// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "util/crypto/certificate_utils.h"

#include <openssl/asn1.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/ssl.h>
#include <openssl/x509v3.h>
#include <time.h>

#include <string>

#include "util/crypto/openssl_util.h"
#include "util/crypto/sha2.h"
#include "util/osp_logging.h"

namespace openscreen {

namespace {

// These values are bit positions from RFC 5280 4.2.1.3 and will be passed to
// ASN1_BIT_STRING_set_bit.
enum KeyUsageBits {
  kDigitalSignature = 0,
  kKeyCertSign = 5,
};

// Returns whether or not the certificate field successfully was added.
bool AddCertificateField(X509_NAME* certificate_name,
                         absl::string_view field,
                         absl::string_view value) {
  return X509_NAME_add_entry_by_txt(
             certificate_name, std::string(field).c_str(), MBSTRING_ASC,
             reinterpret_cast<const unsigned char*>(value.data()),
             value.length(), -1, 0) == 1;
}

bssl::UniquePtr<ASN1_TIME> ToAsn1Time(std::chrono::seconds time_since_epoch) {
  return bssl::UniquePtr<ASN1_TIME>(
      ASN1_TIME_set(nullptr, time_since_epoch.count()));
}

bssl::UniquePtr<X509> CreateCertificateInternal(
    absl::string_view name,
    std::chrono::seconds certificate_duration,
    EVP_PKEY key_pair,
    std::chrono::seconds time_since_unix_epoch,
    bool make_ca,
    X509* issuer,
    EVP_PKEY* issuer_key) {
  OSP_DCHECK((!!issuer) == (!!issuer_key));
  bssl::UniquePtr<X509> certificate(X509_new());
  if (!issuer) {
    issuer = certificate.get();
  }
  if (!issuer_key) {
    issuer_key = &key_pair;
  }

  // Certificate versions are zero indexed, so V1 = 0.
  const int kCertificateVersion3 = 2;
  if (X509_set_version(certificate.get(), kCertificateVersion3) != 1) {
    OSP_DVLOG << "Failed to set certificate version";
    return nullptr;
  }

  // Serial numbers must be unique for this session. As a pretend CA, we should
  // not issue certificates with the same serial number in the same session.
  static int serial_number(1);
  if (ASN1_INTEGER_set(X509_get_serialNumber(certificate.get()),
                       serial_number++) != 1) {
    OSP_DVLOG << "Failed to set serial number.";
    return nullptr;
  }

  const bssl::UniquePtr<ASN1_TIME> now(ToAsn1Time(time_since_unix_epoch));
  const bssl::UniquePtr<ASN1_TIME> expiration_time(
      ToAsn1Time(time_since_unix_epoch + certificate_duration));

  if ((X509_set_notBefore(certificate.get(), now.get()) != 1) ||
      (X509_set_notAfter(certificate.get(), expiration_time.get()) != 1)) {
    OSP_DVLOG << "Failed to set before and after ranges.";
    return nullptr;
  }

  X509_NAME* certificate_name = X509_get_subject_name(certificate.get());
  if (!AddCertificateField(certificate_name, "CN", name)) {
    OSP_DVLOG << "Failed to set subject name";
    return nullptr;
  }

  bssl::UniquePtr<ASN1_BIT_STRING> x(ASN1_BIT_STRING_new());
  ASN1_BIT_STRING_set_bit(x.get(), KeyUsageBits::kDigitalSignature, 1);
  if (make_ca) {
    ASN1_BIT_STRING_set_bit(x.get(), KeyUsageBits::kKeyCertSign, 1);
  }
  if (X509_add1_ext_i2d(certificate.get(), NID_key_usage, x.get(), 0, 0) != 1) {
    OSP_DVLOG << "Failed to set key usage extension";
    return nullptr;
  }
  if (make_ca) {
    X509V3_CTX ctx;
    X509V3_set_ctx_nodb(&ctx);
    X509V3_set_ctx(&ctx, issuer, certificate.get(), nullptr, nullptr, 0);
    bssl::UniquePtr<X509_EXTENSION> ex(
        X509V3_EXT_nconf_nid(nullptr, &ctx, NID_basic_constraints,
                             const_cast<char*>("critical,CA:TRUE")));
    if (!ex) {
      OSP_DVLOG << "Failed to set constraints extension";
      return nullptr;
    }
    void* thing = X509V3_EXT_d2i(ex.get());
    X509_add1_ext_i2d(certificate.get(), NID_basic_constraints, thing, 1, 0);
    X509V3_EXT_free(NID_basic_constraints, thing);
  }

