/*

 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.  Oracle designates this

 * particular file as subject to the "Classpath" exception as provided

 * by Oracle in the LICENSE file that accompanied this code.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

#define UNICODE

#define _UNICODE

#include <windows.h>

#include <stdlib.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#define GSS_DLL_FILE

#include "gssapi.h"

#define SECURITY_WIN32

#include "sspi.h"

#pragma comment(lib, "secur32.lib")

#define DEBUG

#ifdef DEBUG

TCHAR _bb[256];

#define SEC_SUCCESS(Status) \

        ((Status) >= 0 ? TRUE: \

        (FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM|FORMAT_MESSAGE_IGNORE_INSERTS, \

            0, ss, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), _bb, 256, 0), \

        printf("SECURITY_STATUS: (%lx) %ls\n", ss, _bb), \

        FALSE))

#define PP(fmt, ...) \

        fprintf(stdout, "SSPI (%ld): ", __LINE__); \

        fprintf(stdout, fmt, ##__VA_ARGS__); \

        fprintf(stdout, "\n"); \

        fflush(stdout)

#else

#define SEC_SUCCESS(Status) ((Status) >= 0)

#define PP(dmt, ...)

#endif

// gss_name_t is Name*

// gss_cred_id_t is Credentials*. One CredHandle for each mech.

// gss_ctx_id_t is Context*

typedef struct {

    TCHAR PackageName[20];

    SEC_WCHAR* name;

} Name;

typedef struct {

    TCHAR PackageName[20];

    CredHandle* phCred;

    CtxtHandle hCtxt;

    DWORD cbMaxMessage;

    SecPkgContext_Sizes SecPkgContextSizes;

    SecPkgContext_NativeNames nnames;

    BOOLEAN established;

} Context;

typedef struct {

    TCHAR PackageName[20];

    CredHandle* phCred;

} OneCred;

typedef struct {

    int count;

    OneCred* creds;

    long time;

} Credential;

#ifdef __cplusplus

extern "C" {

#endif /* __cplusplus */

/* This section holds supporting functions that are not exported */

long

{

    ULARGE_INTEGER *a, *b;

    FILETIME fnow;

    GetSystemTimeAsFileTime(&fnow);

    a = (ULARGE_INTEGER*)time;

    b = (ULARGE_INTEGER*)&fnow;

    PP("Difference %ld", (long)((a->QuadPart - b->QuadPart) / 10000000));

    //return (long)((a->QuadPart - b->QuadPart) / 10000000);

    // TODO: Above value is not meaningful, pretend it's 1 day.

    return 86400L;

}

void

FillContextAfterEstablished(Context *pc)

{

    QueryContextAttributes(

            &pc->hCtxt, SECPKG_ATTR_SIZES, &pc->SecPkgContextSizes);

}

Context*

NewContext(TCHAR* PackageName)

{

    SECURITY_STATUS ss;

    PSecPkgInfo pkgInfo;

    Context* out = (Context*)malloc(sizeof(Context));

    ss = QuerySecurityPackageInfo(PackageName, &pkgInfo);

    if (!SEC_SUCCESS(ss)) {

        return NULL;

    }

    out->phCred = NULL;

    out->cbMaxMessage = pkgInfo->cbMaxToken;

    PP("   QuerySecurityPackageInfo %ls goes %ld", PackageName, out->cbMaxMessage);

    wcscpy(out->PackageName, PackageName);

    FreeContextBuffer(pkgInfo);

    return out;

}

int

flagSspi2Gss(int fin)

{

	int fout = 0;

	if (fin & ISC_REQ_MUTUAL_AUTH) fout |= GSS_C_MUTUAL_FLAG;

	if (fin & ISC_REQ_CONFIDENTIALITY) fout |= GSS_C_CONF_FLAG;

	if (fin & ISC_REQ_DELEGATE) fout |= GSS_C_DELEG_FLAG;

	if (fin & ISC_REQ_INTEGRITY) fout |= GSS_C_INTEG_FLAG;

	if (fin & ISC_REQ_REPLAY_DETECT) fout |= GSS_C_REPLAY_FLAG;

	if (fin & ISC_REQ_SEQUENCE_DETECT) fout |= GSS_C_SEQUENCE_FLAG;

	return fout;

