/*
 * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/ocsp.h>
#include <openssl/pem.h>

#include "internal.h"

static int ocsp_certid_print(BIO *bp, OCSP_CERTID *certid, int indent) {
  BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
  indent += 2;
  BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
  i2a_ASN1_OBJECT(bp, certid->hashAlgorithm->algorithm);
  BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
  i2a_ASN1_STRING(bp, certid->issuerNameHash, 0);
  BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
  i2a_ASN1_STRING(bp, certid->issuerKeyHash, 0);
  BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
  i2a_ASN1_INTEGER(bp, certid->serialNumber);
  BIO_printf(bp, "\n");
  return 1;
}

typedef struct {
  long t;
  const char *m;
} OCSP_TBLSTR;

static const char *do_table2string(long s, const OCSP_TBLSTR *ts, size_t len) {
  size_t i;
  for (i = 0; i < len; i++) {
    if (ts[i].t == s) {
      return ts[i].m;
    }
  }
  return "(UNKNOWN)";
}

const char *OCSP_response_status_str(long status_code) {
  static const OCSP_TBLSTR rstat_tbl[] = {
      {OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful"},
      {OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest"},
      {OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror"},
      {OCSP_RESPONSE_STATUS_TRYLATER, "trylater"},
      {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"},
      {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"}};
  size_t tbl_size = (sizeof(rstat_tbl) / sizeof((rstat_tbl)[0]));
  return do_table2string(status_code, rstat_tbl, tbl_size);
}

const char *OCSP_cert_status_str(long status_code) {
  static const OCSP_TBLSTR cstat_tbl[] = {
      {V_OCSP_CERTSTATUS_GOOD, "good"},
      {V_OCSP_CERTSTATUS_REVOKED, "revoked"},
      {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"}};
  size_t tbl_size = (sizeof(cstat_tbl) / sizeof((cstat_tbl)[0]));
  return do_table2string(status_code, cstat_tbl, tbl_size);
}

const char *OCSP_crl_reason_str(long s) {
  static const OCSP_TBLSTR reason_tbl[] = {
      {OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified"},
      {OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise"},
      {OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise"},
      {OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged"},
      {OCSP_REVOKED_STATUS_SUPERSEDED, "superseded"},
      {OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation"},
      {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"},
      {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"},
      {OCSP_REVOKED_STATUS_PRIVILEGEWITHDRAWN, "privilegeWithdrawn"},
      {OCSP_REVOKED_STATUS_AACOMPROMISE, "aACompromise"}};
  size_t tbl_size = (sizeof(reason_tbl) / sizeof((reason_tbl)[0]));
  return do_table2string(s, reason_tbl, tbl_size);
}

int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *req, unsigned long flags) {
  if(bp == NULL|| req ==NULL) {
    OPENSSL_PUT_ERROR(OCSP, ERR_R_PASSED_NULL_PARAMETER);
    return 0;
  }

  long l;
  OCSP_CERTID *cid = NULL;
  OCSP_ONEREQ *one = NULL;
  OCSP_REQINFO *inf = req->tbsRequest;
  OCSP_SIGNATURE *sig = req->optionalSignature;

  if (BIO_puts(bp, "OCSP Request Data:\n") <= 0) {
    return 0;
  }
  l = ASN1_INTEGER_get(inf->version);
  if (BIO_printf(bp, "    Version: %ld (0x%ld)", l + 1, l) <= 0) {
    return 0;
  }
  if (inf->requestorName != NULL) {
    if (BIO_puts(bp, "\n    Requestor Name: ") <= 0) {
      return 0;
    }
    GENERAL_NAME_print(bp, inf->requestorName);
  }
  if (BIO_puts(bp, "\n    Requestor List:\n") <= 0) {
    return 0;
  }
  for (size_t i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) {
    one = sk_OCSP_ONEREQ_value(inf->requestList, i);
    cid = one->reqCert;
    ocsp_certid_print(bp, cid, 8);
    if (!X509V3_extensions_print(bp, "Request Single Extensions",
                                 one->singleRequestExtensions, flags, 8)) {
      return 0;
    }
  }
  if (!X509V3_extensions_print(bp, "Request Extensions", inf->requestExtensions,
                               flags, 4)) {
    return 0;
  }
  if (sig != NULL) {
    X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
    for (size_t i = 0; i < sk_X509_num(sig->certs); i++) {
      X509_print(bp, sk_X509_value(sig->certs, i));
      PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
    }
  }
  return 1;
}

