#!/bin/bash
######################################################################
# kssld_start                                              August 2005
#
# KSSLD: An implementation of SSL/TLS in the Linux Kernel
# Copyright (C) 2005  NTT COMWARE Corporation.
#
# This file based in part on code from LVS www.linuxvirtualserver.org
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301, USA.
#
######################################################################

usage() 
{
	#echo "kssld_start software|aep_user|aep_kernel" >&2
	echo "kssld_start software|aep_user VSERV..." >&2
	echo "" >&2
	echo "where VSERV is in the form server:port" >&2
	exit 1
}

# Check arguments
if [ $# -le 1 ]; then
	usage
fi
#if [ $1 != "software" -a $1 != "aep_user" -a $1 != "aep_kernel" ]; then
if [ $1 != "software" -a $1 != "aep_user" ]; then
	usage
fi
ASYM_METHOD="$1"

# This is a bit nasty
# Make sure that we are in a known directory
# This should go away once the build system knows
# how to install things
cd $(dirname $0) || exit 1

# 

# Create a key and certificate if one doesn't already exist
if test ! -f ../key_tool/pem/key.rsa.pem; then
	test -d ../key_tool/pem || mkdir ../key_tool/pem || exit 1
	( cd ../key_tool/pem && ../kssl_key_gen ) || exit 1
fi      

# Make sure the des module is installed
# This should happen automatically but if a request is made for des3
# the current crypto code doesn't know to load des
modprobe des

# Remove our modules so they can be reinserted
rmmod kssld >& /dev/null
rmmod asym >& /dev/null
rmmod ssl3mac >& /dev/null

# Insert module for asymetric encryption (RSA)
insmod ../asym/asym.o || exit 1

# Insert module for SSL3 MAC
insmod ../crypto/ssl3mac.o || exit 1

# Insert Kssld itself
insmod ./kssld.o || exit 1

shift
for VSERV in $@; do
echo -n "$VSERV..."

# Create a stopped daemon
../key_tool/kssl_key_tool set mode $VSERV stop || exit 1

# Set the key and certificate
../key_tool/kssl_key_tool set rsa $VSERV ../key_tool/pem/key.rsa.pem \
	../key_tool/pem/cert.rsa.pem || exit 1

# Set the real server to make plain-text connections to
# e.g. A local web-server
../key_tool/kssl_key_tool set real $VSERV 127.0.0.1:80 || exit 1

# Set the asymetric encryption (RSA) method to use
# software, aep_user or aep_kernel
../key_tool/kssl_key_tool set asym_methods $VSERV $ASYM_METHOD || exit 1

# Reorder ciphers so AES128 comes before AES256
# This is for benchmarking against apache-ssl,
# which seems to like to use AES128.
# By default it is stopped
../key_tool/kssl_key_tool set ciphers $VSERV TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_NULL_MD5 || exit 1

# Start the daemon so it will accept connections
# By default it is stopped
../key_tool/kssl_key_tool set mode $VSERV start || exit 1

echo " ok!"
done

exit 0
