#!/bin/sh
# 20210123
# Jan Mojzis
# Public domain.

set -e

umask 077

dir=`dirname "$0"`

# change directory to $AUTOPKGTEST_TMP
cd "${AUTOPKGTEST_TMP}"

# run tlswrapper port 10000
tcpserver -HRDl0 127.0.0.1 10000 \
sh -c '
  exec 2>tlswrapper.log
  exec tlswrapper -vv -d `pwd`/rsa -d `pwd`/ec cat data.in
' &
tcpserverpid=$!

cleanup() {
  ex=$?
  #kill tcpserver
  kill -TERM "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
  kill -KILL "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
  if [ ${ex} -gt 0 ]; then
    (
      echo "tlswrapper.log:"
      cat tlswrapper.log
      echo "openssl.log:"
      cat openssl.log
    ) >&2
  fi
  rm -rf ec rsa data.in data.out openssl.log tlswrapper.log
  exit "${ex}"
}
trap "cleanup" EXIT TERM INT

# create CA
"${dir}/ca.sh" ec prime256v1 >ca.pem

# create ECDSA and RSA certdir
mkdir -p ec rsa
(
  echo "okdomain1 ec prime256v1"
  echo "okdomain2 ec secp384r1"
  echo "okdomain3 ec secp521r1"
  echo "okdomain1 rsa 2048"
  echo "okdomain2 rsa 3072"
  echo "okdomain3 rsa 4096"
) | (
  while read domain type size; do
    "${dir}/server.sh" ca.pem "${type}" "${size}" "${domain}" >"${type}/${domain}"
  done
)

SCLIENT_CMD="openssl s_client -nocommands -quiet -tls1_2 -verify_return_error -CAfile ca.pem "
(
  echo "okdomain1 ECDSA"
  echo "okdomain2 ECDSA"
  echo "okdomain3 ECDSA"
  echo "okdomain1 RSA"
  echo "okdomain2 RSA"
  echo "okdomain3 RSA"
) | (
  while read domain type; do
    # create random datafile
    dd if=/dev/urandom of=data.in bs=1 count=32 2>/dev/null

    # run test
    (
      exec 0</dev/null
      ${SCLIENT_CMD} -servername "${domain}" -cipher "ECDHE-${type}-CHACHA20-POLY1305" -connect 127.0.0.1:10000 1>data.out 2>openssl.log || rm data.out
      if [ x"`sha512sum < data.in`" != x"`sha512sum < data.out`" ]; then
        echo "TLS snikey test: ${domain} ${type}: failed:" >&2
        exit 1
      fi
      echo "TLS snikey test: ${domain} ${type}: OK"
      exit 0
    )
  done
)

(
  echo "baddomain4 ECDSA"
  echo "baddomain4 RSA"
) | (
  while read domain type; do
    # create random datafile
    dd if=/dev/urandom of=data.in bs=1 count=32 2>/dev/null

    # run test
    (
      exec 0</dev/null
      if ${SCLIENT_CMD} -servername "${domain}" -cipher "ECDHE-${type}-CHACHA20-POLY1305" -connect 127.0.0.1:10000 1>data.out 2>openssl.log; then
        echo "TLS snikey test: ${domain} ${type}: failed: non-existent domain accepted" >&2
        exit 1
      fi
      echo "TLS snikey test: ${domain} ${type}: OK: non-existent domain not accepted"
      exit 0
    )
  done
)
