/*
# Copyright (c) 2009 - OpenSLX Project, Computer Center University of Freiburg
#
# This program is free software distributed under the GPL version 2.
# See http://openslx.org/COPYING
#
# If you have any feedback please consult http://openslx.org/feedback and
# send your suggestions, praise, or complaints to feedback@openslx.org
#
# General information about OpenSLX can be found at http://openslx.org/
# -----------------------------------------------------------------------------
# src/util/CertManager.cpp
#    - Manage SSL certificates
#    - provide access by name
# -----------------------------------------------------------------------------
*/

#include "CertManager.h"
#include "util.h"
#include <QMap>
#include <QFileInfo>
#include <cstdlib>

namespace CertManager
{
    static QMap<QString, QSslCertificate> _certs;
    static QMap<QString, QSslKey> _keys;

    void generateFiles(QString key, QString cert);

    QSslKey getPrivateKey(QString name) {
        if (_keys.contains(name)) return _keys[name];
        QString cert = getPolicyFilePath(name);
        QString key = cert;
        key.append(".rsa");
        cert.append(".crt");
        //
        QFileInfo keyfile(key);
        QFileInfo certfile(cert);
        if (keyfile.exists() && certfile.exists())
        {   // It wouldn't make sense to have one without the other
            if (getCertificate(name).isNull()) return QSslKey();
            QFile f(key);
            f.open(QFile::ReadOnly);
            QSslKey k = QSslKey(&f, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
            _keys.insert(name, k);
            return k;
        }
        generateFiles(key, cert);
        keyfile = QFileInfo(key);
        if (!keyfile.exists() || getCertificate(name).isNull()) return QSslKey();
        QFile f(key);
        f.open(QFile::ReadOnly);
        QSslKey k = QSslKey(&f, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
        if (!k.isNull()) _keys.insert(name, k);
        return k;
    }

    QSslCertificate getCertificate(QString name) {
        if (_certs.contains(name)) return _certs[name];
        QString cert = getPolicyFilePath(name);
        cert.append(".crt");
        //
        QFileInfo certfile(cert);
        if (certfile.exists())
        {
            QList<QSslCertificate> certlist = QSslCertificate::fromPath(cert);
            if (certlist.empty()) return QSslCertificate();
            QSslCertificate c = certlist.first();
            if (!c.isNull()) _certs.insert(name, c);
            return c;
        }
        return QSslCertificate();
    }

    void generateFiles(QString key, QString cert)
    {
        char tmp[1000];
        unlink(key.toLocal8Bit().data());
        unlink(cert.toLocal8Bit().data());
        snprintf(tmp, 1000, "openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -subj '/C=DE/ST=BaWue/L=Freiburg/CN=openslx.org' -keyout \"%s\" -out \"%s\"",
                key.toLocal8Bit().data(), cert.toLocal8Bit().data());
        system(tmp);
        snprintf(tmp, 1000, "chmod 0600 \"%s\" \"%s\"", key.toLocal8Bit().data(), cert.toLocal8Bit().data());
        system(tmp);
    }
}