require "socket"
require "thread"
require "openssl"
require File.join(File.dirname(__FILE__), "utils.rb")

def get_pem(io=$stdin)
  buf = ""
  while line = io.gets
    if /^-----BEGIN / =~ line
      buf << line
      break
    end
  end
  while line = io.gets
    buf << line
    if /^-----END / =~ line
      break
    end
  end
  return buf
end

def make_key(pem)
  begin
    return OpenSSL::PKey::RSA.new(pem)
  rescue
    return OpenSSL::PKey::DSA.new(pem)
  end
end

if $DEBUG
  def log(s); File.open("ssl-server-debug", "a") {|f| f.puts s}; end
  File.open("ssl-server-debug", "w") {|f| f << ""}
  log "server starting"
else
  def log(s) end
end

begin
ca_cert  = OpenSSL::X509::Certificate.new(get_pem)
log "got ca cert #{ca_cert.inspect}"
ssl_cert = OpenSSL::X509::Certificate.new(get_pem)
log "got ssl cert #{ssl_cert.inspect}"
ssl_key  = make_key(get_pem)
port = Integer(ARGV.shift)
verify_mode = Integer(ARGV.shift)
start_immediately = (/yes/ =~ ARGV.shift)

store = OpenSSL::X509::Store.new
store.add_cert(ca_cert)
store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
ctx = OpenSSL::SSL::SSLContext.new
ctx.cert_store = store
#ctx.extra_chain_cert = [ ca_cert ]
ctx.cert = ssl_cert
ctx.key = ssl_key
ctx.verify_mode = verify_mode

Socket.do_not_reverse_lookup = true
tcps = nil
100.times{|i|
  begin
    log "starting server on #{port+i}"
    tcps = TCPServer.new("0.0.0.0", port+i)
    port = port + i
    break
  rescue Errno::EADDRINUSE
    next 
  end
}
log "starting ssl server"
ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
ssls.start_immediately = start_immediately

log("sending pid #{Process.pid}")
$stdout.sync = true
$stdout.puts Process.pid
$stdout.puts port

loop do
  ssl = ssls.accept rescue next
  Thread.start{
    q = Queue.new
    th = Thread.start{ ssl.write(q.shift) while true }
    while line = ssl.gets
      if line =~ /^STARTTLS$/
        ssl.accept
        next
      end
      q.push(line)
    end
    th.kill if q.empty?
    ssl.close
  }
end
rescue
  log $!
  log $!.backtrace.join("\n")
end