#!/usr/bin/perl

use lib "t/lib";
use strict;
use warnings;

use Test::More tests => 5;
use Test::Crypt::NSS::SelfServ;

use Crypt::NSS config_dir => "db", cipher_suite => "US";

start_ssl_server(config_dir => "db", port => 4434, password => "crypt-nss", require_cert => 1);

my $socket = Net::NSS::SSL->create_socket("tcp");
$socket->set_option(Blocking => 1);
$socket->import_into_ssl_layer();
$socket->set_URL("127.0.0.1");
$socket->set_pkcs11_pin_arg("crypt-nss");

$socket->set_client_certificate_hook(sub {
    my ($self, $nickname) = @_;
    my ($cert, $key);

    is ($$self, $$socket, "Passed socket is correct");
    is ($nickname, "127.0.0.1", "Got expected nickname");
    
    $cert = Crypt::NSS::PKCS11->find_cert_by_nickname($nickname, $self->get_pkcs11_pin_arg);
    ok($cert, "Found cert");
    $key = Crypt::NSS::PKCS11->find_key_by_any_cert($cert, $self->get_pkcs11_pin_arg);
    ok($key, "Found key");
    
    return ($cert, $key);
}, "127.0.0.1");

$socket->connect("127.0.0.1", 4434);

$socket->write("GET / HTTP/1.0\n\n\n\n");

my $buffer;
my $reply = "";
while ($socket->read($buffer) > 0) { $reply .= $buffer; }
ok($reply, "Got data so auth worked");
$socket->close();

stop_ssl_server();