#!/bin/sh
set -ex

# Check that the init script correctly prompts for the passphrase on startup,
# then starts and responds correctly to https queries.
#
# Author: Robie Basak <robie.basak@ubuntu.com>

cd /etc/ssl/private
[ -f ssl-cert-snakeoil.key.nopassphrase ] || mv ssl-cert-snakeoil.key ssl-cert-snakeoil.key.nopassphrase
openssl rsa -des3 -in ssl-cert-snakeoil.key.nopassphrase -out ssl-cert-snakeoil.key -passout pass:test
a2enmod ssl
a2ensite default-ssl

expect <<EOT
spawn service apache2 restart
set timeout 600
expect {
	# Debian
	"ass phrase:" {send "test\r"}

	# Ubuntu
	"assphrase:" {send "test\r"}

	# Failure cases
	"failed" {exit 1}
	eof {exit 1}
}

# wait for eof and return exit code from spawned process back to the caller
expect eof
catch wait result
exit [lindex \$result 3]
EOT

echo "Hello, world!" > /var/www/html/hello.txt

# Use curl here. wget doesn't work on Debian, even with --no-check-certificate
# wget on Debian gives me:
#    GnuTLS: A TLS warning alert has been received.
#    Unable to establish SSL connection.
# Presumably this is due to the self-signed certificate, but I'm not sure how
# to skip the warning with wget. curl will do for now.
result=`curl -k https://localhost/hello.txt`

if [ "$result" != "Hello, world!" ]; then
    echo "Unexpected result from wget" >&2
    exit 1
fi
