#define GNU_SOURCE
#include <credentials/keys/private_key.h>

#include "creddy.h"

#include <termios.h>

#define ROLE_SEPARATOR " <- "
#define SHA1_LENGTH 40
/* Size of password memory allocation */
#define PWLEN 128

/* Callback configuration */
struct cb_opts {
    bool use_prompt;	/* Print a prompt to stderr */
    bool use_echo;	/* If true, turn off input echo on stdin */
    unsigned int tries;	/* Number of attempts allowed */
    char prompt[20];	/* The prompt to display if use_echo is true */
};

chunk_t passphrase_callback(void *user, int try) {
    /* Get a password from stdin and return it as a chunk_t.  If too many tries
     * have occurred or there is any other problem, return an empty chunk_t,
     * which libstrongswan takes as giving up.  The chunk is alloated here
     * (inside getline), and presumably freed by libstrongswan. User points to
     * a cb_opts struct, which affects this routine in the obvious ways.
     */
    /* Configuration options */
    struct cb_opts *opts = (struct cb_opts *) user;
    chunk_t rv = chunk_empty;	/* Return value, starts empty */

    if (try -1 < opts->tries ) {
	struct termios t;   /* Terminal settings */
	size_t len = 0;	    /* Length of string from getline */
	tcflag_t orig = 0;  /* Holds the original local flags (echo in here) */

	if (!opts->use_echo) {
	    /* Use tc{get,set}attr to turn echo off and restore the intial
	     * echo settings */
	    if (!tcgetattr(0, &t)) { 
		orig = t.c_lflag;

		t.c_lflag &= ~ECHO;
		if ( tcsetattr(0, TCSANOW, &t) ) { 
		    perror("Cannot turn off echo"); 
		    return rv;
		}
	    }
	    else {
		perror("Cannot turn get attributes to off echo"); 
		return rv;
	    }
	}
	if (opts->use_prompt) printf("%s", opts->prompt);

	/* Because rv.ptr starts as NULL, getline allocates memory.  The size
	 * of the allocation returns in rv.len and the size of the string
	 * (including newline and NUL) is in len.  */
	if ((rv.ptr = (u_char *) malloc(rv.len = PWLEN))) {
	    if ( fgets(rv.ptr, rv.len, stdin) ) {
		/* Readjust the chunk_t's len field to the size of the string
		 * w/o the newline or NUL */
		/* would prefer strnlen, but no such luck in FBSD7 or earlier*/
		size_t len = strlen(rv.ptr);

		if (rv.ptr[len-2] == '\n') rv.len = len-2;
		else rv.len = len -1;
	    }
	    else {
		/* Read failed.  Deallocate and clear rv */
		free(rv.ptr);
		rv = chunk_empty;
	    }
	}
	else {
	    /* Failed malloc.  Restore rv to empty and return it */
	    perror("malloc");
	    rv = chunk_empty;
	    return rv;
	}

	if (!opts->use_echo ) {
	    /* Pop echo beck to its original setting. */
	    t.c_lflag = orig;

	    if ( tcsetattr(0, TCSANOW, &t) ) 
		perror("Cannot restore echo setting?"); 

	    if (opts->use_prompt) printf("\n");
	}
    }
    else fprintf(stderr, "Too many tries (%d)", try-1);
    return rv;
}


void attribute_main(options_t *opts) {
    char *subject_id = NULL;
    struct cb_opts c_opts = { 1, 0, 3, "Key password:" };

    if (
        opts->issuer == NULL ||
        opts->key == NULL ||
        opts->role == NULL ||
        opts->out == NULL
    )
        usage(opts);

    // make sure we have exactly one of --subject-cert / --subject-id
    if (opts->subject_cert == NULL && opts->subject_id == NULL)
        usage(opts);
    if (opts->subject_cert && opts->subject_id) {
        printf("Need exactly one of --subject-cert / --subject-id");
        usage(opts);
    }

    // if we have an ID, make sure it's SHA1 and lowercase
    if (opts->subject_id) {
        int i;
        subject_id = opts->subject_id;

        // hex chars (also convert to lowercase)
        for (i = 0; subject_id[i]; ++i) {
            subject_id[i] = tolower(subject_id[i]);
            if (!isxdigit(subject_id[i])) {
                printf("Invalid subject ID: must be SHA1\n");
                usage(opts);
            }
        }

