#!/bin/bash

## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

#### meta start
#### project Whonix
#### category networking and firewall
#### description
## stream isolation developer test script
#### meta end

## Currently only useful for manual execution from within a
## Qubes-Whonix-Workstation. (Otherwise out comment test using qubesdb-read.)

set -x
set -e
set -o pipefail
set -o errtrace

error_handler() {
  true "ERROR: ERROR!"
  exit 1
}

trap error_handler ERR

if UWT_DEV_PASSTHROUGH=1 scurl --fail --proxy socks5h://127.0.0.1:9117 https://check.torproject.org; then
  true "ERROR: FAILED!"
  exit 1
else
  true "INFO: Failed as expected, ok."
fi

## No proxy settings at all, using "real" transparent proxying.
## NOTE: Would fail if transparent proxying was disabled.
ip_transparent="$(UWT_DEV_PASSTHROUGH=1 scurl --fail https://check.torproject.org/api/ip)"

## tests should should fail if transparent proxying is disabled
## IP HARDCODED but no need to change since comment only.
#UWT_DEV_PASSTHROUGH=1 scurl --fail --proxy socks5h://10.152.152.12:9117 https://check.torproject.org/api/ip

## Using usual uwt.
ip_socksified_uwt="$(scurl --fail https://check.torproject.org/api/ip)"

ip_socksified_two="$(UWT_DEV_PASSTHROUGH=1 scurl --fail --proxy socks5h://$(qubesdb-read /qubes-gateway):9117 https://check.torproject.org/api/ip)"

ip_socksified_three="$(UWT_DEV_PASSTHROUGH=1 scurl --fail --proxy socks5h://192.168.0.10:9117 https://check.torproject.org/api/ip)"

## IP HARDCODED but only used during manual testing.
ip_socksified_four="$(UWT_DEV_PASSTHROUGH=1 scurl --fail --proxy socks5h://10.152.152.10:9117 https://check.torproject.org/api/ip)"

if [ "$ip_transparent" = "$ip_socksified_uwt" ]; then
  true "ERROR: Maybe FAILED! (IP change could be due to Tor.) Try again."
  exit 1
fi
if [ "$ip_transparent" = "$ip_socksified_two" ]; then
  true "ERROR: Maybe FAILED! (IP change could be due to Tor.) Try again."
  exit 1
fi
if [ "$ip_transparent" = "$ip_socksified_three" ]; then
  true "ERROR: Maybe FAILED! (IP change could be due to Tor.) Try again."
  exit 1
fi
if [ "$ip_transparent" = "$ip_socksified_four" ]; then
  true "ERROR: Maybe FAILED! (IP change could be due to Tor.) Try again."
  exit 1
fi

true "OK."
