#include <inttypes.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <stdio.h>
#include <ctype.h>
#include "../tls/eapcrypt.h"
#include "../../userconf.h"
#include "../../logging.h"
#include "ttlsphase2.h"

#ifndef TTLS_PHASE2_DEBUG
#define TTLS_PHASE2_DEBUG  0
#endif

#define USER_NAME_AVP        1
#define USER_PASSWORD_AVP    2
#define MANDITORY_FLAG       0x40
#define TTLS_CHALLENGE       "ttls challenge"    // Need to generate implied challenge.
#define TTLS_CHALLENGE_SIZE  14

uint32_t avp_code;
uint32_t bitmask_avp_len;

// If we add a new phase 2 type, it needs to be defined here.
char *phase2_auth_types[] = {
  "PAP",
  "CHAP",
  NULL
};

void (*phase2_method[])(char *, int *) = {
  ttls_do_pap,
  ttls_do_chap
};


// This is from section 10.1 of the TTLS RFC.
char *implicit_challenge()
{
  return eapcrypt_gen_keyblock(TTLS_CHALLENGE, TTLS_CHALLENGE_SIZE);
}

void ttls_do_chap(char *out_data, int *out_size)
{
  u_char *challenge;
  u_char chap_challenge[16];
  uint8_t chap_id;

  // Get the implicit challenge.
  challenge = implicit_challenge();

  memcpy(&chap_challenge, challenge, 16);
}

void ttls_do_pap(char *out_data, int *out_size)
{
  char *username, *password, *tempbuf;
  int username_size, passwd_size;

  // Get the username from our configuration.  (We should probably change this
  // to allow a different username in phase 2... But, for now use the phase
  // one name.)
  username = get_username();

  password = get_password();
  if (password == NULL)
    {
      xlogf(DEBUG_NORMAL, "(TTLS Authentication) %s's Password : ",username);
      password = getpass("");  // Fix this.. It's obsolete.
      set_password(password);  // Update our config values.
    } else {
      xlogf(DEBUG_AUTHTYPES, "get_password returned a value!\n");
    }

  username_size = (strlen(username) + (strlen(username) % 4));
  avp_code = htonl(USER_NAME_AVP);  // Send our user name first.
  bitmask_avp_len = htonl((MANDITORY_FLAG << 24) + (username_size) + 8);
  //  printf("username_size = %d\n",username_size);

  tempbuf = (char *)malloc(username_size);
  bzero(tempbuf, username_size);
  memcpy(tempbuf, username, strlen(username));

  memcpy(&out_data[0], &avp_code, 4);
  memcpy(&out_data[4], &bitmask_avp_len, 4);
  memcpy(&out_data[8], tempbuf, username_size);

  free(tempbuf);

  // We have the username AVP loaded, so it's time to build the password AVP.
  passwd_size = (strlen(password) + (strlen(password) % 16));
  //  printf("passwd_size = %d\n",passwd_size);

  avp_code = htonl(USER_PASSWORD_AVP);
  bitmask_avp_len = htonl((MANDITORY_FLAG << 24) + passwd_size +8);

  tempbuf = (char *)malloc(passwd_size);
  bzero(tempbuf, passwd_size);
  memcpy(tempbuf, password, strlen(password));

  memcpy(&out_data[8+username_size], &avp_code, 4);
  memcpy(&out_data[8+username_size+4], &bitmask_avp_len, 4);
  memcpy(&out_data[8+username_size+4+4], tempbuf, passwd_size);

  *out_size = 8+username_size+4+4+passwd_size;

#if TTLS_PHASE2_DEBUG
  printf("Returning %d byte(s)\n", *out_size);

  printf("Hex out (in do_pap): \n");
  for (i=0;i<*out_size;i++)
    {
      printf("%02x ",out_data[i]);
    }
  printf("\n");
#endif
}

void ttls_do_phase2(char *out, int *out_size)
{
  int i;
  char *phase2name;

  // We need to see what phase 2 method we should use.
  // First, make sure that the method name is in all caps.
  phase2name = get_phase2auth();

  if (phase2name != NULL)
    {
      for (i=0;i<strlen(phase2name);i++)
	{
	  phase2name[i] = toupper(phase2name[i]);
	}

      i = 0;
      while ((phase2_auth_types[i]!=NULL) && (strncmp(phase2name, phase2_auth_types[i], strlen(phase2name)) != 0))
	{
	  i++;
	}

      if (phase2_auth_types[i] == NULL)
	{
	  xlogf(DEBUG_NORMAL, "Unknown phase 2 method!  Defaulting to PAP!\n");
	  ttls_do_pap(out, out_size);
	} else {
	  (*phase2_method[i])(out, out_size);
	}
    } else {
      ttls_do_pap(out, out_size);
    }

#if TTLS_PHASE2_DEBUG
  printf("Returning from do_phase2 : \n");
  for (i=0;i<*out_size;i++)
    {
      printf("%02x ",out[i]);
    }
  printf("\n");
#endif
}