#include <stdio.h>
#include <string.h>

#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/bio.h>

#include "librez.h"

static void	librez_ssl_ctx_error(void)
{
  ERR_print_errors_fp(stderr);
  exit(1);
}

static int librez_pem_passwd_cb(char *buf, int size, int __attribute__ ((unused)) rwflag, void *password)
{
  strncpy(buf, (char *)(password), size);
  buf[size - 1] = '\0';
  return(strlen(buf));
}

void			librez_ssl_ctx_server(t_rez __attribute__ ((unused)) *d_rez,
					      SSL_CTX **ctx, char *password)
{
  STACK_OF(X509_NAME)	*cert_names;
  BIO			*bio;
  DH			*dh;

  SSL_load_error_strings();
  SSL_library_init();
  *ctx = SSL_CTX_new(SSLv23_method());
/*   if (SSL_CTX_set_cipher_list(*ctx, "DHE-DSS-AES256-SHA") != 1) */
/*     librez_ssl_ctx_error(); */
  if (SSL_CTX_use_certificate_file(*ctx, "server.crt", SSL_FILETYPE_PEM) != 1)
    librez_ssl_ctx_error();
  SSL_CTX_set_default_passwd_cb(*ctx, librez_pem_passwd_cb);
  SSL_CTX_set_default_passwd_cb_userdata(*ctx, strdup(password));
  if (SSL_CTX_use_PrivateKey_file(*ctx, "server.key", SSL_FILETYPE_PEM) != 1)
    librez_ssl_ctx_error();
  if (SSL_CTX_check_private_key(*ctx) != 1)
    librez_ssl_ctx_error();
  if (SSL_CTX_load_verify_locations(*ctx, "rootca.crt", NULL) != 1)
    librez_ssl_ctx_error();
  SSL_CTX_set_verify(*ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
  if ((cert_names = SSL_load_client_CA_file("rootca.crt")) == NULL)
    librez_ssl_ctx_error();
  SSL_CTX_set_client_CA_list(*ctx, cert_names);
  if ((bio = BIO_new_file("dsa1024.dh", "r")) == NULL)
    librez_ssl_ctx_error();
  dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
  BIO_free(bio);
  SSL_CTX_set_tmp_dh(*ctx, dh);
  SSL_CTX_set_verify_depth(*ctx, 1);
}

void			librez_ssl_ctx_client(t_rez __attribute__ ((unused)) *d_rez,
					      SSL_CTX **ctx, char *password)
{
  SSL_load_error_strings();
  SSL_library_init();
  *ctx = SSL_CTX_new(SSLv23_method());
  if (SSL_CTX_load_verify_locations(*ctx, "rootca.crt", NULL) != 1)
    librez_ssl_ctx_error();
  if (SSL_CTX_use_certificate_file(*ctx, "client.crt", SSL_FILETYPE_PEM) != 1)
    librez_ssl_ctx_error();
  SSL_CTX_set_default_passwd_cb(*ctx, librez_pem_passwd_cb);
  SSL_CTX_set_default_passwd_cb_userdata(*ctx, strdup(password));
  if (SSL_CTX_use_PrivateKey_file(*ctx, "client.key", SSL_FILETYPE_PEM) != 1)
    librez_ssl_ctx_error();
  SSL_CTX_set_verify_depth(*ctx, 1);
}