#!/usr/bin/perl -w
# sslecho.pl - Echo server using SSL
#
# Copyright (c) 1996,1998 Sampo Kellomaki <sampo@iki.fi>, All Rights Reserved.
# Date:   27.6.1996, 8.6.1998
# 7.12.2001, added more support for client side certificate testing --Sampo
# $Id: sslecho.pl,v 1.2 2001/12/08 17:43:14 sampo Exp $
#
# Usage: ./sslecho.pl *port* *cert.pem* *key.pem*
#
# This server always binds to localhost as this is all that is needed
# for tests.

die "Usage: ./sslecho.pl *port* *cert.pem* *key.pem*\n" unless $#ARGV == 2;
($port, $cert_pem, $key_pem) = @ARGV;
$our_ip = "\x7F\0\0\x01";

$trace = 2;
use Socket;
use Net::SSLeay qw(sslcat die_now die_if_ssl_error);
$Net::SSLeay::trace = 3; # Super verbose debugging

#
# Create the socket and open a connection
#

$our_serv_params = pack ('S n a4 x8', &AF_INET, $port, $our_ip);
socket (S, &AF_INET, &SOCK_STREAM, 0)  or die "socket: $!";
bind (S, $our_serv_params)             or die "bind:   $! (port=$port)";
listen (S, 5)                          or die "listen: $!";

#
# Prepare SSLeay
#

Net::SSLeay::load_error_strings();
Net::SSLeay::ERR_load_crypto_strings();
Net::SSLeay::SSLeay_add_ssl_algorithms();
Net::SSLeay::randomize();

print "sslecho: Creating SSL context...\n" if $trace>1;
$ctx = Net::SSLeay::CTX_new () or die_now("CTX_new ($ctx): $!\n");
print "sslecho: Setting cert and RSA key...\n" if $trace>1;
Net::SSLeay::CTX_set_cipher_list($ctx,'ALL');
Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem) or die "key";

while (1) {
    
    print "sslecho $$: Accepting connections...\n" if $trace>1;
    ($addr = accept (NS, S)) or die "accept: $!";
    $old_out = select (NS); $| = 1; select ($old_out);  # Piping hot!
    
    if ($trace) {
	($af,$client_port,$client_ip) = unpack('S n a4 x8',$addr);
	@inetaddr = unpack('C4',$client_ip);
	print "$af connection from " . join ('.', @inetaddr)
	    . ":$client_port\n" if $trace;;
    }
    
    #
    # Do SSL negotiation stuff
    #

    print "sslecho: Creating SSL session (cxt=`$ctx')...\n" if $trace>1;
    $ssl = Net::SSLeay::new($ctx) or die_now("ssl new ($ssl): $!");

    print "sslecho: Setting fd (ctx $ctx, con $ssl)...\n" if $trace>1;
    Net::SSLeay::set_fd($ssl, fileno(NS));

    print "sslecho: Entering SSL negotiation phase...\n" if $trace>1;
    
    Net::SSLeay::accept($ssl);
    die_if_ssl_error("ssl_echo: ssl accept: ($!)");
    
    print "sslecho: Cipher `" . Net::SSLeay::get_cipher($ssl)
	. "'\n" if $trace;
    
    #
    # Connected. Exchange some data.
    #
    
    $got = Net::SSLeay::ssl_read_all($ssl) or die "$$: ssl read failed";
    print "sslecho $$: got " . length($got) . " bytes\n" if $trace==2;
    print "sslecho: Got `$got' (" . length ($got) . " chars)\n" if $trace>2;
    $got = uc $got;
    if ($got eq 'CLIENT-CERT-TEST') {
	$got .= Net::SSLeay::dump_peer_certificate($ssl) . "END CERT\n";
    }
    Net::SSLeay::ssl_write_all($ssl, $got) or die "$$: ssl write failed";
    $got = '';  # in case it was huge
    
    print "sslecho: Tearing down the connection.\n\n" if $trace>1;
    
    Net::SSLeay::free ($ssl);
    close NS;
}
Net::SSLeay::CTX_free ($ctx);
close S;

__END__