int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *resp, unsigned long flags) {
  if(bp == NULL|| resp ==NULL) {
    OPENSSL_PUT_ERROR(OCSP, ERR_R_PASSED_NULL_PARAMETER);
    return 0;
  }

  int ret = 0;
  long l;
  OCSP_CERTID *cid = NULL;
  OCSP_BASICRESP *br = NULL;
  OCSP_RESPID *rid = NULL;
  OCSP_RESPDATA *rd = NULL;
  OCSP_CERTSTATUS *cst = NULL;
  OCSP_REVOKEDINFO *rev = NULL;
  OCSP_SINGLERESP *single = NULL;
  OCSP_RESPBYTES *rb = resp->responseBytes;

  if (BIO_puts(bp, "OCSP Response Data:\n") <= 0) {
    goto err;
  }
  l = ASN1_ENUMERATED_get(resp->responseStatus);
  if (BIO_printf(bp, "    OCSP Response Status: %s (0x%ld)\n",
                 OCSP_response_status_str(l), l) <= 0) {
    goto err;
  }
  if (rb == NULL) {
    return 1;
  }
  if (BIO_puts(bp, "    Response Type: ") <= 0) {
    goto err;
  }
  if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) {
    goto err;
  }
  if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
    BIO_puts(bp, " (unknown response type)\n");
    return 1;
  }

  if ((br = OCSP_response_get1_basic(resp)) == NULL) {
    goto err;
  }
  rd = br->tbsResponseData;
  l = ASN1_INTEGER_get(rd->version);
  if (BIO_printf(bp, "\n    Version: %ld (0x%ld)\n", l + 1, l) <= 0) {
    goto err;
  }
  if (BIO_puts(bp, "    Responder Id: ") <= 0) {
    goto err;
  }

  rid = rd->responderId;
  switch (rid->type) {
    case V_OCSP_RESPID_NAME:
      X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
      break;
    case V_OCSP_RESPID_KEY:
      i2a_ASN1_STRING(bp, rid->value.byKey, 0);
      break;
  }

  if (BIO_printf(bp, "\n    Produced At: ") <= 0) {
    goto err;
  }
  if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) {
    goto err;
  }
  if (BIO_printf(bp, "\n    Responses:\n") <= 0) {
    goto err;
  }
  for (size_t i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) {
    if (!sk_OCSP_SINGLERESP_value(rd->responses, i)) {
      continue;
    }
    single = sk_OCSP_SINGLERESP_value(rd->responses, i);
    cid = single->certId;
    if (ocsp_certid_print(bp, cid, 4) <= 0) {
      goto err;
    }
    cst = single->certStatus;
    if (BIO_printf(bp, "    Cert Status: %s",
                   OCSP_cert_status_str(cst->type)) <= 0) {
      goto err;
    }
    if (cst->type == V_OCSP_CERTSTATUS_REVOKED) {
      rev = cst->value.revoked;
      if (BIO_printf(bp, "\n    Revocation Time: ") <= 0) {
        goto err;
      }
      if (!ASN1_GENERALIZEDTIME_print(bp, rev->revocationTime)) {
        goto err;
      }
      if (rev->revocationReason) {
        l = ASN1_ENUMERATED_get(rev->revocationReason);
        if (BIO_printf(bp, "\n    Revocation Reason: %s (0x%ld)",
                       OCSP_crl_reason_str(l), l) <= 0) {
          goto err;
        }
      }
    }
    if (BIO_printf(bp, "\n    This Update: ") <= 0) {
      goto err;
    }
    if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) {
      goto err;
    }
    if (single->nextUpdate) {
      if (BIO_printf(bp, "\n    Next Update: ") <= 0) {
        goto err;
      }
      if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate)) {
        goto err;
      }
    }
    if (BIO_puts(bp, "\n") <= 0) {
      goto err;
    }
    if (!X509V3_extensions_print(bp, "Response Single Extensions",
                                 single->singleExtensions, flags, 8)) {
      goto err;
    }
    if (BIO_puts(bp, "\n") <= 0) {
      goto err;
    }
  }
  if (!X509V3_extensions_print(bp, "Response Extensions",
                               rd->responseExtensions, flags, 4)) {
    goto err;
  }
  if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0) {
    goto err;
  }

  for (size_t i = 0; i < sk_X509_num(br->certs); i++) {
    X509_print(bp, sk_X509_value(br->certs, i));
    PEM_write_bio_X509(bp, sk_X509_value(br->certs, i));
  }

  ret = 1;
err:
  OCSP_BASICRESP_free(br);
  return ret;
}