/*
 # Copyright (c) 2009 - OpenSLX Project, Computer Center University of Freiburg
 #
 # This program is free software distributed under the GPL version 2.
 # See http://openslx.org/COPYING
 #
 # If you have any feedback please consult http://openslx.org/feedback and
 # send your suggestions, praise, or complaints to feedback@openslx.org
 #
 # General information about OpenSLX can be found at http://openslx.org/
 # -----------------------------------------------------------------------------
 # src/util/CertManager.cpp
 #    - Manage SSL certificates
 #    - provide access by name
 # -----------------------------------------------------------------------------
 */

#define CERTSTORAGE ".config/openslx/pvs2/"

#include "certmanager.h"
#include <QMap>
#include <QDir>
#include <QDebug>
#include <QFileInfo>
#include <QSettings>
#include <QMessageBox>
#include <QApplication>
#include <cstdlib>

namespace CertManager
{
static QMap<QString, QSslCertificate> _certs;
static QMap<QString, QSslKey> _keys;

static void generateFiles(QString& key, QString& cert);
static bool loadFiles(QString& keyFile, QString& certFile, QSslKey &key, QSslCertificate &cert);

bool getPrivateKeyAndCert(const QString &name, QSslKey &key, QSslCertificate &cert)
{
	if (_keys.contains(name)) {
		key = _keys[name];
		cert = _certs[name];
		return true;
	}
	QString certDir = QDir::homePath().append("/").append(CERTSTORAGE);
	if (!QDir::root().mkpath(certDir)) {
		certDir = QString("/tmp/") + QString::number(qrand()) + "-" + QString::number(qrand()) + "/";
		QDir::root().mkpath(certDir);
	}
	QString certFile = certDir.append(name);
	QString keyFile = certFile;
	keyFile.append(".rsa");
	certFile.append(".crt");
	//
	if (!loadFiles(keyFile, certFile, key, cert)) {
		generateFiles(keyFile, certFile);
		if (!loadFiles(keyFile, certFile, key, cert)) {
			qDebug() << "error while creating cert and key files";
			return false;
		}
	}
	_certs.insert(name, cert);
	_keys.insert(name, key);
	return true;
}

void fatal()
{
	QMessageBox::critical(NULL, QCoreApplication::trUtf8("OpenSSL error", "CertManager"),
			QCoreApplication::trUtf8("Could not generate certificates for secure connections.\n"
			"PVS will not work.\n\n"
			"Press OK to quit.", "CertManager"));
	qApp->exit(1);
}

static bool loadFiles(QString& keyFile, QString& certFile, QSslKey &key, QSslCertificate &cert)
{
	QFileInfo keyInfo(keyFile);
	QFileInfo certInfo(certFile);
	if (keyInfo.exists() && certInfo.exists()) {
		// Both files exist, see if they're valid and return
		QFile kf(keyFile);
		kf.open(QFile::ReadOnly);
		key = QSslKey(&kf, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
		QList<QSslCertificate> certlist = QSslCertificate::fromPath(certFile);
		if (!key.isNull() && !certlist.empty()) {
			cert = certlist.first();
			if (!cert.isNull()) {
				return true;
			}
		}
	}
	return false;
}

static void generateFiles(QString& key, QString& cert)
{
	char tmp[1000];
	remove(key.toLocal8Bit().data());
	remove(cert.toLocal8Bit().data());
	snprintf(tmp, 1000,
	         "openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -subj '/C=DE/ST=BaWue/L=Freiburg/CN=openslx.org' -keyout \"%s\" -out \"%s\"",
	         key.toLocal8Bit().data(), cert.toLocal8Bit().data());
	system(tmp);
	snprintf(tmp, 1000, "chmod 0600 \"%s\" \"%s\"", key.toLocal8Bit().data(), cert.toLocal8Bit().data());
	system(tmp);
}
}