#!/bin/sh

CADIR=""
CAFILE="`pwd`/ucspi.ca"
CERTFILE="`pwd`/127.0.0.1.cert"
KEYFILE="`pwd`/127.0.0.1.key"
CCAFILE="`pwd`/localhost.cert"
CCERTFILE="`pwd`/localhost.cert"
CKEYFILE="`pwd`/localhost.key"
DHFILE="`pwd`/dh1024.pem"
export CAFILE CCAFILE CERTFILE KEYFILE CCERTFILE CKEYFILE CADIR DHFILE

rm -rf rts-tmp
mkdir rts-tmp
cd rts-tmp

echo '#!/bin/sh
  trap "" 13
  echo ""
  echo PROTO="$PROTO"
  echo SSLLOCALHOST="${SSLLOCALHOST-unset}"
  echo SSLLOCALIP="${SSLLOCALIP-unset}"
  echo SSLLOCALPORT="${SSLLOCALPORT-unset}"
  echo SSLREMOTEHOST="${SSLREMOTEHOST-unset}"
  echo SSLREMOTEIP="${SSLREMOTEIP-unset}"
  echo SSLREMOTEPORT="${SSLREMOTEPORT-unset}"
  echo SSLREMOTEINFO="${SSLREMOTEINFO-unset}"

  echo TCPLOCALHOST="${TCPLOCALHOST-unset}"
  echo TCPLOCALIP="${TCPLOCALIP-unset}"
  echo TCPLOCALPORT="${TCPLOCALPORT-unset}"
  echo TCPREMOTEHOST="${TCPREMOTEHOST-unset}"
  echo TCPREMOTEIP="${TCPREMOTEIP-unset}"
  echo TCPREMOTEPORT="${TCPREMOTEPORT-unset}"
  echo TCPREMOTEINFO="${TCPREMOTEINFO-unset}"

  echo SSL_PROTOCOL="${SSL_PROTOCOL-unset}"
  echo SSL_SESSION_ID="${SSL_SESSION_ID-unset}"
  echo SSL_CIPHER="${SSL_CIPHER-unset}"
  echo SSL_CIPHER_EXPORT="${SSL_CIPHER_EXPORT-unset}"
  echo SSL_CIPHER_USEKEYSIZE="${SSL_CIPHER_USEKEYSIZE-unset}"
  echo SSL_CIPHER_ALGKEYSIZE="${SSL_CIPHER_ALGKEYSIZE-unset}"
  echo SSL_VERSION_INTERFACE="${SSL_VERSION_INTERFACE-unset}"
  echo SSL_VERSION_LIBRARY="${SSL_VERSION_LIBRARY-unset}"

