#!/usr/bin/env perl

use strict;
use warnings;

use SSLTest;

###############################################################################

# code, msg, headers, content
my %urls = (
    '/somefile.txt' => {
        code => "200",
        msg => "Dontcare",
        headers => {
            "Content-type" => "text/plain",
        },
        content => "blabla",
    },
);

# Skip the test if openssl is not available
my $ossl = `openssl version`;
unless ($ossl =~ m/OpenSSL 1/)
{
  exit 77;
}

my $cdir = $ENV{'PWD'};

# HOSTALIASES env variable allows us to create hosts file alias.
my $testhostname = "WgetTestingServer";
$ENV{'HOSTALIASES'} = "$cdir/certs/wgethosts";

# Prepare self-signed certificates
my $certfile="tmpsscert.pem";
my $keyfile="tmpsskey.pem";
my $certsubj="/C=US/ST=CA/L=Mystery Spot/O=Dis/CN=$testhostname/emailAddress=tester";
my $sscertcmd="openssl req -x509 -nodes -newkey rsa:4096 -keyout $keyfile ".
              " -out $certfile -days 365 -subj \"$certsubj\"";

system($sscertcmd);
my $sscheck=`(openssl x509 -noout -modulus -in $certfile | openssl md5 ;
              openssl rsa  -noout -modulus -in $keyfile | openssl md5) |
              uniq|wc -l`;

# Check if Self signed certificate and key are made correctly.
unless(-e $certfile && -e $keyfile && $sscheck == 1)
{
    exit 77; # skip
}

# Try Wget using SSL first without --no-check-certificate. expect error
my $port    = 26443;
my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cdir/certs/test-ca-cert.pem".
                                    " https://$testhostname:$port/somefile.txt";
my $expected_error_code = 5;
my %existing_files = (
);

my %expected_downloaded_files = (
  'somefile.txt' => {
    content => "blabla",
  },
);

my $sslsock = SSLTest->new(cmdline   => $cmdline,
                           input     => \%urls,
                           errcode   => $expected_error_code,
                           existing  => \%existing_files,
                           output    => \%expected_downloaded_files,
                           certfile  => $certfile,
                           keyfile   => $keyfile,
                           lhostname => $testhostname,
                           sslport   => $port);
if ($sslsock->run() == 0)
{
  exit 0;
}

# Retry the test with --no-check-certificate. expect success
$port    = 27443;
$cmdline = $WgetTest::WGETPATH . " --no-check-certificate ".
                                 " --ca-certificate=$cdir/certs/test-ca-cert.pem".
                                 " https://$testhostname:$port/somefile.txt";

$expected_error_code = 0;

my $retryssl = SSLTest->new(cmdline  => $cmdline,
                           input     => \%urls,
                           errcode   => $expected_error_code,
                           existing  => \%existing_files,
                           output    => \%expected_downloaded_files,
                           certfile  => $certfile,
                           keyfile   => $keyfile,
                           lhostname => $testhostname,
                           sslport   => $port);
exit $retryssl->run();
# vim: et ts=4 sw=4