#include "engine_sct.h"

#include <cstring>
#include <openssl/rsa.h>
#include <openssl/engine.h>

#define CHECK(X)                                           \
  if (!(res=X)) {                                          \
    printf("ERROR: %s\n", #X);                               \
    for (unsigned int err(0); err=ERR_get_error();) {      \
      fprintf(stderr,"%s\n", ERR_error_string(err, NULL)); \
    }                                                      \
    return -1;                                             \
  }


int main(int argc, char* argv[])
{
	ENGINE* e = NULL;
	enum_certs_s* certs_found = NULL;
	
	ENGINE_load_dynamic();
	e = ENGINE_by_id("dynamic");

        if (!e) {
          printf("ERROR: No Engine");
          return -1;
        }
	
	int res(-1);
	
	// Parameters to set for the dynamic loader
	CHECK(ENGINE_ctrl_cmd_string(e, "SO_PATH", "./libengine_act.so", 0));
	CHECK(ENGINE_ctrl_cmd_string(e, "ID", "act", 0));
	CHECK(ENGINE_ctrl_cmd_string(e, "LIST_ADD", "1", 0));
	
	// Now actually load the SecureToken engine.
	CHECK(ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0));
	
	// Following control commands go to the SecureToken engine rather than the dynamic loader
	
	CHECK(ENGINE_init(e));
	
	CHECK(ENGINE_ctrl_cmd(e, "ENUM_CERTS", 0, &certs_found, NULL, 0));
	
	printf("Found %d certificates.\n", certs_found->num_certs);

	enum_cert_s* selected_cert = NULL;
	
	for(int i=0;i<certs_found->num_certs;i++)
	{
		printf("Certificate %d:\n", i);
		printf("  Name: %s\n", certs_found->certificate[i].cert->name);

		if(certs_found->certificate[i].id == NULL)
			printf("  No key.\n");
		else
		{
			printf("  Key access ID: %s\n", certs_found->certificate[i].id);
			if(!selected_cert) selected_cert = &certs_found->certificate[i];
		}		
	}

        /*
	EVP_PKEY* pk_pub = ENGINE_load_public_key(e, selected_cert->id, NULL, NULL);
	RSA* pubkey = EVP_PKEY_get1_RSA(pk_pub);

	const char* source = "Dies ist ein geheimer Testtext zum Verschlüsseln\n";
	int srclen = strlen(source)+1;
	
	unsigned char cipherbuf[srclen*2048];
	int ciphlen = RSA_public_encrypt(srclen, (const unsigned char *) source, cipherbuf, pubkey, RSA_PKCS1_PADDING);
	
	EVP_PKEY_free(pk_pub);
	RSA_free(pubkey);
	
	EVP_PKEY* pk_priv = ENGINE_load_private_key(e, selected_cert->id, NULL, NULL);
	RSA* privkey = EVP_PKEY_get1_RSA(pk_priv);
	
	char plainbuf[srclen*2];
	int plainlen = RSA_private_decrypt(ciphlen, cipherbuf, (unsigned char *) plainbuf, privkey, RSA_PKCS1_PADDING);
	
	EVP_PKEY_free(pk_priv);
	RSA_free(privkey);

	if(srclen != plainlen || strcmp(source, plainbuf))
		printf("Unterschied in Ver/Entschlüsselung");
	else
		printf("%s",plainbuf);
	   	

    */

        const char *source = "Dies ist ein Testtext zum Signieren.\n";
        int srclen = strlen(source)+1;

        char signature[1000];
        unsigned int siglen = 0;

	EVP_PKEY* pk_priv = ENGINE_load_private_key(e, selected_cert->id, NULL, NULL);
	RSA* privkey = EVP_PKEY_get1_RSA(pk_priv);
	
        
        CHECK(RSA_sign(NID_md5_sha1, (const unsigned char*)source, srclen, (unsigned char*)signature, &siglen, privkey));
        printf("Signature-Len: %d\n", siglen);

	EVP_PKEY* pk_pub = ENGINE_load_public_key(e, selected_cert->id, NULL, NULL);
	RSA* pubkey = EVP_PKEY_get1_RSA(pk_pub);

        CHECK(RSA_verify(NID_md5_sha1,(const unsigned char*) source, srclen, (unsigned char*)signature, siglen, pubkey));



	CHECK(ENGINE_finish(e));
	
	ENGINE_cleanup();
	
	return 0;
}