  echo SSL_SERVER_M_VERSION="${SSL_SERVER_M_VERSION-unset}"
  echo SSL_SERVER_M_SERIAL="${SSL_SERVER_M_SERIAL-unset}"
  echo SSL_SERVER_S_DN="${SSL_SERVER_S_DN-unset}"
  echo SSL_SERVER_S_DN_C="${SSL_SERVER_S_DN_C-unset}"
  echo SSL_SERVER_S_DN_ST="${SSL_SERVER_S_DN_ST-unset}"
  echo SSL_SERVER_S_DN_L="${SSL_SERVER_S_DN_L-unset}"
  echo SSL_SERVER_S_DN_O="${SSL_SERVER_S_DN_O-unset}"
  echo SSL_SERVER_S_DN_OU="${SSL_SERVER_S_DN_OU-unset}"
  echo SSL_SERVER_S_DN_CN="${SSL_SERVER_S_DN_CN-unset}"
  echo SSL_SERVER_S_DN_T="${SSL_SERVER_S_DN_T-unset}"
  echo SSL_SERVER_S_DN_I="${SSL_SERVER_S_DN_I-unset}"
  echo SSL_SERVER_S_DN_G="${SSL_SERVER_S_DN_G-unset}"
  echo SSL_SERVER_S_DN_S="${SSL_SERVER_S_DN_S-unset}"
  echo SSL_SERVER_S_DN_D="${SSL_SERVER_S_DN_D-unset}"
  echo SSL_SERVER_S_DN_UID="${SSL_SERVER_S_DN_UID-unset}"
  echo SSL_SERVER_S_DN_Email="${SSL_SERVER_S_DN_Email-unset}"
  echo SSL_SERVER_I_DN="${SSL_SERVER_I_DN-unset}"
  echo SSL_SERVER_I_DN_C="${SSL_SERVER_I_DN_C-unset}"
  echo SSL_SERVER_I_DN_ST="${SSL_SERVER_I_DN_ST-unset}"
  echo SSL_SERVER_I_DN_L="${SSL_SERVER_I_DN_L-unset}"
  echo SSL_SERVER_I_DN_O="${SSL_SERVER_I_DN_O-unset}"
  echo SSL_SERVER_I_DN_OU="${SSL_SERVER_I_DN_OU-unset}"
  echo SSL_SERVER_I_DN_CN="${SSL_SERVER_I_DN_CN-unset}"
  echo SSL_SERVER_I_DN_T="${SSL_SERVER_I_DN_T-unset}"
  echo SSL_SERVER_I_DN_I="${SSL_SERVER_I_DN_I-unset}"
  echo SSL_SERVER_I_DN_G="${SSL_SERVER_I_DN_G-unset}"
  echo SSL_SERVER_I_DN_S="${SSL_SERVER_I_DN_S-unset}"
  echo SSL_SERVER_I_DN_D="${SSL_SERVER_I_DN_D-unset}"
  echo SSL_SERVER_I_DN_UID="${SSL_SERVER_I_DN_UID-unset}"
  echo SSL_SERVER_I_DN_Email="${SSL_SERVER_I_DN_Email-unset}"
  echo SSL_SERVER_V_START="${SSL_SERVER_V_START-unset}"
  echo SSL_SERVER_V_END="${SSL_SERVER_V_END-unset}"
  echo SSL_SERVER_A_SIG="${SSL_SERVER_A_SIG-unset}"
  echo SSL_SERVER_A_KEY="${SSL_SERVER_A_KEY-unset}"
  echo SSL_SERVER_CERT="${SSL_SERVER_CERT-unset}"

  echo SSL_CLIENT_M_VERSION="${SSL_CLIENT_M_VERSION-unset}"
  echo SSL_CLIENT_M_SERIAL="${SSL_CLIENT_M_SERIAL-unset}"
  echo SSL_CLIENT_S_DN="${SSL_CLIENT_S_DN-unset}"
  echo SSL_CLIENT_S_DN_C="${SSL_CLIENT_S_DN_C-unset}"
  echo SSL_CLIENT_S_DN_ST="${SSL_CLIENT_S_DN_ST-unset}"
  echo SSL_CLIENT_S_DN_L="${SSL_CLIENT_S_DN_L-unset}"
  echo SSL_CLIENT_S_DN_O="${SSL_CLIENT_S_DN_O-unset}"
  echo SSL_CLIENT_S_DN_OU="${SSL_CLIENT_S_DN_OU-unset}"
  echo SSL_CLIENT_S_DN_CN="${SSL_CLIENT_S_DN_CN-unset}"
  echo SSL_CLIENT_S_DN_T="${SSL_CLIENT_S_DN_T-unset}"
  echo SSL_CLIENT_S_DN_I="${SSL_CLIENT_S_DN_I-unset}"
  echo SSL_CLIENT_S_DN_G="${SSL_CLIENT_S_DN_G-unset}"
  echo SSL_CLIENT_S_DN_S="${SSL_CLIENT_S_DN_S-unset}"
  echo SSL_CLIENT_S_DN_D="${SSL_CLIENT_S_DN_D-unset}"
  echo SSL_CLIENT_S_DN_UID="${SSL_CLIENT_S_DN_UID-unset}"
  echo SSL_CLIENT_S_DN_Email="${SSL_CLIENT_S_DN_Email-unset}"
  echo SSL_CLIENT_I_DN="${SSL_CLIENT_I_DN-unset}"
  echo SSL_CLIENT_I_DN_C="${SSL_CLIENT_I_DN_C-unset}"
  echo SSL_CLIENT_I_DN_ST="${SSL_CLIENT_I_DN_ST-unset}"
  echo SSL_CLIENT_I_DN_L="${SSL_CLIENT_I_DN_L-unset}"
  echo SSL_CLIENT_I_DN_O="${SSL_CLIENT_I_DN_O-unset}"
  echo SSL_CLIENT_I_DN_OU="${SSL_CLIENT_I_DN_OU-unset}"
  echo SSL_CLIENT_I_DN_CN="${SSL_CLIENT_I_DN_CN-unset}"
  echo SSL_CLIENT_I_DN_T="${SSL_CLIENT_I_DN_T-unset}"
  echo SSL_CLIENT_I_DN_I="${SSL_CLIENT_I_DN_I-unset}"
  echo SSL_CLIENT_I_DN_G="${SSL_CLIENT_I_DN_G-unset}"
  echo SSL_CLIENT_I_DN_S="${SSL_CLIENT_I_DN_S-unset}"
  echo SSL_CLIENT_I_DN_D="${SSL_CLIENT_I_DN_D-unset}"
  echo SSL_CLIENT_I_DN_UID="${SSL_CLIENT_I_DN_UID-unset}"
  echo SSL_CLIENT_I_DN_Email="${SSL_CLIENT_I_DN_Email-unset}"
  echo SSL_CLIENT_V_START="${SSL_CLIENT_V_START-unset}"
  echo SSL_CLIENT_V_END="${SSL_CLIENT_V_END-unset}"
  echo SSL_CLIENT_A_SIG="${SSL_CLIENT_A_SIG-unset}"
  echo SSL_CLIENT_A_KEY="${SSL_CLIENT_A_KEY-unset}"
  echo SSL_CLIENT_CERT="${SSL_CLIENT_CERT-unset}"
  echo SSL_CLIENT_CERT_CHAIN_0="${SSL_CLIENT_CERT_CHAIN_0-unset}"
  echo SSL_CLIENT_CERT_CHAIN_1="${SSL_CLIENT_CERT_CHAIN_1-unset}"

