/* Copyright (c) 1998,2003-2006,2008 Apple Inc.
 *
 * caVerify.cpp
 *
 * Verify proper detection of basicConstraints.cA
 */

#include <utilLib/common.h>
#include <utilLib/cspwrap.h>
#include <security_cdsa_utils/cuFileIo.h>
#include <clAppUtils/CertBuilderApp.h>
#include <clAppUtils/clutils.h>
#include <clAppUtils/timeStr.h>
#include <clAppUtils/tpUtils.h>
#include <security_cdsa_utils/cuPrintCert.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <Security/cssm.h>
#include <Security/x509defs.h>
#include <Security/oidsattr.h>
#include <Security/oidscert.h>
#include <Security/oidsalg.h>
#include <Security/certextensions.h>
#include <Security/cssmapple.h>
#include <string.h>

/* define nonzero to build on Puma */
#define PUMA_BUILD			0

/* default key and signature algorithm */
#define SIG_ALG_DEFAULT		CSSM_ALGID_SHA1WithRSA
#define KEY_ALG_DEFAULT		CSSM_ALGID_RSA

#define NUM_CERTS_DEF		5		/* default is random from 2 to this */
#define NUM_LOOPS_DEF		100

#if		PUMA_BUILD
extern "C" {
	void cssmPerror(const char *how, CSSM_RETURN error);
}
#endif	/* PUMA_BUILD */

static void usage(char **argv)
{
	printf("Usage: %s [options]\n", argv[0]);
	printf("Options:\n");
	printf("   n=numCerts (default=random from 2 to %d)\n", NUM_CERTS_DEF);
	printf("   a=alg  where alg is s(RSA/SHA1), 5(RSA/MD5), f(FEE/MD5), "
			"F(FEE/SHA1), e(ECDSA), E(ANSI/ECDSA), 6(ECDSA/SHA256)\n");
	printf("   k=keySizeInBits\n");
	printf("   c (dump certs on error)\n");
	printf("   l=numLoops (default = %d)\n", NUM_LOOPS_DEF);
	exit(1);
}

void showCerts(
	const CSSM_DATA *certs,
	unsigned numCerts)
{
	unsigned i;
	
	for(i=0; i<numCerts; i++) {
		printf("======== cert %d ========\n", i);
		printCert(certs[i].Data, certs[i].Length, CSSM_FALSE);
		printf("\n\n");
	}
}

void writeCerts(
	const CSSM_DATA *certs,
	unsigned numCerts)
{
	unsigned i;
	char fileName[80];
	
	for(i=0; i<numCerts; i++) {
		sprintf(fileName, "caVerifyCert%u.cer", i);
		writeFile(fileName, certs[i].Data, certs[i].Length);
		printf("....wrote %lu bytes to %s\n", certs[i].Length, fileName);
	}
}

/* 
 * Generate a cert chain using specified key pairs and extensions.
 * The last cert in the chain (certs[numCerts-1]) is a root cert, 
 * self-signed. 
 */
static CSSM_RETURN tpGenCertsExten(
	CSSM_CSP_HANDLE		cspHand,
	CSSM_CL_HANDLE		clHand,
	CSSM_ALGORITHMS		sigAlg,			/* CSSM_ALGID_SHA1WithRSA, etc. */
	unsigned			numCerts,
	/* per-cert arrays */
	const char 			*nameBase,		/* C string */
	CSSM_KEY_PTR		pubKeys,		/* array of public keys */
	CSSM_KEY_PTR		privKeys,		/* array of private keys */
	CSSM_X509_EXTENSION	**extensions,
	unsigned			*numExtensions,
	CSSM_DATA_PTR		certs,			/* array of certs RETURNED here */
	const char			*notBeforeStr,	/* from genTimeAtNowPlus() */
	const char			*notAfterStr)	/* from genTimeAtNowPlus() */

{
	int 				dex;
	CSSM_RETURN			crtn;
	CSSM_X509_NAME		*issuerName = NULL;
	CSSM_X509_NAME		*subjectName = NULL;
	CSSM_X509_TIME		*notBefore;			// UTC-style "not before" time
	CSSM_X509_TIME		*notAfter;			// UTC-style "not after" time
	CSSM_DATA_PTR		rawCert = NULL;		// from CSSM_CL_CertCreateTemplate
	CSSM_DATA			signedCert;			// from CSSM_CL_CertSign	
	uint32				rtn;
	CSSM_KEY_PTR		signerKey;			// signs the cert
	CSSM_CC_HANDLE		signContext;
	char				nameStr[100];
	CSSM_DATA_PTR		thisCert;			// ptr into certs[]
	CB_NameOid			nameOid;
	
	nameOid.oid = &CSSMOID_OrganizationName;	// const
	nameOid.string = nameStr;
	