}

int

flagGss2Sspi(int fin)

{

	int fout = 0;

	if (fin & GSS_C_MUTUAL_FLAG) fout |= ISC_RET_MUTUAL_AUTH;

	if (fin & GSS_C_CONF_FLAG) fout |= ISC_RET_CONFIDENTIALITY;

	if (fin & GSS_C_DELEG_FLAG) fout |= ISC_RET_DELEGATE;

	if (fin & GSS_C_INTEG_FLAG) fout |= ISC_RET_INTEGRITY;

	if (fin & GSS_C_REPLAY_FLAG) fout |= ISC_RET_REPLAY_DETECT;

	if (fin & GSS_C_SEQUENCE_FLAG) fout |= ISC_RET_SEQUENCE_DETECT;

	return fout;

}

BOOLEAN

isKerberosOID(gss_OID mech) {

}

BOOLEAN

isNegotiateOID(gss_OID mech) {

}

void

displayOID(gss_OID mech)

{

    if (isKerberosOID(mech)) {

        PP("Kerberos OID");

    } else if (isNegotiateOID(mech)) {

        PP("SPNEGO OID");

    } else {

        PP("UNKNOWN %d", mech->length);

    }

}

void

displayOidSet(gss_OID_set mechs)

{

    if (mechs == NULL) {

        PP("OID set is NULL");

        return;

    }

    PP("set.count is %d", (int)mechs->count);

    for (int i = 0; i < mechs->count; i++) {

        displayOID(&mechs->elements[i]);

    }

}

/* End support section */

/* This section holds exported functions that currently have no implementation */

__declspec(dllexport) OM_uint32

gss_release_name(OM_uint32 *minor_status,

                 gss_name_t *name)

{

    PP(">>>> Calling gss_release_name %p...", *name);

    if (name != NULL && *name != GSS_C_NO_NAME) {

        Name* name1 = (Name*)*name;

        if (name1->name != NULL) {

            delete[] name1->name;

        }

        delete name1;

        *name = GSS_C_NO_NAME;

    }

    return GSS_S_COMPLETE;

}

__declspec(dllexport) OM_uint32

gss_import_name(OM_uint32 *minor_status,

                gss_buffer_t input_name_buffer,

                gss_OID input_name_type,

                gss_name_t *output_name)

{

    PP(">>>> Calling gss_import_name...");

    Name* name1 = new Name;

    if (input_name_buffer == NULL || input_name_buffer->value == NULL

            || input_name_buffer->length == 0) {

        return GSS_S_CALL_INACCESSIBLE_READ;

    }

    int len = (int)input_name_buffer->length;

    LPSTR input = (LPSTR)input_name_buffer->value;

    BOOLEAN isNegotiate = true;

    if (input_name_type != NULL

        len -= (int)input[3] + 8;

        isNegotiate = (int)input[3] == 6;

        input = input + (int)input[3] + 8;

    }

    SEC_WCHAR* name = new SEC_WCHAR[len + 1];

    if (name == NULL) {

        goto err;

    }

    if (MultiByteToWideChar(CP_ACP, 0, input, len, name, len) == 0) {

        goto err;

    }

    name[len] = 0;

    if (input_name_type != NULL

        for (int i = 0; i < len; i++) {

            if (name[i] == '@') {

                name[i] = '/';

                break;

            }

        }

    }

    name1->name = name;

    lstrcpy(name1->PackageName, isNegotiate ? L"Negotiate" : L"Kerberos"); // TODO

    *output_name = (gss_name_t) name1;

    return GSS_S_COMPLETE;

err:

    if (name != NULL) {

        delete[] name;

    }

    delete name1;

    return GSS_S_FAILURE;