' > print
chmod 755 print

sanitize() {
  sed -e 's/^SSL_SESSION_ID=.*/SSL_SESSION_ID=.../' \
      -e 's/^SSLREMOTEPORT=.*/SSLREMOTEPORT=.../' \
      -e 's/^SSLLOCALPORT=.*/SSLLOCALPORT=.../' \
      -e 's/^TCPREMOTEPORT=.*/TCPREMOTEPORT=.../' \
      -e 's/^TCPLOCALPORT=.*/TCPLOCALPORT=.../' \
      -e 's/^SSL_VERSION_LIBRARY=.*/SSL_VERSION_LIBRARY=.../' \
      -e 's/^SSL_CIPHER_USEKEYSIZE=.*/SSL_CIPHER_USEKEYSIZE=.../' \
      -e 's/^SSL_CIPHER_ALGKEYSIZE=.*/SSL_CIPHER_ALGKEYSIZE=.../' \
      -e 's/^SSL_CIPHER=.*/SSL_CIPHER=.../'
}

# Assumptions:
#   available TCP ports on 127.0.0.1: 50022

echo 'package Embedded::test;
my $n = 0;
$| = 1;
sub server (@) {
  ++$n;
  print STDERR "log: Hello, World! ($n): @_\n";
  print "Hello, World! ($n): @_\n";

  $n > 1  and  exit(0);
}
1;
' > hello.pm

sslperl -w 2 \
-s -c 1 -Bsslperl -vo -D -1 -3 -Xx rules.cdb -Rt5 -hp -l Localserver -b 2 \
-a -A \
127.0.0.1 50022 hello.pm 'Embedded::test::server' here you are \
3< ../127.0.0.1.pw >log.50022 2>&1 &
pid_50022=$!
sleep 2

echo '--- sslperl works'
{ sslclient -R -H -T 10 -l Local -a "$CAFILE" 0 50022 sh -c 'cat <&6'
  echo $?
} | sanitize
{ sslclient -R -H -T 10 -l Local -a "$CAFILE" 0 50022 sh -c 'cat <&6'
  echo $?
} | sanitize
{ sslclient -R -H -T 10 -l Local -a "$CAFILE" 0 50022 sh -c 'cat <&6'
  echo $?
} | sanitize
{ sslclient -R -H -T 10 -l Local -X 0 50022 sh -c 'cat <&6'
  echo $?
} | sanitize

echo '--- sslperl prints usage message without enough arguments'
sslperl 0; echo $?

