// Ryzom - MMORPG Framework <http://dev.ryzom.com/projects/ryzom/>
// Copyright (C) 2010  Winch Gate Property Limited
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as
// published by the Free Software Foundation, either version 3 of the
// License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

#include "stdpch.h"
#include "http_client_curl.h"

#include <curl/curl.h>

#include <openssl/ssl.h>
#include <openssl/err.h>

using namespace NLMISC;
using namespace NLNET;
using namespace std;

#ifdef DEBUG_NEW
#define new DEBUG_NEW
#endif

#define _Curl (CURL *)_CurlStruct


// Ugly CURL callback
size_t CCurlHttpClient::writeDataFromCurl(void *buffer, size_t size, size_t nmemb, void *pHttpClient)
{
	CCurlHttpClient * httpClient = static_cast<CCurlHttpClient*>(pHttpClient);
	httpClient->pushReceivedData((uint8*)buffer, (uint)(size*nmemb));
	return size*nmemb;
}

// ***************************************************************************
bool CCurlHttpClient::connect(const std::string &/* server */)
{
	curl_version_info_data *vdata = curl_version_info(CURLVERSION_NOW);
	nldebug("Libcurl v%s", vdata->version);
	if ((vdata->features & CURL_VERSION_SSL) == 0)
		nlwarning("SSL not supported");

	curl_global_init(CURL_GLOBAL_ALL);
	_CurlStruct = curl_easy_init();
	if(_Curl == NULL)
		return false;

	return true;
}

// ***************************************************************************
bool CCurlHttpClient::authenticate(const std::string &user, const std::string &password)
{
	_Auth = user + ":" + password;
	return true;
}

const char *CAFilename = "ssl_ca_cert.pem"; // this is the certificate "Thawte Server CA"

// ***************************************************************************
static CURLcode sslctx_function(CURL * /* curl */, void *sslctx, void * /* parm */)
{
	// look for certificate in search paths
	string path = CPath::lookup(CAFilename);
	nlinfo("Cert path '%s'", path.c_str());

	if (path.empty())
	{
		nlwarning("Unable to find %s", CAFilename);
		return CURLE_SSL_CACERT;
	}

	CIFile file;

	// open certificate
	if (!file.open(path))
	{
		nlwarning("Unable to open %s", path.c_str());
		return CURLE_SSL_CACERT;
	}

	CURLcode res = CURLE_OK;

	// load certificate content into memory
	std::vector<uint8> buffer(file.getFileSize());
	file.serialBuffer(&buffer[0], file.getFileSize());

	// get a BIO
	BIO *bio = BIO_new_mem_buf(&buffer[0], file.getFileSize());
	
	char errorBuffer[1024];

	if (bio)
	{
		// get a pointer to the X509 certificate store (which may be empty!)
		X509_STORE *store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx);

		// use it to read the PEM formatted certificate from memory into an X509
		// structure that SSL can use
		STACK_OF(X509_INFO) *info = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);

		if (info)
		{
			// iterate over all entries from the PEM file, add them to the x509_store one by one
			for (sint i = 0; i < sk_X509_INFO_num(info); ++i)
			{
				X509_INFO *itmp = sk_X509_INFO_value(info, i);

				if (itmp && itmp->x509)
				{
					X509_NAME *subject = X509_get_subject_name(itmp->x509);

					std::string name;
					unsigned char *tmp = NULL;

					// construct a multiline string with name
					for (int i = 0, ilen = X509_NAME_entry_count(subject); i < ilen; ++i)
					{
						X509_NAME_ENTRY *e = X509_NAME_get_entry(subject, i);
						ASN1_STRING *d = X509_NAME_ENTRY_get_data(e);

						if (ASN1_STRING_to_UTF8(&tmp, d) > 0)
						{
							name += NLMISC::toString("%s\n", tmp);

							OPENSSL_free(tmp);
						}
					}

					// add our certificate to this store
					if (X509_STORE_add_cert(store, itmp->x509) == 0)
					{
						uint errCode = ERR_get_error();

						// ignore already in hash table errors
						if (ERR_GET_LIB(errCode) != ERR_LIB_X509 || ERR_GET_REASON(errCode) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
						{
							ERR_error_string_n(errCode, errorBuffer, 1024);
							nlwarning("Error adding certificate %s: %s", name.c_str(), errorBuffer);
							res = CURLE_SSL_CACERT;
						}
					}
					else
					{
						nlinfo("Added certificate %s", name.c_str());
					}
				}
			}

			// cleanup
			sk_X509_INFO_pop_free(info, X509_INFO_free);
		}
		else
		{
			nlwarning("Unable to read PEM info");
			res = CURLE_SSL_CACERT;
		}

		// decrease reference counts
		BIO_free(bio);
	}
	else
	{
		nlwarning("Unable to allocate BIO buffer for certificates");
		res = CURLE_SSL_CACERT;
	}