}

__declspec(dllexport) OM_uint32

gss_compare_name(OM_uint32 *minor_status,

                 gss_name_t name1,

                 gss_name_t name2,

                 int *name_equal)

{

    PP(">>>> Calling gss_compare_name...");

    if (name1 == NULL || name2 == NULL) {

        *name_equal = 0;

        return GSS_S_CALL_INACCESSIBLE_READ;

    }

    SEC_WCHAR* names1 = ((Name*)name1)->name;

    SEC_WCHAR* names2 = ((Name*)name2)->name;

    if (lstrcmp(names1, names2)) {

        *name_equal = 0;

    } else {

        *name_equal = 1;

    }

    return GSS_S_COMPLETE;

}

__declspec(dllexport) OM_uint32

gss_canonicalize_name(OM_uint32 *minor_status,

                      gss_name_t input_name,

                      gss_OID mech_type,

                      gss_name_t *output_name)

{

    PP(">>>> Calling gss_canonicalize_name...");

    Name* names1 = (Name*)input_name;

    Name* names2 = new Name;

    PP("new name at %p", names2);

    names2->name = new SEC_WCHAR[lstrlen(names1->name) + 1];

    wcscpy(names2->PackageName, isNegotiateOID(mech_type)

            ? L"Negotiate" : L"Kerberos");

    lstrcpy(names2->name, names1->name);

    *output_name = (gss_name_t)names2;

    return GSS_S_COMPLETE;

}

__declspec(dllexport) OM_uint32

gss_export_name(OM_uint32 *minor_status,

                gss_name_t input_name,

                gss_buffer_t exported_name)

{

    PP(">>>> Calling gss_export_name...");

    Name* name1 = (Name*)input_name;

    SEC_WCHAR* names = name1->name;

    TCHAR mech = name1->PackageName[0];

    PP("name is %ls %ls", name1->PackageName, name1->name);

    int len = (int)wcslen(names);

    if (len < 256) {

        // 04 01 00 ** 06 ** OID len:int32 name

        char* buffer = new char[10 + mechLen + len];

        buffer[0] = 4;

        buffer[1] = 1;

        buffer[2] = 0;

        buffer[3] = 2 + mechLen;

        buffer[4] = 6;

        buffer[5] = mechLen;

        buffer[6 + mechLen] = buffer[7 + mechLen] = buffer[8 + mechLen] = 0;

        buffer[9 + mechLen] = (char)len;

        WideCharToMultiByte(CP_ACP, 0, names, len, buffer+10+mechLen, len, NULL, NULL);

        exported_name->length = 10 + mechLen + len;

        exported_name->value = buffer;

        return GSS_S_COMPLETE;

    } else {

        return GSS_S_FAILURE;

    }

}

__declspec(dllexport) OM_uint32

gss_display_name(OM_uint32 *minor_status,

                 gss_name_t input_name,

                 gss_buffer_t output_name_buffer,

                 gss_OID *output_name_type)

{

    PP(">>>> Calling gss_display_name...");

    SEC_WCHAR* names = ((Name*)input_name)->name;

    int len = (int)wcslen(names);

    char* buffer = new char[len+1];

    WideCharToMultiByte(CP_ACP, 0, names, len, buffer, len, NULL, NULL);

    buffer[len] = 0;

    output_name_buffer->length = len;

    output_name_buffer->value = buffer;

    PP("Name found: %ls", names);

    PP("%d [%s]", len, buffer);

    if (output_name_type != NULL) {

    }

    return GSS_S_COMPLETE;

}

__declspec(dllexport) OM_uint32

gss_acquire_cred(OM_uint32 *minor_status,

                 gss_name_t desired_name,

                 OM_uint32 time_req,

                 gss_OID_set desired_mech,

                 gss_cred_usage_t cred_usage,

                 gss_cred_id_t *output_cred_handle,

                 gss_OID_set *actual_mechs,

                 OM_uint32 *time_rec)

{

    PP(">>>> Calling gss_acquire_cred...");

    SECURITY_STATUS ss;

    TimeStamp ts;

	ts.QuadPart = 0;

	cred_usage = 0;

