# $Id$

# Grope towards testing TLS functionality in POW

# openssl s_server -tls1 -Verify 9 -cert biz-certs/Alice-EE.cer -key biz-certs/Alice-EE.key -www -CApath biz-certs -chain

# openssl s_client -connect localhost:4433 -tls1 -cert biz-certs/Bob-EE.cer -key biz-certs/Bob-EE.key -verify 9 -CApath biz-certs -crlf

import POW, socket

def pow_error_iterator():
  err = POW.getError()
  if err is None:
    raise StopIteration
  else:
    yield err

key = POW.pemRead(POW.RSA_PRIVATE_KEY,  open("biz-certs/Bob-EE.key").read())
cer = POW.pemRead(POW.X509_CERTIFICATE, open("biz-certs/Bob-EE.cer").read())
ca  = POW.pemRead(POW.X509_CERTIFICATE, open("biz-certs/Bob-CA.cer").read())

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("localhost", 4433))

try:
  t = POW.Ssl(POW.TLSV1_CLIENT_METHOD)
  t.useCertificate(cer)
  t.useKey(key)
  t.addCertificate(ca)
  t.setFd(s.fileno())
  t.connect()
  x = t.peerCertificate()
  if x is not None:
    print "Peer", x.pprint()
  t.write("GET / HTTP/1.0\r\n")
  if False:
    print t.read(10000)
  else:
    while True:
      print t.read()
except:
  print "ERROR:"
  for e in pow_error_iterator():
    print e
  raise