  X509_NAME* issuer_name = X509_get_subject_name(issuer);
  if ((X509_set_issuer_name(certificate.get(), issuer_name) != 1) ||
      (X509_set_pubkey(certificate.get(), &key_pair) != 1) ||
      // Unlike all of the other BoringSSL methods here, X509_sign returns
      // the size of the signature in bytes.
      (X509_sign(certificate.get(), issuer_key, EVP_sha256()) <= 0) ||
      (X509_verify(certificate.get(), issuer_key) != 1)) {
    OSP_DVLOG << "Failed to set pubkey, set issuer, sign, or verify";
    return nullptr;
  }

  return certificate;
}

}  // namespace

bssl::UniquePtr<EVP_PKEY> GenerateRsaKeyPair(int key_bits) {
  bssl::UniquePtr<BIGNUM> prime(BN_new());
  if (BN_set_word(prime.get(), RSA_F4) == 0) {
    return nullptr;
  }

  bssl::UniquePtr<RSA> rsa(RSA_new());
  if (RSA_generate_key_ex(rsa.get(), key_bits, prime.get(), nullptr) == 0) {
    return nullptr;
  }

  bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
  if (EVP_PKEY_set1_RSA(pkey.get(), rsa.get()) == 0) {
    return nullptr;
  }

  return pkey;
}

ErrorOr<bssl::UniquePtr<X509>> CreateSelfSignedX509Certificate(
    absl::string_view name,
    std::chrono::seconds duration,
    const EVP_PKEY& key_pair,
    std::chrono::seconds time_since_unix_epoch,
    bool make_ca,
    X509* issuer,
    EVP_PKEY* issuer_key) {
  bssl::UniquePtr<X509> certificate =
      CreateCertificateInternal(name, duration, key_pair, time_since_unix_epoch,
                                make_ca, issuer, issuer_key);
  if (!certificate) {
    return Error::Code::kCertificateCreationError;
  }
  return certificate;
}

ErrorOr<std::vector<uint8_t>> ExportX509CertificateToDer(
    const X509& certificate) {
  unsigned char* buffer = nullptr;
  // Casting-away the const because the legacy i2d_X509() function is not
  // const-correct.
  X509* const certificate_ptr = const_cast<X509*>(&certificate);
  const int len = i2d_X509(certificate_ptr, &buffer);
  if (len <= 0) {
    return Error::Code::kCertificateValidationError;
  }
  std::vector<uint8_t> raw_der_certificate(buffer, buffer + len);
  // BoringSSL doesn't free the temporary buffer.
  OPENSSL_free(buffer);
  return raw_der_certificate;
}

ErrorOr<bssl::UniquePtr<X509>> ImportCertificate(const uint8_t* der_x509_cert,
                                                 int der_x509_cert_length) {
  if (!der_x509_cert) {
    return Error::Code::kErrCertsMissing;
  }
  bssl::UniquePtr<X509> certificate(
      d2i_X509(nullptr, &der_x509_cert, der_x509_cert_length));
  if (!certificate) {
    return Error::Code::kCertificateValidationError;
  }
  return certificate;
}

ErrorOr<bssl::UniquePtr<EVP_PKEY>> ImportRSAPrivateKey(
    const uint8_t* der_rsa_private_key,
    int key_length) {
  if (!der_rsa_private_key || key_length == 0) {
    return Error::Code::kParameterInvalid;
  }

  RSA* rsa = RSA_private_key_from_bytes(der_rsa_private_key, key_length);
  if (!rsa) {
    return Error::Code::kRSAKeyParseError;
  }
  bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
  EVP_PKEY_assign_RSA(pkey.get(), rsa);
  return pkey;
}

std::string GetSpkiTlv(X509* cert) {
  X509_PUBKEY* key = X509_get_X509_PUBKEY(cert);
  int len = i2d_X509_PUBKEY(key, nullptr);
  if (len <= 0) {
    return {};
  }
  std::string x(len, 0);
  uint8_t* data = reinterpret_cast<uint8_t*>(&x[0]);
  if (!i2d_X509_PUBKEY(key, &data)) {
    return {};
  }
  return x;
}

ErrorOr<uint64_t> ParseDerUint64(const ASN1_INTEGER* asn1int) {
  const uint8_t* data = ASN1_STRING_get0_data(asn1int);
  int length = ASN1_STRING_length(asn1int);
  if (length > 8 || length <= 0) {
    return Error::Code::kParameterInvalid;
  }
  uint64_t result = 0;
  for (int i = 0; i < length; ++i) {
    result = (result << 8) | data[i];
  }
  return result;
}

}  // namespace openscreen