	// all set to go
	return res;
}

// ***************************************************************************
bool CCurlHttpClient::verifyServer(bool verify)
{
	curl_easy_setopt(_Curl, CURLOPT_SSL_VERIFYHOST, verify ? 2 : 0);
	curl_easy_setopt(_Curl, CURLOPT_SSL_VERIFYPEER, verify ? 1 : 0);
	curl_easy_setopt(_Curl, CURLOPT_SSLCERTTYPE, "PEM");
	// would allow to provide the CA in memory instead of using CURLOPT_CAINFO, but needs to include and link OpenSSL
	if (curl_easy_setopt(_Curl, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function) != CURLE_OK)
	{
		nlwarning("Unable to support CURLOPT_SSL_CTX_FUNCTION, curl not compiled with OpenSSL ?");
	}

	// set both CURLOPT_CAINFO and CURLOPT_CAPATH to NULL to be sure we won't use default values (these files can be missing and generate errors)
	curl_easy_setopt(_Curl, CURLOPT_CAINFO, NULL);
	curl_easy_setopt(_Curl, CURLOPT_CAPATH, NULL);
	return true;
}

// ***************************************************************************
bool CCurlHttpClient::sendRequest(const std::string& methodWB, const std::string &url, const std::string &cookieName, const std::string &cookieValue, const std::string& postParams, bool verbose)
{
	if (verbose)
		curl_easy_setopt(_Curl, CURLOPT_VERBOSE, 1);

	// Set URL
	curl_easy_setopt(_Curl, CURLOPT_URL, url.c_str());

	// Authentication
	if (!_Auth.empty())
	{
		curl_easy_setopt(_Curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); // TODO: CURLAUTH_ANY
		curl_easy_setopt(_Curl, CURLOPT_USERPWD, _Auth.c_str());
	}

	// Set POST params
	if ((methodWB == "POST") && (!postParams.empty()))
	{
		curl_easy_setopt(_Curl, CURLOPT_POSTFIELDS, postParams.c_str());
	}
	// Cookie
	if (!cookieName.empty())
		curl_easy_setopt(_Curl,	CURLOPT_COOKIE, string(cookieName+"="+cookieValue).c_str());

	// Include the header in the response
	curl_easy_setopt(_Curl, CURLOPT_HEADER, 1);

	// Register the receive callback
	curl_easy_setopt(_Curl, CURLOPT_WRITEFUNCTION, CCurlHttpClient::writeDataFromCurl);
	curl_easy_setopt(_Curl, CURLOPT_WRITEDATA, this);

	char errorbuf [CURL_ERROR_SIZE+1];
	curl_easy_setopt(_Curl, CURLOPT_ERRORBUFFER, errorbuf);

	// Send
	CURLcode res = curl_easy_perform(_Curl);
	if (res != 0)
	{
		if (verbose)
			nlwarning(errorbuf);
		return false;
	}

	// Get result
	long r;
	curl_easy_getinfo(_Curl, CURLINFO_RESPONSE_CODE, &r);
	if (verbose)
	{
		nldebug("%u", (uint)r);
	}

	return true;
}

void CCurlHttpClient::pushReceivedData(uint8 *buffer, uint size)
{
	_ReceiveBuffer.insert(_ReceiveBuffer.end(), buffer, buffer+size);
}

// ***************************************************************************
bool CCurlHttpClient::sendGet(const string &url, const string& params, bool verbose)
{
	return sendRequest("GET", url + (params.empty() ? "" : ("?" + params)), string(), string(), string(), verbose);
}

// ***************************************************************************
bool CCurlHttpClient::sendGetWithCookie(const string &url, const string &name, const string &value, const string& params, bool verbose)
{
	return sendRequest("GET", url + (params.empty() ? "" : ("?" + params)), name, value, string(), verbose);
}

// ***************************************************************************
bool CCurlHttpClient::sendPost(const string &url, const string& params, bool verbose)
{
	return sendRequest("POST", url, string(), string(), params, verbose);
}

// ***************************************************************************
bool CCurlHttpClient::sendPostWithCookie(const string &url, const string &name, const string &value, const string& params, bool verbose)
{
	return sendRequest("POST", url, name, value, params, verbose);
}

// ***************************************************************************
bool CCurlHttpClient::receive(string &res, bool verbose)
{
	if (verbose)
	{
		nldebug("Receiving %u bytes", (uint)_ReceiveBuffer.size());
	}

	res.clear();
	if (!_ReceiveBuffer.empty())
		res.assign((const char*)&(*(_ReceiveBuffer.begin())), _ReceiveBuffer.size());
	_ReceiveBuffer.clear();
	return true;
}

// ***************************************************************************
void CCurlHttpClient::disconnect()
{
	curl_easy_cleanup(_Curl);
	curl_global_cleanup();
}

CCurlHttpClient CurlHttpClient;