	/* main loop - once per keypair/cert - starting at end/root */
	for(dex=numCerts-1; dex>=0; dex--) {
		thisCert = &certs[dex];
		
		thisCert->Data = NULL;
		thisCert->Length = 0;
		
		sprintf(nameStr, "%s%04d", nameBase, dex);
		if(issuerName == NULL) {
			/* last (root) cert - subject same as issuer */
			issuerName = CB_BuildX509Name(&nameOid, 1); 
			/* self-signed */
			signerKey = &privKeys[dex];
		}
		else {
			/* previous subject becomes current issuer */
			CB_FreeX509Name(issuerName);
			issuerName = subjectName;
			signerKey = &privKeys[dex+1];
		}
		subjectName = CB_BuildX509Name(&nameOid, 1);
		if((subjectName == NULL) || (issuerName == NULL)) {
			printf("Error creating X509Names\n");
			crtn = CSSMERR_CSSM_MEMORY_ERROR;
			break;
		}
		
		/* 
		 * not before/after in Y2k-compliant generalized time format.
		 * These come preformatted from our caller. 
		 */
		notBefore = CB_BuildX509Time(0, notBeforeStr);
		notAfter  = CB_BuildX509Time(0, notAfterStr);

		/* 
		 * Cook up cert template 
		 * Note serial number would be app-specified in real world
		 */
		rawCert = CB_MakeCertTemplate(clHand,
			0x12345 + dex,	// serial number
			issuerName,
			subjectName,
			notBefore,
			notAfter,
			&pubKeys[dex],
			sigAlg,
			NULL,						// subj unique ID
			NULL,						// issuer unique ID
			extensions[dex],			// extensions
			numExtensions[dex]);		// numExtensions
	
		if(rawCert == NULL) {
			crtn = CSSM_ERRCODE_INTERNAL_ERROR;
			break;
		}

		/* Free the stuff we allocd to get here */
		CB_FreeX509Time(notBefore);
		CB_FreeX509Time(notAfter);

		/**** sign the cert ****/
		/* 1. get a signing context */
		crtn = CSSM_CSP_CreateSignatureContext(cspHand,
				sigAlg,
				NULL,			// no passphrase for now
				signerKey,
				&signContext);
		if(crtn) {
			printError("CreateSignatureContext", crtn);
			break;
		}
		
		/* 2. use CL to sign the cert */ 
		signedCert.Data = NULL;
		signedCert.Length = 0;
		crtn = CSSM_CL_CertSign(clHand,
			signContext,
			rawCert,			// CertToBeSigned
			NULL,				// SignScope per spec
			0,					// ScopeSize per spec
			&signedCert);
		if(crtn) {
			printError("CSSM_CL_CertSign", crtn);
			break;
		}
		
		/* 3. delete signing context */
		crtn = CSSM_DeleteContext(signContext);
		if(crtn) {
			printError("CSSM_DeleteContext", crtn);
			break;
		}

		/* 
		 * CSSM_CL_CertSign() returned us a mallocd CSSM_DATA. Copy
		 * its fields to caller's cert. 
		 */
		certs[dex] = signedCert;
		
		/* and the raw unsigned cert as well */
		appFreeCssmData(rawCert, CSSM_TRUE);
		rtn = 0;
	}
	
	/* free resources */
	if(issuerName != NULL) {
		CB_FreeX509Name(issuerName);
	}
	if(subjectName != NULL) {
		CB_FreeX509Name(subjectName);
	}
	return crtn;
}

static int doTest(
	CSSM_CSP_HANDLE	cspHand,		// CSP handle
	CSSM_CL_HANDLE	clHand,			// CL handle
	CSSM_TP_HANDLE	tpHand,			// TP handle
	unsigned		numCerts,		// >= 2
	CSSM_KEY_PTR	pubKeys,
	CSSM_KEY_PTR	privKeys,
	CSSM_ALGORITHMS	sigAlg,
	CSSM_BOOL		expectFail,
	CSSM_BOOL		dumpCerts,
	CSSM_BOOL		quiet)
{
	CSSM_DATA_PTR		certs;
	CSSM_X509_EXTENSION	**extens;
	unsigned			*numExtens;
	char 				*notBeforeStr = genTimeAtNowPlus(0);
	char 				*notAfterStr = genTimeAtNowPlus(10000);
	unsigned			certDex;
	CE_BasicConstraints	*bc;
	CSSM_X509_EXTENSION *thisExten;
	CE_BasicConstraints *thisBc;
	const char			*failMode = "not set - internal error";
	CSSM_RETURN			crtn;
	unsigned 			badCertDex = 0;
	
	certs = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA) * numCerts);
	memset(certs, 0, sizeof(CSSM_DATA) * numCerts);
	
