//    Copyright (C) 2020-2021 Jakub Melka
//
//    This file is part of Pdf4Qt.
//
//    Pdf4Qt is free software: you can redistribute it and/or modify
//    it under the terms of the GNU Lesser General Public License as published by
//    the Free Software Foundation, either version 3 of the License, or
//    with the written consent of the copyright owner, any later version.
//
//    Pdf4Qt is distributed in the hope that it will be useful,
//    but WITHOUT ANY WARRANTY; without even the implied warranty of
//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//    GNU Lesser General Public License for more details.
//
//    You should have received a copy of the GNU Lesser General Public License
//    along with Pdf4Qt.  If not, see <https://www.gnu.org/licenses/>.

#ifndef PDFSIGNATUREHANDLER_IMPL_H
#define PDFSIGNATUREHANDLER_IMPL_H

#include "pdfsignaturehandler.h"

#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pkcs7.h>

namespace pdf
{

/// PKCS7 public key signature handler
class PDFPublicKeySignatureHandler : public PDFSignatureHandler
{
protected:
    explicit PDFPublicKeySignatureHandler(const PDFFormFieldSignature* signatureField, const QByteArray& sourceData, const Parameters& parameters) :
        m_signatureField(signatureField),
        m_sourceData(sourceData),
        m_parameters(parameters)
    {

    }

    void initializeResult(PDFSignatureVerificationResult& result) const;
    void verifyCertificate(PDFSignatureVerificationResult& result) const;
    void verifySignature(PDFSignatureVerificationResult& result) const;
    void addTrustedCertificates(X509_STORE* store) const;

    virtual BIO* getSignedDataBuffer(PDFSignatureVerificationResult& result, QByteArray& outputBuffer) const;

public:
    /// Return a list of certificates from PKCS7 object
    static STACK_OF(X509)* getCertificates(PKCS7* pkcs7);

    /// Return certificate info for given certificate
    static PDFCertificateInfo getCertificateInfo(X509* certificate);

    /// Returns name converted to QString
    static QString getStringFromX509Name(X509_NAME* name, int nid);

    /// Returns ASN1 string converted to QString
    static QString getStringFromASN1_STRING(ASN1_STRING* string);

    /// Converts ASN time to QDateTime. If conversion fails, then invalid
    /// datetime is returned.
    static QDateTime getDateTimeFromASN(const ASN1_TIME* time);

protected:
    /// Add hash algorithm from signer info stack. If \p signerInfoStack is nullptr,
    /// then nothing happens. If multiple signer hash algorithms are present,
    /// then they are all added.
    /// \param signerInfoStack Signer stack
    /// \param result Result, to which algorithm is added
    static void addHashAlgorithmFromSignerInfoStack(STACK_OF(PKCS7_SIGNER_INFO)* signerInfoStack, PDFSignatureVerificationResult& result);

    /// Add signing date/time from signer info stack. If there are multiple signature
    /// infos, nothing is added (because we can't decide, which one is right).
    /// \param signerInfoStack Signer info stack
    /// \param result Verification, to which signature date is being set
    static void addSignatureDateFromSignerInfoStack(STACK_OF(PKCS7_SIGNER_INFO)* signerInfoStack, PDFSignatureVerificationResult& result);

protected:
    const PDFFormFieldSignature* m_signatureField;
    QByteArray m_sourceData;
    Parameters m_parameters;
};

class PDFSignatureHandler_adbe_pkcs7_detached : public PDFPublicKeySignatureHandler
{
public:
    explicit PDFSignatureHandler_adbe_pkcs7_detached(const PDFFormFieldSignature* signatureField, const QByteArray& sourceData, const Parameters& parameters) :
        PDFPublicKeySignatureHandler(signatureField, sourceData, parameters)
    {

    }

    virtual PDFSignatureVerificationResult verify() const override;
};

class PDFSignatureHandler_adbe_pkcs7_rsa_sha1 : public PDFPublicKeySignatureHandler
{
public:
    explicit PDFSignatureHandler_adbe_pkcs7_rsa_sha1(const PDFFormFieldSignature* signatureField, const QByteArray& sourceData, const Parameters& parameters) :
        PDFPublicKeySignatureHandler(signatureField, sourceData, parameters)
    {

    }

    virtual PDFSignatureVerificationResult verify() const override;

private:
    X509* createCertificate(size_t index) const;
    bool getMessageDigest(const QByteArray& message, ASN1_OCTET_STRING* encryptedString, RSA* rsa, int& algorithmNID, QByteArray& digest) const;
    bool getMessageDigestAlgorithm(ASN1_OCTET_STRING* encryptedString, RSA* rsa, int& algorithmNID) const;

    void verifyRSACertificate(PDFSignatureVerificationResult& result) const;
    void verifyRSASignature(PDFSignatureVerificationResult& result) const;
};

class PDFSignatureHandler_adbe_pkcs7_sha1 : public PDFPublicKeySignatureHandler
{
public:
    explicit PDFSignatureHandler_adbe_pkcs7_sha1(const PDFFormFieldSignature* signatureField, const QByteArray& sourceData, const Parameters& parameters) :
        PDFPublicKeySignatureHandler(signatureField, sourceData, parameters)
    {

    }

    virtual PDFSignatureVerificationResult verify() const override;

protected:
    virtual BIO* getSignedDataBuffer(PDFSignatureVerificationResult& result, QByteArray& outputBuffer) const override;
};

class PDFSignatureHandler_ETSI_base : public PDFPublicKeySignatureHandler
{
public:
    explicit PDFSignatureHandler_ETSI_base(const PDFFormFieldSignature* signatureField, const QByteArray& sourceData, const Parameters& parameters) :
        PDFPublicKeySignatureHandler(signatureField, sourceData, parameters)
    {

    }

protected:
    void verifyCertificateCAdES(PDFSignatureVerificationResult& result, int purpose) const;
    static int verifyCallback(int ok, X509_STORE_CTX* context);
};

class PDFSignatureHandler_ETSI_CAdES_detached : public PDFSignatureHandler_ETSI_base
{
public:
    explicit PDFSignatureHandler_ETSI_CAdES_detached(const PDFFormFieldSignature* signatureField, const QByteArray& sourceData, const Parameters& parameters) :
        PDFSignatureHandler_ETSI_base(signatureField, sourceData, parameters)
    {

    }

    virtual PDFSignatureVerificationResult verify() const override;
};

class PDFSignatureHandler_ETSI_RFC3161: public PDFSignatureHandler_ETSI_base
{
public:
    explicit PDFSignatureHandler_ETSI_RFC3161(const PDFFormFieldSignature* signatureField, const QByteArray& sourceData, const Parameters& parameters) :
        PDFSignatureHandler_ETSI_base(signatureField, sourceData, parameters)
    {

    }

    virtual PDFSignatureVerificationResult verify() const override;

private:
    void verifySignatureTimestamp(PDFSignatureVerificationResult& result) const;
};

}   // namespace pdf

#endif // PDFSIGNATUREHANDLER_IMPL_H