#ifndef _ENGINE_SCT_INTERNAL_H_
#define _ENGINE_SCT_INTERNAL_H_


#include <memory>
#include <list>
#include <vector>
#include <map>
#include <openssl/crypto.h>
#include <openssl/objects.h>
#include <openssl/engine.h>

#if defined(_MSC_VER)
#pragma comment(lib, "libeay32.lib")
#endif

#ifdef U64
#undef U64
#endif

#include <actBlob.h>

struct load_cert_params;



#include "SlotList.h"
#include "CertificateList.h"

class CardKey;
struct enum_certs_s;

#define EXTRACT_CARD_KEY(rsastruct) (reinterpret_cast<CardKey*>(RSA_get_app_data(rsastruct)))

/*
 * Core module. Actual engine startup/finish code and crypto operations.
 */

class SecureTokenEngine
{
public:
	SecureTokenEngine() { }
	~SecureTokenEngine() { }
	
	/*! Stores pin in internal buffer.
   * @note contents of source string will be overwritten for security reasons
   */
	int setPin(char *pin);

  //! debug
	int incVerbosity();
  //! not used
	int setInitArgs(const char *args);

  //! Initialize PCSC, read slots
	int init();
  //! cleanup memory
	int finish();

  //! Deletes OpenSSL rsa structure
	int rsa_finish(RSA *rsa);

  //! Read certificate from token
	int loadCertCtrl(ENGINE *e, load_cert_params *p);

  //! Get Public Key
	EVP_PKEY *load_pubkey(const char *s_key_id, UI_METHOD *ui_method, void *callback_data);

  //! Get Private Key
	EVP_PKEY *load_privkey(const char *s_key_id, UI_METHOD *ui_method, void *callback_data);

  /*! @defgroup engSign Crypto Operations
   *
   * Caller is required to provide an output buffer of sufficient size,
   * depending on input data's length
   *     and used key material. Improper usage may cause buffer overruns. OpenSSL API's weakness. */
  //@{
    
  //! Encrypt/Decrypt return size of output data on success, -1 on failure.
	int rsa_encrypt(int flen, const unsigned char *from, unsigned char *to, const CardKey* ck, int padding);
	int rsa_decrypt(int flen, const unsigned char *from, unsigned char *to, CardKey* ck, int padding);
	
	//! Sign/Verify return 1 on success, 0 on failure.
	int rsa_sign(int type, const unsigned char *msg, unsigned int msglen, unsigned char *sigret, unsigned int *siglen, CardKey* ck);
	int rsa_verify(int type, const unsigned char *msg, unsigned int msglen, unsigned char *signature, unsigned int siglen, const CardKey* ck);	

  //@}
  
	/*! Return a list of all certificates and the necessary IDs to use them
	    @note frees up the memory of the previosly returned structure in
	    subsequent calls */
	int enumerate_certs(ENGINE *e, enum_certs_s **p);

private:

  //! Converts CardKey to OpenSSL EVP_PKEY
	EVP_PKEY *encapsule_CardKey(CardKey *ck);
	
	act::Blob						m_pin;
	SlotList						m_slot_list;
	std::auto_ptr<CertificateList>	m_cert_list;
};

//! Needed in SecureTokenEngine for creation of new RSA key (stubs) as well
RSA_METHOD* RSA_get_sct_method();

#endif