	/*
	 * For now just zero or one extension per cert - basicConstraints. 
	 * Eventually we'll want to test keyUsage as well.
	 */
	extens = (CSSM_X509_EXTENSION **)malloc(sizeof(CSSM_X509_EXTENSION *) * numCerts);
	memset(extens, 0, sizeof(CSSM_X509_EXTENSION *) * numCerts);
	numExtens = (unsigned *)malloc(sizeof(unsigned) * numCerts);
	bc = (CE_BasicConstraints *)malloc(sizeof(CE_BasicConstraints) * numCerts);
	
	/*
	 * Set up all extensions for success
	 */
	for(certDex=0; certDex<numCerts; certDex++) {
		extens[certDex] = (CSSM_X509_EXTENSION *)malloc(sizeof(CSSM_X509_EXTENSION));
		numExtens[certDex] = 1;
		thisExten = extens[certDex];
		thisBc = &bc[certDex];
		
		thisExten->extnId = CSSMOID_BasicConstraints;
		thisExten->critical = CSSM_TRUE;
		thisExten->format = CSSM_X509_DATAFORMAT_PARSED;
		thisExten->value.parsedValue = thisBc;
		thisExten->BERvalue.Data = NULL;
		thisExten->BERvalue.Length = 0;

		if(certDex == 0) {
			/* leaf - flip coin to determine presence of basicConstraints */
			int coin = genRand(1,2);
			if(coin == 1) {
				/* basicConstraints, !cA */
				thisBc->cA = CSSM_FALSE;
				thisBc->pathLenConstraintPresent = CSSM_FALSE;
				thisBc->pathLenConstraint = 0;
			}
			else {
				/* !basicConstraints, !cA by default */
				numExtens[certDex] = 0;
			}
		}
		else if(certDex == (numCerts-1)) {
			/* root - flip coin to determine presence of basicConstraints */
			int coin = genRand(1,2);
			if(coin == 1) {
				/* basicConstraints, cA */
				thisBc->cA = CSSM_TRUE;
				/* flip coin to determine present of pathLenConstraint */
				coin = genRand(1,2);
				if(coin == 1) {
					thisBc->pathLenConstraintPresent = CSSM_FALSE;
					thisBc->pathLenConstraint = 0;
				}
				else {
					thisBc->pathLenConstraintPresent = CSSM_TRUE;
					thisBc->pathLenConstraint = genRand(certDex-1, numCerts+1);
				}
			}
			else {
				/* !basicConstraints, cA by default */
				numExtens[certDex] = 0;
			}
		}
		else {
			/* intermediate = cA required */
			thisBc->cA = CSSM_TRUE;
			/* flip coin to determine presence of pathLenConstraint */
			int coin = genRand(1,2);
			if(coin == 1) {
				thisBc->pathLenConstraintPresent = CSSM_FALSE;
				thisBc->pathLenConstraint = 0;
			}
			else {
				thisBc->pathLenConstraintPresent = CSSM_TRUE;
				thisBc->pathLenConstraint = genRand(certDex-1, numCerts+1);
			}
		}
	}
	
	if(expectFail) {
		/* introduce a failure */
		if(numCerts == 2) {
			/* only possible failure is explicit !cA in root */
			/* don't assume presence of BC exten */
			badCertDex = 1;
			thisExten = extens[badCertDex];
			thisBc = &bc[badCertDex];
			thisBc->cA = CSSM_FALSE;
			thisBc->pathLenConstraintPresent = CSSM_FALSE;
			bc->pathLenConstraint = 0;
			numExtens[badCertDex] = 1;
			failMode = "Explicit !cA in root";
		}
		else {
			/* roll the dice to select an intermediate cert */
			badCertDex = genRand(1, numCerts-2);
			thisExten = extens[badCertDex];
			if((thisExten == NULL) || (numExtens[badCertDex] == 0)) {
				printf("***INTERNAL SCREWUP\n");
				exit(1);
			}
			thisBc = &bc[badCertDex];
			
