#!/bin/bash
#
#  Copyright 2020 gRPC authors.
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
#

set +e

export TMPDIR=$(mktemp -d)
trap "rm -rf ${TMPDIR}" EXIT

clean () {
  for i in {1..10}; do
    jobs -p | xargs -n1 pkill -P
    # A simple "wait" just hangs sometimes.  Running `jobs` seems to help.
    sleep 1
    if jobs | read; then
      return
    fi
  done
  echo "$(tput setaf 1) clean failed to kill tests $(tput sgr 0)"
  jobs
  pstree
  rm ${CLIENT_LOG}
  rm ${SERVER_LOG}
  rm ${KEY_FILE_PATH}
  rm ${CERT_FILE_PATH}
  exit 1
}

fail () {
    echo "$(tput setaf 1) $1 $(tput sgr 0)"
    clean
    exit 1
}

pass () {
    echo "$(tput setaf 2) $1 $(tput sgr 0)"
}

EXAMPLES=(
    "credential_reloading_from_files"
)

declare -a EXPECTED_SERVER_OUTPUT=("Client common name: foo.bar.hoo.com" "Client common name: foo.bar.another.client.com")

cd ./security/advancedtls/examples

for example in ${EXAMPLES[@]}; do
    echo "$(tput setaf 4) testing: ${example} $(tput sgr 0)"

    KEY_FILE_PATH=$(mktemp)
    cat ../testdata/client_key_1.pem > ${KEY_FILE_PATH}

    CERT_FILE_PATH=$(mktemp)
    cat ../testdata/client_cert_1.pem > ${CERT_FILE_PATH}

    # Build server.
    if ! go build -o /dev/null ./${example}/*server/*.go; then
        fail "failed to build server"
    else
        pass "successfully built server"
    fi

    # Build client.
    if ! go build -o /dev/null ./${example}/*client/*.go; then
        fail "failed to build client"
    else
        pass "successfully built client"
    fi

    # Start server.
    SERVER_LOG="$(mktemp)"
    go run ./$example/*server/*.go &> $SERVER_LOG  &

    # Run client binary.
    CLIENT_LOG="$(mktemp)"
    go run ${example}/*client/*.go -key=${KEY_FILE_PATH} -cert=${CERT_FILE_PATH} &> $CLIENT_LOG  &

    # Wait for the client to send some requests using old credentials.
    sleep 4s

    # Switch to the new credentials.
    cat ../testdata/another_client_key_1.pem > ${KEY_FILE_PATH}
    cat ../testdata/another_client_cert_1.pem > ${CERT_FILE_PATH}

    # Wait for the client to send some requests using new credentials.
    sleep 4s

    # Check server log for expected output.
    for output in "${EXPECTED_SERVER_OUTPUT[@]}"; do
      if ! grep -q "$output" $SERVER_LOG; then
          fail "server log missing output: $output
          got server log:
          $(cat $SERVER_LOG)
          "
      else
          pass "server log contains expected output: $output"
      fi
    done

    clean
done