_v2'], None)

    def test_vpn_l2tp_dependence_ipsec_swanctl(self):
        # Test config vpn for tasks T3843 and T5926

        base_path = ['vpn', 'l2tp', 'remote-access']
        # make precondition
        self.cli_set(['interfaces', 'dummy', 'dum0', 'address', '203.0.113.1/32'])
        self.cli_set(['vpn', 'ipsec', 'interface', 'dum0'])

        self.cli_commit()
        # check ipsec apply to swanctl
        self.assertEqual('', cmd('echo vyos | sudo -S swanctl -L '))

        self.cli_set(base_path + ['authentication', 'local-users', 'username', 'foo', 'password', 'bar'])
        self.cli_set(base_path + ['authentication', 'mode', 'local'])
        self.cli_set(base_path + ['authentication', 'protocols', 'chap'])
        self.cli_set(base_path + ['client-ip-pool', 'first', 'range', '10.200.100.100-10.200.100.110'])
        self.cli_set(base_path + ['description', 'VPN - REMOTE'])
        self.cli_set(base_path + ['name-server', '1.1.1.1'])
        self.cli_set(base_path + ['ipsec-settings', 'authentication', 'mode', 'pre-shared-secret'])
        self.cli_set(base_path + ['ipsec-settings', 'authentication', 'pre-shared-secret', 'SeCret'])
        self.cli_set(base_path + ['ipsec-settings', 'ike-lifetime', '8600'])
        self.cli_set(base_path + ['ipsec-settings', 'lifetime', '3600'])
        self.cli_set(base_path + ['outside-address', '203.0.113.1'])
        self.cli_set(base_path + ['gateway-address', '203.0.113.1'])

        self.cli_commit()

        # check l2tp apply to swanctl
        self.assertTrue('l2tp_remote_access:' in cmd('echo vyos | sudo -S swanctl -L '))

        self.cli_delete(['vpn', 'l2tp'])
        self.cli_commit()

        # check l2tp apply to swanctl after delete config
        self.assertEqual('', cmd('echo vyos | sudo -S swanctl -L '))

        # need to correct tearDown test
        self.basic_config()
        self.cli_set(base_path + ['authentication', 'protocols', 'chap'])
        self.cli_commit()

    def test_l2tp_radius_server(self):
        base_path = ['vpn', 'l2tp', 'remote-access']
        radius_server = "192.0.2.22"
        radius_key = "secretVyOS"

        self.cli_set(base_path + ['authentication', 'mode', 'radius'])
        self.cli_set(base_path + ['gateway-address', '192.0.2.1'])
        self.cli_set(base_path + ['client-ip-pool', 'SIMPLE-POOL', 'range', '192.0.2.0/24'])
        self.cli_set(base_path + ['default-pool', 'SIMPLE-POOL'])
        self.cli_set(base_path + ['authentication', 'radius', 'server', radius_server, 'key', radius_key])
        self.cli_set(base_path + ['authentication', 'radius', 'server', radius_server, 'priority', '10'])
        self.cli_set(base_path + ['authentication', 'radius', 'server', radius_server, 'backup'])

        # commit changes
        self.cli_commit()

        # Validate configuration values
        conf = ConfigParser(allow_no_value=True)
        conf.read(self._config_file)
        server = conf["radius"]["server"].split(",")
        self.assertIn('weight=10', server)
        self.assertIn('backup', server)


if __name__ == '__main__':
    unittest.main(verbosity=2)