			/* 
			 * roll die: fail by 
			 *   -- no BasicConstraints
			 *   -- !cA
			 *   -- bad pathLenConstraint 
			 */
			int die = genRand(1,3);
			if((die == 1) &&
			   (badCertDex != 1)) {		// last cA doesn't need pathLenConstraint 
				thisBc->pathLenConstraintPresent = CSSM_TRUE;
				thisBc->pathLenConstraint = badCertDex - 2;	// one short
				failMode = "Short pathLenConstraint";
			}
			else if(die == 2) {
				thisBc->cA = CSSM_FALSE;
				failMode = "Explicit !cA in intermediate";
			}
			else {
				/* no extension */
				numExtens[badCertDex] = 0;
				failMode = "No BasicConstraints in intermediate";
			}
		}
	}
	if(!quiet && expectFail) {
		printf("   ...bad cert at index %d: %s\n", badCertDex, failMode);
	}
	
	/* here we go - create cert chain */
	crtn = tpGenCertsExten(cspHand,
		clHand,
		sigAlg,
		numCerts,
		"caVerify",		// nameBase
		pubKeys,
		privKeys,
		extens,
		numExtens,
		certs,
		notBeforeStr,
		notAfterStr);
	if(crtn) {
		printError("tpGenCertsExten", crtn);
		return crtn;	// and leak like crazy 
	}
	
	CSSM_CERTGROUP  cgrp;
	memset(&cgrp, 0, sizeof(CSSM_CERTGROUP));
	cgrp.NumCerts = numCerts;
	#if		PUMA_BUILD
	cgrp.CertGroupType = CSSM_CERTGROUP_ENCODED_CERT;
	#else
	/* Jaguar */
	cgrp.CertGroupType = CSSM_CERTGROUP_DATA;
	#endif	/* PUMA_BUILD */
	cgrp.CertType = CSSM_CERT_X_509v3;
	cgrp.CertEncoding = CSSM_CERT_ENCODING_DER; 
	cgrp.GroupList.CertList = certs;
	
	#if		PUMA_BUILD
	crtn = tpCertGroupVerify(tpHand,
		clHand,
		cspHand,
		NULL,						// DlDbList
		&CSSMOID_APPLE_X509_BASIC,	// SSL requires built-in root match 
		&cgrp,
		/* pass in OUR ROOT as anchors */
		(CSSM_DATA_PTR)&certs[numCerts-1],		// anchorCerts
		1,
		CSSM_TP_STOP_ON_POLICY, 
		CSSM_FALSE,					// allowExpired
		NULL);						// vfyResult
	#else
	/* Jaguar */
	crtn = tpCertGroupVerify(tpHand,
		clHand,
		cspHand,
		NULL,						// DlDbList
		&CSSMOID_APPLE_TP_SSL,		// may want to parameterize this
		NULL,						// fieldOpts for server name
		NULL,						// actionDataPtr for allow expired
		NULL,						// policyOpts
		&cgrp,
		/* pass in OUR ROOT as anchors */
		(CSSM_DATA_PTR)&certs[numCerts-1],		// anchorCerts
		1,
		CSSM_TP_STOP_ON_POLICY, 
		NULL,						// cssmTimeStr
		NULL);						// vfyResult
	#endif	/* PUMA_BUILD */
	if(expectFail) {
		if(crtn != CSSMERR_TP_VERIFY_ACTION_FAILED) {
			cssmPerror("***Expected error TP_VERIFY_ACTION_FAILED; got ", crtn);
			printf("   Expected failure due to %s\n", failMode);
			if(dumpCerts) {
				showCerts(certs, numCerts);
				writeCerts(certs, numCerts);
			}
			return testError(quiet);
		}
	}
	else if(crtn) {
		cssmPerror("Unexpected failure on tpCertGroupVerify", crtn);
		if(dumpCerts) {
			showCerts(certs, numCerts);
		}
		return testError(quiet);
	}
		
	/* clean up */
	return 0;
}

int main(int argc, char **argv)
{
	CSSM_CL_HANDLE	clHand;			// CL handle
	CSSM_CSP_HANDLE	cspHand;		// CSP handle
	CSSM_TP_HANDLE	tpHand;
	CSSM_KEY_PTR	pubKeys;
	CSSM_KEY_PTR	privKeys;
	CSSM_RETURN		crtn;
	int				arg;
	unsigned		certDex;
	unsigned		loopNum;
	unsigned		maxCerts;
	
