#!/bin/sh
# 20210123
# Jan Mojzis
# Public domain.

set -e

umask 077

dir=`dirname "$0"`

# change directory to $AUTOPKGTEST_TMP
cd "${AUTOPKGTEST_TMP}"

# run tlswrapper port 10000
tcpserver -HRDl0 127.0.0.1 10000 \
sh -c '
  exec 2>tlswrapper.log
  exec tlswrapper -vv \
                  -f rsa.pem \
                  -f ec.pem \
                  cat data.in
' &
tcpserverpid=$!
# Give some extra time for tcpserver to start,
# to avoid flaky test failures on slower testbeds
sleep 1

cleanup() {
  ex=$?
  #kill tcpserver
  kill -TERM "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
  kill -KILL "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
  if [ ${ex} -gt 0 ]; then
    (
      echo "tlswrapper.log:"
      cat tlswrapper.log || :
      echo "openssl.log:"
      cat openssl.log || :
    ) >&2
  fi
  rm -f data.in data.out openssl.log ec.pem rsa.pem tlswrapper.log
  exit "${ex}"
}
trap "cleanup" EXIT TERM INT

# create CA
"${dir}/ca.sh" ec prime256v1 >ca.pem

# create RSA certfile
"${dir}/server.sh" ca.pem rsa 2048 '127.0.0.1' > rsa.pem

# create ECDSA certdir
"${dir}/server.sh" ca.pem ec prime256v1 '127.0.0.1' > ec.pem

SCLIENT_CMD="openssl s_client -nocommands -quiet -tls1_2 -verify_return_error -CAfile ca.pem"
(
  echo "ECDHE-ECDSA-CHACHA20-POLY1305"
  echo "ECDHE-ECDSA-AES256-GCM-SHA384"
  echo "ECDHE-ECDSA-AES128-GCM-SHA256"
  echo "ECDHE-RSA-CHACHA20-POLY1305"
  echo "ECDHE-RSA-AES256-GCM-SHA384"
  echo "ECDHE-RSA-AES128-GCM-SHA256"
) | (
  while read algo; do
    # create random datafile
    dd if=/dev/urandom of=data.in bs=1 count=32 2>/dev/null

    # run test
    (
      exec 0</dev/null
      ${SCLIENT_CMD} -cipher "${algo}" -connect 127.0.0.1:10000 1>data.out 2>openssl.log || rm data.out
      if [ x"`sha512sum < data.in`" != x"`sha512sum < data.out`" ]; then
        echo "TLS default cipher test: ${algo}: failed:" >&2
        exit 1
      fi
      echo "TLS default cipher test: ${algo}: OK"
    )
  done
)
