# Copyright (C) 2014,  all contributors <yahns-public@yhbt.net>
# License: GPLv3 or later (https://www.gnu.org/licenses/gpl-3.0.txt)
require_relative 'server_helper'
require 'openssl'
class TestSSL < Testcase
  ENV["N"].to_i > 1 and parallelize_me!
  include ServerHelper

  r, w = IO.pipe
  FAST_NB = begin
    :wait_readable == r.read_nonblock(1, exception: false)
  rescue
    false
  end
  r.close
  w.close

  # copied from test/openssl/utils.rb in Ruby:

  TEST_KEY_DH1024 = OpenSSL::PKey::DH.new <<-_end_of_pem_
-----BEGIN DH PARAMETERS-----
MIGHAoGBAKnKQ8MNK6nYZzLrrcuTsLxuiJGXoOO5gT+tljOTbHBuiktdMTITzIY0
pFxIvjG05D7HoBZQfrR0c92NGWPkAiCkhQKB8JCbPVzwNLDy6DZ0pmofDKrEsYHG
AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
-----END DH PARAMETERS-----
  _end_of_pem_

  TEST_KEY_DH1024.priv_key = OpenSSL::BN.new("48561834C67E65FFD2A9B47F41" \
     "E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2" \
     "CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB4" \
     "51E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672E" \
     "EF3EF13AB47A15275FC2836F3AC74CEA", 16)

  def setup
    unless FAST_NB
      skip "missing exception-free non-blocking IO in " \
           "#{RUBY_ENGINE} #{RUBY_VERSION}"
    end
    server_helper_setup
  end

  def teardown
    server_helper_teardown
  end

  def ssl_client(host, port)
    ctx = OpenSSL::SSL::SSLContext.new
    ctx.ciphers = "ADH"
    s = TCPSocket.new(host, port)
    ssl = OpenSSL::SSL::SSLSocket.new(s, ctx)
    ssl.connect
    ssl.sync_close = true
    ssl
  end

  def srv_ctx
    ctx = OpenSSL::SSL::SSLContext.new
    ctx.ciphers = "ADH"
    ctx.tmp_dh_callback = proc { TEST_KEY_DH1024 }
    ctx
  end

  def test_ssl_basic
    err, cfg, host, port = @err, Yahns::Config.new, @srv.addr[3], @srv.addr[1]
    ctx = srv_ctx
    pid = mkserver(cfg) do
      cfg.instance_eval do
        ru = lambda { |_| [ 200, {'Content-Length'=>'2'}, ['HI'] ] }
        app(:rack, ru) { listen "#{host}:#{port}", ssl_ctx: ctx }
        logger(Logger.new(err.path))
      end
    end
    client = ssl_client(host, port)
    client.write("GET / HTTP/1.0\r\n\r\n")
    head, body = client.read.split("\r\n\r\n", 2)
    assert_equal "HI", body
    assert_match %r{\AHTTP/1\.\d 200 OK\r\n}, head
  ensure
    client.close if client
    quit_wait(pid)
  end
end if defined?(OpenSSL)