#!/bin/sh
# 20211207
# Jan Mojzis
# Public domain.

set -e

umask 077

dir=`dirname "$0"`

# change directory to $AUTOPKGTEST_TMP
cd "${AUTOPKGTEST_TMP}"

tcpserver -HRDl0 127.0.0.1 10000 \
sh -c '
  exec 2>tlswrapper.log
  exec tlswrapper -vv -d `pwd`/.ec -f ./.cert.pem cat data.in
' &
tcpserverpid=$!
# Give some extra time for tcpserver to start,
# to avoid flaky test failures on slower testbeds
sleep 1

cleanup() {
  ex=$?
  #kill tcpserver
  kill -TERM "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
  kill -KILL "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
  if [ ${ex} -gt 0 ]; then
    (
      echo "tlswrapper.log:"
      cat tlswrapper.log || :
      echo "openssl.log:"
      cat openssl.log || :
    ) >&2
  fi
  rm -rf data.in data.out openssl.log ca.pem cert.pem tlswrapper.log ':ec' '.ec' '.cert.pem' ':cert.pem'
  exit "${ex}"
}
trap "cleanup" EXIT TERM INT

mkdir -p ':ec' '.ec'
touch '.cert.pem'
"${dir}/ca.sh" ec prime256v1 >ca.pem
"${dir}/server.sh" ca.pem ec prime256v1 127.0.0.1 >':ec/:snidomain'
"${dir}/server.sh" ca.pem ec prime256v1 127.0.0.1 >':cert.pem'

SCLIENT_CMD="openssl s_client -nocommands -quiet -tls1_2 -verify_return_error -CAfile ca.pem"
(
  echo ".snidomain"
  echo "/.snidomain"
  echo "////////.snidomain"
) | (
  while read domain type; do
    # create random datafile
    dd if=/dev/urandom of=data.in bs=1 count=32 2>/dev/null

    # run test
    (
      exec 0</dev/null
      ${SCLIENT_CMD} -servername "${domain}" -connect 127.0.0.1:10000 1>data.out 2>openssl.log || rm data.out
      if [ x"`sha512sum < data.in`" != x"`sha512sum < data.out`" ]; then
        echo "Fixpath SNI test: ${domain}: failed:" >&2
        exit 1
      fi
      echo "Fixpath SNI test: ${domain}: OK"
      exit 0
    )
  done
)

${SCLIENT_CMD} -connect 127.0.0.1:10000 1>data.out 2>openssl.log || rm data.out
if [ x"`sha512sum < data.in`" != x"`sha512sum < data.out`" ]; then
  echo "Fixpath test: failed:" >&2
  exit 1
fi
echo "Fixpath test: OK"
exit 0
