#!/bin/sh
# 20211119
# Jan Mojzis
# Public domain.

set -e

umask 077

dir=`dirname "$0"`

# change directory to $AUTOPKGTEST_TMP
cd "${AUTOPKGTEST_TMP}"

tcpserver -HRDl0 127.0.0.1 10000 \
sh -c '
  exec 2>tlswrapper.log
  exec tlswrapper -vv -f ./cert.pem tlswrapper-tcp -P1 ::1 10001
' &
tcpserverpid=$!

(
  echo 'user www-data;'
  echo 'daemon off;'
  echo 'master_process off;'
  echo ''
  echo 'events {'
  echo '  worker_connections 1024;'
  echo '}'
  echo ''
  echo 'http {'
  echo '  server {'
  echo '    listen [::1]:10001 proxy_protocol;'
  echo '    error_log /dev/null;'
  echo '    access_log /dev/null;'
  echo '    location /test {'
  echo '      add_header X-proxy-addr $proxy_protocol_addr;'
  echo '      return 200;'
  echo '    }'
  echo '  }'
  echo '}'
) > nginx.conf
nginx -c `pwd`/nginx.conf &
nginxpid=$!

cleanup() {
  ex=$?
  #kill tcpserver
  kill -TERM "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
  kill -KILL "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
  kill -TERM "${nginxpid}" 1>/dev/null 2>/dev/null || :
  kill -KILL "${nginxpid}" 1>/dev/null 2>/dev/null || :
  if [ ${ex} -gt 0 ]; then
    (
      echo "tlswrapper.log:"
      cat tlswrapper.log
      echo "curl.out:"
      cat curl.out
    ) >&2
  fi
  rm -f ca.pem cert.pem tlswrapper.log curl.out nginx.conf
  exit "${ex}"
}
trap "cleanup" EXIT TERM INT

# create CA
"${dir}/ca.sh" ec prime256v1 >ca.pem

# create RSA certfile
"${dir}/server.sh" ca.pem ec prime256v1 '127.0.0.1' > cert.pem

# run test
curl -ks --cacert ca.pem -D- https://127.0.0.1:10000/test > curl.out 2>&1 || :
if grep -i '^x-proxy-addr: 127.0.0.1' curl.out >/dev/null; then
  echo "tlswrapper-tcp proxy-protocol test: OK"
  exit 0
fi
echo "tlswrapper-tcp proxy-protocol test: failed:" >&2
exit 1
