/**
 * Tool to generate an index file for the OpenSSL OCSP responder
 *
 * NOTE: This is a tool for setting up the test environment. At the
 * moment, all certificates are marked as valid.
 *
 * Copyright 2016 Thomas Klute
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you
 * may not use this file except in compliance with the License.  You
 * may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 * implied.  See the License for the specific language governing
 * permissions and limitations under the License.
 */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>

#include "cert_helper.h"



static int index_line(const char* filename)
{
    gnutls_datum_t rawcert;
    /* read_cert reports errors to STDERR, just return if there were any */
    if (read_cert(filename, &rawcert))
        return GNUTLS_E_FILE_ERROR;

    gnutls_x509_crt_t cert;
    gnutls_x509_crt_init(&cert);
    int ret = gnutls_x509_crt_import(cert, &rawcert, GNUTLS_X509_FMT_PEM);
    if (ret != GNUTLS_E_SUCCESS)
        goto cleanup;

    /* For each certificate the index file contains a line with the
     * tab separated fields declared below (in that order). */
    /* status, one of: V (valid), R (revoked), E (expired) */
    char* flag = "V";
    /* expiration time (YYMMDDHHMMSSZ) */
    char expires[14];
    /* revocation time & optional reason (YYMMDDHHMMSSZ[,reason]), if
     * any */
    char* revocation = "";
    /* serial number (hex) */
    char serial[128];
    /* certificate filename, or "unknown" */
    char* fname = "unknown";
    /* certificate DN */
    char dn[512];

    time_t etime = gnutls_x509_crt_get_expiration_time(cert);
    struct tm etmp;
    memset(&etmp, 0, sizeof(etmp));
    gmtime_r(&etime, &etmp);
    strftime(expires, sizeof(expires), "%y%m%d%H%M%SZ", &etmp);

    unsigned long long sno = 0;
    size_t serial_size = sizeof(sno);
    gnutls_x509_crt_get_serial(cert, &sno, &serial_size);
    snprintf(serial, sizeof(serial), "%llx", sno);

    size_t dn_size = sizeof(dn);
    gnutls_x509_crt_get_dn(cert, dn, &dn_size);

    fprintf(stdout, "%s\t%s\t%s\t%s\t%s\t%s\n",
            flag, expires, revocation, serial, fname, dn);

cleanup:
    gnutls_x509_crt_deinit(cert);
    free(rawcert.data);
    return ret;
}



int main(int argc, char *argv[])
{
    if (argc < 2)
    {
        fprintf(stderr, "Usage:\t%s CERTIFICATE ...\n", argv[0]);
        return 1;
    }

    int ret = 0;
    for (int i = 1; i < argc; i++)
    {
        int rv = index_line(argv[i]);
        if (rv != GNUTLS_E_SUCCESS)
        {
            fprintf(stderr, "Error parsing %s: %s\n",
                    argv[i], gnutls_strerror(rv));
            ret = 1;
        }
    }
    return ret;
}