    PP("AcquireCredentialsHandle with %d %p", cred_usage, desired_mech);

    displayOidSet(desired_mech);

    Credential* cred = new Credential();

    cred->count = (int)desired_mech->count;

    cred->creds = new OneCred[cred->count];

    for (int i = 0; i < cred->count; i++) {

        TCHAR* name = isKerberosOID(&desired_mech->elements[i])

                ? L"Kerberos" : L"Negotiate";

        wcscpy(cred->creds[i].PackageName, name);

        cred->creds[i].phCred = new CredHandle();

        ss = AcquireCredentialsHandle(

                NULL,

                name,

                cred_usage == 0 ? SECPKG_CRED_BOTH :

                    (cred_usage == 1 ? SECPKG_CRED_OUTBOUND : SECPKG_CRED_INBOUND),

                NULL,

                NULL,

                NULL,

                NULL,

                cred->creds[i].phCred,

                &ts);

    }

    actual_mechs = &desired_mech; // dup?

    *output_cred_handle = (void*)cred;

    if (time_rec != NULL) {

        *time_rec = cred->time;

    }

    if (desired_name != NULL) {

        gss_name_t realname;

        gss_inquire_cred(minor_status, *output_cred_handle, &realname,

                NULL, NULL, NULL);

        SEC_WCHAR* dnames = ((Name*)desired_name)->name;

        SEC_WCHAR* rnames = ((Name*)realname)->name;

        PP("comp name %ls %ls", dnames, rnames);

        int cmp = lstrcmp(dnames, rnames);

        gss_release_name(minor_status, &realname);

        return cmp ? GSS_S_FAILURE : GSS_S_COMPLETE; // Only support default cred

    }

    return GSS_S_COMPLETE;

}

__declspec(dllexport) OM_uint32

gss_release_cred(OM_uint32 *minor_status,

                 gss_cred_id_t *cred_handle)

{

    PP(">>>> Calling gss_release_cred...");

    if (cred_handle && *cred_handle) {

        Credential* cred = (Credential*)*cred_handle;

        for (int i = 0; i < cred->count; i++) {

            FreeCredentialsHandle(cred->creds[i].phCred);

            delete cred->creds[i].phCred;

        }

        delete cred;

        *cred_handle = GSS_C_NO_CREDENTIAL;

    }

    return GSS_S_COMPLETE;

}

__declspec(dllexport) OM_uint32

gss_inquire_cred(OM_uint32 *minor_status,

                 gss_cred_id_t cred_handle,

                 gss_name_t *name,

                 OM_uint32 *lifetime,

                 gss_cred_usage_t *cred_usage,

                 gss_OID_set *mechanisms)

{

    PP(">>>> Calling gss_inquire_cred...");

    CredHandle* cred = ((Credential*)cred_handle)->creds[0].phCred;

    SECURITY_STATUS ss;

    if (name) {

        SecPkgCredentials_Names snames;

        ss = QueryCredentialsAttributes(cred, SECPKG_CRED_ATTR_NAMES, &snames);

        SEC_WCHAR* names = new SEC_WCHAR[lstrlen(snames.sUserName) + 1];

        lstrcpy(names, snames.sUserName);

        FreeContextBuffer(&snames);

        PP("new name at %p", names);

        Name* name1 = new Name;

        name1->name = names;

        lstrcpy(name1->PackageName, ((Credential*)cred_handle)->creds[0].PackageName);

        *name = (gss_name_t) name1;

    }

    if (lifetime) {

        *lifetime = ((Credential*)cred_handle)->time;

    }

    // Others inquiries not supported yet

    return GSS_S_COMPLETE;

}

__declspec(dllexport) OM_uint32

gss_import_sec_context(OM_uint32 *minor_status,

                       gss_buffer_t interprocess_token,

                       gss_ctx_id_t *context_handle)

{

    PP(">>>> Calling UNIMPLEMENTED gss_import_sec_context...");

    return GSS_S_FAILURE;

}