        // correct length
        if (i != SHA1_LENGTH) {
            printf("Invalid subject ID: must be SHA1 (too long)\n");
            usage(opts);
        }
    }

    if (!clean_name(opts->role)) {
        printf("bad role name\n");
        usage(opts);
    }

    // verify the subject role name if present
    if (opts->subject_role) {
        char *role = opts->subject_role;
        char *start[3];
        int name_parts = 0, i;

        start[name_parts++] = role;

        for (i = 0; role[i] != '\0'; ++i)
            if (role[i] == '.') {
                if (name_parts == 3) {
                    printf("bad subject role name (too many dots)\n");
                    usage(opts);
                }
                start[name_parts++] = &role[i+1];
                role[i] = 0;
            }

        for (i = 0; i < name_parts; ++i)
            if (!clean_name(start[i])) {
                printf("bad subject role name\n");
                usage(opts);
            }

        for (i = 1; i < name_parts; ++i)
            *(start[i]-1) = '.'; // replace the dot
    }

    if (opts->validity < 0) {
        printf("Validity must be >= 1 day\n");
        usage(opts);
    }

    chunk_t pw = chunk_empty;
    // load signer key
    private_key_t *key = lib->creds->create(lib->creds,
        CRED_PRIVATE_KEY, KEY_RSA,
        BUILD_FROM_FILE, opts->key,
	/* Ask for password if the key's encrypted */
	BUILD_PASSPHRASE_CALLBACK, passphrase_callback, &c_opts, 
        BUILD_END
    );
    if (key == NULL)
        errx(1, "can't open private key file %s", opts->key);

    // get the keyids
    certificate_t *issuer = cert_from_file(opts->issuer);
    char *issuer_id = cert_keyid(issuer);

    // subject keyid from cert if it wasn't passed in
    if (opts->subject_cert) {
        certificate_t *subject = cert_from_file(opts->subject_cert);
        subject_id = cert_keyid(subject);
        DESTROY_IF(subject);
    }

    // build the role encoding
    int role_encoding_len = 1; // for nul terminator
    role_encoding_len += strlen(issuer_id) + 1 + strlen(opts->role);
    role_encoding_len += sizeof(ROLE_SEPARATOR) - 1;
    role_encoding_len += strlen(subject_id);
    if (opts->subject_role)
        role_encoding_len += 1 + strlen(opts->subject_role);

    char *role_encoding = xmalloc(role_encoding_len);
    role_encoding[0] = '\0';

    sprintf(role_encoding, "%s.%s" ROLE_SEPARATOR "%s", issuer_id, opts->role, subject_id);
    if (opts->subject_role) {
        strcat(role_encoding, ".");
        strcat(role_encoding, opts->subject_role);
    }

    free(issuer_id);

    // if opts->subject_id, the memory will be freed in main
    if (opts->subject_cert)
        free(subject_id);

    // create attribute cert
    time_t not_before = time(NULL);
    time_t not_after = not_before + opts->validity * 3600 * 60 * 60;
    chunk_t serial = generate_serial();

    certificate_t *attr_cert = lib->creds->create(lib->creds,
        CRED_CERTIFICATE, CERT_X509_AC,
        BUILD_CERT, issuer,
        BUILD_NOT_BEFORE_TIME, not_before,
        BUILD_NOT_AFTER_TIME, not_after,
        BUILD_SERIAL, serial,
        BUILD_IETF_GROUP_ATTR, role_encoding,
        BUILD_SIGNING_CERT, issuer,
        BUILD_SIGNING_KEY, key,
        BUILD_END
    );
    if (attr_cert == NULL)
        errx(1, "Couldn't build attribute cert");

    // write to file
    chunk_t encoding = attr_cert->get_encoding(attr_cert);

    FILE *out = fopen(opts->out, "w");
    if (out == NULL)
        err(1, "Can't open attribute cert output file %s", opts->out);
    fwrite(encoding.ptr, encoding.len, 1, out);
    fclose(out);

    free(role_encoding);
    free(serial.ptr);
    DESTROY_IF(attr_cert);
    DESTROY_IF(issuer);
    DESTROY_IF(key);
}