	/* user-spec'd variables */
	CSSM_ALGORITHMS	keyAlg = KEY_ALG_DEFAULT;
	CSSM_ALGORITHMS sigAlg = SIG_ALG_DEFAULT;
	uint32			keySizeInBits = CSP_KEY_SIZE_DEFAULT;
	unsigned 		numCerts = 0;			// means random per loop
	unsigned 		numLoops = NUM_LOOPS_DEF;
	CSSM_BOOL		quiet = CSSM_FALSE;
	CSSM_BOOL		dumpCerts = CSSM_FALSE;
	
	for(arg=1; arg<argc; arg++) {
		switch(argv[arg][0]) {
			case 'a':
				if((argv[arg][1] == '\0') || (argv[arg][2] == '\0')) {
					usage(argv);
				}
				switch(argv[arg][2]) {
					case 's':
						keyAlg = CSSM_ALGID_RSA;
						sigAlg = CSSM_ALGID_SHA1WithRSA;
						break;
					case '5':
						keyAlg = CSSM_ALGID_RSA;
						sigAlg = CSSM_ALGID_MD5WithRSA;
						break;
					case 'f':
						keyAlg = CSSM_ALGID_FEE;
						sigAlg = CSSM_ALGID_FEE_MD5;
						break;
					case 'F':
						keyAlg = CSSM_ALGID_FEE;
						sigAlg = CSSM_ALGID_FEE_SHA1;
						break;
					case 'e':
						keyAlg = CSSM_ALGID_FEE;
						sigAlg = CSSM_ALGID_SHA1WithECDSA;
						break;
					case 'E':
						keyAlg = CSSM_ALGID_ECDSA;
						sigAlg = CSSM_ALGID_SHA1WithECDSA;
						break;
					case '6':
						keyAlg = CSSM_ALGID_ECDSA;
						sigAlg = CSSM_ALGID_SHA256WithECDSA;
						break;
					default:
						usage(argv);
				}
				break;
		    case 'k':
				keySizeInBits = atoi(&argv[arg][2]);
				break;
		    case 'l':
				numLoops = atoi(&argv[arg][2]);
				break;
		    case 'n':
				numCerts = atoi(&argv[arg][2]);
				break;
		    case 'c':
				dumpCerts = CSSM_TRUE;
				break;
		    case 'q':
				quiet = CSSM_TRUE;
				break;
			default:
				usage(argv);
		}
	}
	
	/* connect to CL, TP, and CSP */
	clHand = clStartup();
	if(clHand == 0) {
		return 0;
	}
	tpHand = tpStartup();
	if(tpHand == 0) {
		return 0;
	}
	cspHand = cspStartup();
	if(cspHand == 0) {
		return 0;
	}

	if(numCerts == 0) {
		maxCerts = NUM_CERTS_DEF;	// random, this is the max $
	}
	else {
		maxCerts = numCerts;		// user-specd
	}
	
	printf("Starting caVerify; args: ");
	for(unsigned i=1; i<(unsigned)argc; i++) {
		printf("%s ", argv[i]);
	}
	printf("\n");

	/* cook up maxCerts key pairs */
	if(!quiet) {
		printf("generating key pairs...\n");
	}
	pubKeys  = (CSSM_KEY_PTR)malloc(sizeof(CSSM_KEY) * maxCerts);
	privKeys = (CSSM_KEY_PTR)malloc(sizeof(CSSM_KEY) * maxCerts);
	for(certDex=0; certDex<maxCerts; certDex++) {
		crtn = cspGenKeyPair(cspHand,
			keyAlg,
			"a key pair",
			9,
			keySizeInBits,
			&pubKeys[certDex],
			CSSM_FALSE,			// pubIsRef - should work both ways, but not yet
			CSSM_KEYUSE_VERIFY,
			CSSM_KEYBLOB_RAW_FORMAT_NONE,
			&privKeys[certDex],
			CSSM_TRUE,			// privIsRef - doesn't matter
			CSSM_KEYUSE_SIGN,
			CSSM_KEYBLOB_RAW_FORMAT_NONE,
			CSSM_FALSE);
		if(crtn) {
			printError("cspGenKeyPair", crtn);
			printf("***error generating key pair. Aborting.\n");
			exit(1);
		}
	}

	for(loopNum=0; loopNum<numLoops; loopNum++) {
		unsigned thisNumCerts;
		
		/* random: num certs and whether this loop is to test a failure */
		if(numCerts) {
			thisNumCerts = numCerts;
		}
		else {
			thisNumCerts = genRand(2, NUM_CERTS_DEF);
		}
		int coin = genRand(1,2);
		CSSM_BOOL expectFail = (coin == 1) ? CSSM_TRUE : CSSM_FALSE;
		if(!quiet) {
			printf("...loop %d numCerts %u expectFail %s\n", loopNum,
				thisNumCerts, expectFail ? "TRUE" : "FALSE");
		}
		if(doTest(cspHand,
			clHand,
			tpHand,
			thisNumCerts,
			pubKeys,
			privKeys,
			sigAlg,
			expectFail,
			dumpCerts,
			quiet)) {
				break;
		}
	}
	/* clean up */
	return 0;
}