/*
 * The OpenSAML License, Version 1.
 * Copyright (c) 2002
 * University Corporation for Advanced Internet Development, Inc.
 * All rights reserved
 *
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * Redistributions of source code must retain the above copyright notice, this
 * list of conditions and the following disclaimer.
 *
 * Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation
 * and/or other materials provided with the distribution, if any, must include
 * the following acknowledgment: "This product includes software developed by
 * the University Corporation for Advanced Internet Development
 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
 * may appear in the software itself, if and wherever such third-party
 * acknowledgments normally appear.
 *
 * Neither the name of OpenSAML nor the names of its contributors, nor
 * Internet2, nor the University Corporation for Advanced Internet Development,
 * Inc., nor UCAID may be used to endorse or promote products derived from this
 * software without specific prior written permission. For written permission,
 * please contact opensaml@opensaml.org
 *
 * Products derived from this software may not be called OpenSAML, Internet2,
 * UCAID, or the University Corporation for Advanced Internet Development, nor
 * may OpenSAML appear in their name, without prior written permission of the
 * University Corporation for Advanced Internet Development.
 *
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */


/* signtest.cpp - test harness for digital signature operations

   Scott Cantor
   4/17/03

   $History:$
*/

#include "../saml/saml.h"

#include <fstream>
#include <iostream>

#include <xsec/framework/XSECException.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>

#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/pem.h>

using namespace std;
using namespace saml;

int main(int argc,char* argv[])
{
    char* path=NULL;
    char* key=NULL;
    char* cert=NULL;
    string type;
    bool sign=false;
    string usage="usage: signtest [-k key_file] [-c cert_file] -d schema_dir -type Assertion|Request|Response sign|verify";

    for (int i=1; i<argc; i++)
    {
        if (!strcmp(argv[i],"-k") && i+1<argc)
            key=argv[++i];
        else if (!strcmp(argv[i],"-c") && i+1<argc)
            cert=argv[++i];
        else if (!strcmp(argv[i],"-d") && i+1<argc)
            path=argv[++i];
        else if (!strcmp(argv[i],"-type") && i+1<argc)
        {
            type=argv[++i];
            if (type!="Assertion" && type!="Request" && type!="Response")
            {
                cerr << usage << endl;
                exit(0);
            }
        }
    }
    
    if (argc>1)
    {
        if (!strcmp(argv[argc-1],"sign"))
        {
            sign=true;
            if (!key || !cert)
            {
                cerr << usage << endl;
                exit(0);
            }
        }
        else if (!strcmp(argv[argc-1],"verify"))
            sign=false;
        else
        {
            cerr << usage << endl;
            exit(0);
        }
    }
    else
    {
        cerr << usage << endl;
        exit(0);
    }

    SAMLConfig& conf1=SAMLConfig::getConfig();
    conf1.schema_dir=path;
    //conf1.compatibility_mode=true;
    if (!conf1.init())
        cerr << "unable to initialize SAML runtime" << endl;

    try
    {
        SAMLSignedObject* obj=NULL;
        if (type=="Assertion")
            obj=new SAMLAssertion(cin);
        else if (type=="Request")
            obj=new SAMLRequest(cin);
        else
            obj=new SAMLResponse(cin);
        if (sign)
        {
            BIO *bio=BIO_new(BIO_s_file());
            BIO_read_filename(bio,key);
            EVP_PKEY* pkey=PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL);
            OpenSSLCryptoKeyRSA* xseckey=new OpenSSLCryptoKeyRSA(pkey);
            if (cert)
            {
                auto_ptr<OpenSSLCryptoX509> x509(new OpenSSLCryptoX509());
                ifstream s(cert);
                string buf;
                char ch;
                while ((ch=s.get())!=EOF)
                    buf+=ch;
                x509->loadX509Base64Bin(buf.data(),buf.length());
                XSECCryptoX509* certs[] = { x509.get() };
                if (type=="Response")
                {
                    Iterator<SAMLAssertion*> i=dynamic_cast<SAMLResponse*>(obj)->getAssertions();
                    if (i.hasNext())
                        i.next()->sign(SIGNATURE_RSA,xseckey->clone(),ArrayIterator<XSECCryptoX509*>(certs));
                }
                obj->sign(SIGNATURE_RSA,xseckey->clone(),ArrayIterator<XSECCryptoX509*>(certs));
                delete xseckey;
            }
            else
            {
                if (type=="Response")
                {
                    Iterator<SAMLAssertion*> i=dynamic_cast<SAMLResponse*>(obj)->getAssertions();
                    if (i.hasNext())
                        i.next()->sign(SIGNATURE_RSA,xseckey->clone());
                }
                obj->sign(SIGNATURE_RSA,xseckey);
            }
            EVP_PKEY_free(pkey);
            cout << *obj;
        }
        else
        {
            if (cert)
            {
                auto_ptr<OpenSSLCryptoX509> x509(new OpenSSLCryptoX509());
                ifstream s(cert);
                string buf;
                char ch;
                while ((ch=s.get())!=EOF)
                    buf+=ch;
                x509->loadX509Base64Bin(buf.data(),buf.length());
                if (type=="Response")
                {
                    Iterator<SAMLAssertion*> i=dynamic_cast<SAMLResponse*>(obj)->getAssertions();
                    if (i.hasNext())
                        i.next()->verify(*x509);
                }
                obj->verify(*x509);
            }
            else
            {
                if (type=="Response")
                {
                    Iterator<SAMLAssertion*> i=dynamic_cast<SAMLResponse*>(obj)->getAssertions();
                    if (i.hasNext())
                        i.next()->verify();
                }
                obj->verify();
            }
            cout << "Success!" << endl;
        }
        delete obj;
    }
    catch(SAMLException& e)
    {
        cerr << "caught a SAML exception: " << e << endl;
    }
    catch(XSECException& e)
    {
        cerr << "caught an XMLSec exception: "; xmlout(cerr,e.getMsg()); cerr << endl;
    }
    catch(XSECCryptoException& e)
    {
        cerr << "caught an XMLSecCrypto exception: " << e.getMsg() << endl;
    }
    catch(XMLException& e)
    {
        cerr << "caught an XML exception: "; xmlout(cerr,e.getMessage()); cerr << endl;
    }
/*    catch(...)
    {
        cerr << "caught an unknown exception" << endl;
    }*/

    conf1.term();
    return 0;
}