require 'em_test_helper'

class TestSslVerify < Test::Unit::TestCase
  def setup
    $dir = File.dirname(File.expand_path(__FILE__)) + '/'
    $cert_from_file = File.read($dir+'client.crt')
  end

  module ClientNoCert
    def connection_completed
      start_tls()
    end

    def ssl_handshake_completed
      $client_handshake_completed = true
      close_connection
    end

    def unbind
      EM.stop_event_loop
    end
  end

  module Client
    def connection_completed
      start_tls(:private_key_file => $dir+'client.key', :cert_chain_file => $dir+'client.crt')
    end

    def ssl_handshake_completed
      $client_handshake_completed = true
      close_connection
    end

    def unbind
      EM.stop_event_loop
    end
  end

  module AcceptServer
    def post_init
      start_tls(:verify_peer => true)
    end

    def ssl_verify_peer(cert)
      $cert_from_server = cert
      true
    end

    def ssl_handshake_completed
      $server_handshake_completed = true
    end
  end

  module DenyServer
    def post_init
      start_tls(:verify_peer => true)
    end

    def ssl_verify_peer(cert)
      $cert_from_server = cert
      # Do not accept the peer. This should now cause the connection to shut down without the SSL handshake being completed.
      false
    end

    def ssl_handshake_completed
      $server_handshake_completed = true
    end
  end

  module FailServerNoPeerCert
    def post_init
      start_tls(:verify_peer => true, :fail_if_no_peer_cert => true)
    end

    def ssl_verify_peer(cert)
      raise "Verify peer should not get called for a client without a certificate"
    end

    def ssl_handshake_completed
      $server_handshake_completed = true
    end
  end

  def test_fail_no_peer_cert
    omit_unless(EM.ssl?)
    omit_if(rbx?)

    $client_handshake_completed, $server_handshake_completed = false, false

    EM.run {
      EM.start_server("127.0.0.1", 16784, FailServerNoPeerCert)
      EM.connect("127.0.0.1", 16784, ClientNoCert)
    }

    assert(!$client_handshake_completed)
    assert(!$server_handshake_completed)
  end

  def test_accept_server
    omit_unless(EM.ssl?)
    omit_if(EM.library_type == :pure_ruby) # Server has a default cert chain
    omit_if(rbx?)
    $client_handshake_completed, $server_handshake_completed = false, false
    EM.run {
      EM.start_server("127.0.0.1", 16784, AcceptServer)
      EM.connect("127.0.0.1", 16784, Client).instance_variable_get("@signature")
    }

    assert_equal($cert_from_file, $cert_from_server)
    assert($client_handshake_completed)
    assert($server_handshake_completed)
  end

  def test_deny_server
    omit_unless(EM.ssl?)
    omit_if(EM.library_type == :pure_ruby) # Server has a default cert chain
    omit_if(rbx?)
    $client_handshake_completed, $server_handshake_completed = false, false
    EM.run {
      EM.start_server("127.0.0.1", 16784, DenyServer)
      EM.connect("127.0.0.1", 16784, Client)
    }

    assert_equal($cert_from_file, $cert_from_server)
    assert(!$client_handshake_completed)
    assert(!$server_handshake_completed)
  end
end