From 1177349d691c83a2b986d62f5f96b8f6e5a95072 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?N=C3=A1ndor=20Istv=C3=A1n=20Kr=C3=A1cser?=
 <bonifaido@gmail.com>
Date: Fri, 19 Apr 2024 14:37:25 +0200
Subject: [PATCH] add alpn=passthrough test through python

---
 .gitignore          |  1 +
 test/camblet.py     | 15 +++++++++++++++
 test/passthrough.py | 41 +++++++++++++++++++++++++++++++++++++++++
 test/smoke.sh       |  6 ++++++
 4 files changed, 63 insertions(+)
 create mode 100644 test/camblet.py
 create mode 100644 test/passthrough.py

diff --git a/.gitignore b/.gitignore
index aba58be2..af9c06c4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,3 +19,4 @@ linux/
 *.deb
 *.rpm
 test/tls-perf
+*pyc
diff --git a/test/camblet.py b/test/camblet.py
new file mode 100644
index 00000000..9c0b76f8
--- /dev/null
+++ b/test/camblet.py
@@ -0,0 +1,15 @@
+import ctypes
+
+SOL_CAMBLET = 7891
+CAMBLET_HOSTNAME = 1
+CAMBLET_TLS_INFO = 2
+CAMBLET = b"camblet\0"
+
+CAMBLET_EINVALIDSPIFFEID = 1001
+
+class CambletTlsInfo(ctypes.Structure):
+    _fields_ = [('camblet_enabled', ctypes.c_bool),
+                ('mtls_enabled', ctypes.c_bool),
+                ('spiffe_id', ctypes.c_char * 256),
+                ('peer_spiffe_id', ctypes.c_char * 256),
+                ('alpn', ctypes.c_char * 256)]
diff --git a/test/passthrough.py b/test/passthrough.py
new file mode 100644
index 00000000..df661fb3
--- /dev/null
+++ b/test/passthrough.py
@@ -0,0 +1,41 @@
+import socket
+import ssl
+import camblet
+import ctypes
+import http.client as http
+
+hostname = 'localhost'
+port = 8010
+
+context = ssl.create_default_context()
+context.check_hostname = False
+context.verify_mode = ssl.CERT_NONE
+
+# Only available in Python 3.12+
+TCP_ULP = 31
+
+with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
+
+    #print(sock.setsockopt(socket.SOL_TCP, TCP_ULP, camblet.CAMBLET))
+    sock.connect((hostname, port))
+
+    with context.wrap_socket(sock, server_hostname=hostname) as ssock:
+        print(ssock.version())
+
+        tls_info_data = ssock.getsockopt(camblet.SOL_CAMBLET, camblet.CAMBLET_TLS_INFO, ctypes.sizeof(camblet.CambletTlsInfo))
+        tls_info = camblet.CambletTlsInfo.from_buffer_copy(tls_info_data)
+        print(f"TLS Info camblet: {tls_info.camblet_enabled} ALPN: {tls_info.alpn} SPIFFE ID: {tls_info.spiffe_id} Peer SPIFFE ID: {tls_info.peer_spiffe_id}")
+
+        assert tls_info.alpn == b'camblet/passthrough'
+
+        # send some data
+        request = "GET / HTTP/1.1\r\nHost:%s\r\n\r\n" % hostname
+        ssock.send(request.encode())
+
+        response = http.HTTPResponse(ssock)
+        response.begin()
+        print(response.status)
+        print(response.headers)
+        print(response.read().decode())
+        response.close()
+    
\ No newline at end of file
diff --git a/test/smoke.sh b/test/smoke.sh
index a72894df..b943adf0 100755
--- a/test/smoke.sh
+++ b/test/smoke.sh
@@ -11,6 +11,9 @@ echo "Starting file server"
 echo "Starting file server with TLS"
 ./file-server -tls -port 8007 >/tmp/file-server-tls.log 2>&1 &
 
+echo "Starting file server with TLS for passthrough"
+./file-server -tls -port 8010 >/tmp/file-server-tls-passthrough.log 2>&1 &
+
 echo "Starting NGiNX in docker"
 sudo docker run -d --rm -p 8080:80 nginx
 
@@ -64,6 +67,9 @@ echo "Test sockopt on file-server with TLS"
 gcc -o sockopt test/sockopt.c
 ./sockopt
 
+echo "Test passthrough ALPN on file-server with TLS"
+python3 test/passthrough.py
+
 echo "Stop processes"
 sudo pkill python3
 sudo pkill file-server