echo '--- sslperl prints error message with unknown port name'
sslperl 0 nonexistentport echo wrong; echo $?

echo '--- sslperl prints error message with unknown host name'
sslperl nonexistent.local. 016 echo wrong; echo $?

echo '--- sslperl prints error message with unresolvable host name'
sslperl thislabelistoolongbecausednshasalimitof63charactersinasinglelabel. 50022 echo wrong; echo $?

echo '--- sslperl prints error message with non-local host name'
( sslperl 1.2.3.4 016 echo wrong 2>&1
  echo $?
) | sed -e 's/unable to bind: .*$/unable to bind: .../'

kill -TERM $pid_50022
wait $pid_50022

echo '--- sslperl preserves environment'
echo 'package Embedded::test;
my $n = 0;
$| = 1;
sub server () {
  print STDERR "log: NOW=$ENV{NOW}\n";
  print STDERR "log: changed environment\n";
  print "changed environment\n";
  $ENV{'HERE'} = 'NOW';
}
1;
' > hello.pm

sslperl -w 2 \
-s -c 1 -Bsslperl -vo -D -1 -3 -Xx rules.cdb -Rt5 -hp -l Localserver -b 2 \
-a -A \
127.0.0.1 50022 hello.pm 'Embedded::test::server' here you are \
3< ../127.0.0.1.pw >>log.50022 2>&1 &
pid_50022=$!
sleep 2

{ sslclient -R -H -T 10 -l Local -a "$CAFILE" 0 50022 sh -c 'cat <&6'
  echo $?
} | sanitize

kill -TERM $pid_50022
wait $pid_50022

echo '--- sslperl handles larger requests'
echo 'package Embedded::test;
my $n = 0;
$| = 1;
sub server (@) {
  print @_;
  while(<>) {
    print $_;
  }
}
1;
' > echo.pm

sslperl -w 2 \
-s -c 1 -Bsslperl -vo -D -1 -3 -Xx rules.cdb -Rt5 -hp -l Localserver -b 2 \
-a -A \
127.0.0.1 50022 echo.pm 'Embedded::test::server' here you are \
3< ../127.0.0.1.pw >>log.50022 2>&1 &
pid_50022=$!
sleep 2

( exec 2>&1
  exec 3<../localhost.pw
  { for i in 0 1 2 3 4 5 6 7 8 9
    do
      for j in 0 1 2 3 4 5 6 7 8 9
      do
	for k in 0 1 2 3 4 5 6 7 8 9
	do
	  echo "abcdefghijklmnopqrstuvwxyz"
	  echo "abcdefghijklmnopqrstuvwxyz"
	  echo "abcdefghijklmnopqrstuvwxyz"
	  echo "abcdefghijklmnopqrstuvwxyz"
	done
      done
    done
  } | sslconnect 127.0.0.1 50022 -v -s \
    -a "$CAFILE" -c "$CCERTFILE" -k "$CKEYFILE" -3 >/dev/null
  echo $?
) | sanitize

kill -TERM $pid_50022
wait $pid_50022

echo '--- sslserver -1v prints proper messages'
cat log.50022 | \
sed -e 's/::.*/::x/' -e 's/ [0-9]* / x /' \
  -e 's} cafile x .*/\([^/]*\)} cafile x xxx/\1}' \
  -e 's} ccafile x .*/\([^/]*\)} ccafile x xxx/\1}' \
  -e 's} cadir x .*/\([^/]*\)} cadir x xxx/\1}' \
  -e 's} cert x .*/\([^/]*\)} cert x xxx/\1}' \
  -e 's} key x .*/\([^/]*\)} key x xxx/\1}' \
  -e 's/ param x .*/ param x xxx/' \
  -e 's/ speak SSL: .*/ speak SSL: .../' \
  -e 's/ accept SSL: .*/ accept SSL: .../' \
  -e 's/ done [0-9]*$/ done .../'

