/* clu_genkey_setup.c
 *
 * Copyright (C) 2006-2020 wolfSSL Inc.
 *
 * This file is part of wolfSSL. (formerly known as CyaSSL)
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
 */

#include "clu_include/clu_header_main.h"
#include "clu_include/genkey/clu_genkey.h"
#include "clu_include/x509/clu_cert.h"  /* argument checking */

int wolfCLU_genKeySetup(int argc, char** argv)
{
    char     keyOutFName[MAX_FILENAME_SZ];  /* default outFile for genKey */
    char     defaultFormat[4] = "der\0";
    FILE*    fStream;
    WC_RNG   rng;

    char*    keyType = NULL;       /* keyType */
    char*    format  = defaultFormat;

    int      formatArg  =   DER_FORM;
    int      size       =   0;  /* keysize */
    int      ret        =   0;  /* return variable */
    int      i          =   0;  /* loop counter */

    ret = wolfCLU_checkForArg("-h", 2, argc, argv);
    if (ret > 0) {
        wolfCLU_genKeyHelp();
        return 0;
    }

    XMEMSET(keyOutFName, 0, MAX_FILENAME_SZ);

    keyType = argv[2];

    ret = wc_InitRng(&rng);

    ret = wolfCLU_checkForArg("-out", 4, argc, argv);
    if (ret > 0) {
        if (argv[ret+1] != NULL) {
            XSTRNCPY(keyOutFName, argv[ret+1], XSTRLEN(argv[ret+1]));
        } else {
            printf("ERROR: No output file name specified\n");
            wolfCLU_genKeyHelp();
            return USER_INPUT_ERROR;
        }
    } else {
        printf("ERROR: Please specify an output file name\n");
        wolfCLU_genKeyHelp();
        return USER_INPUT_ERROR;
    }

    ret = wolfCLU_checkForArg("-outform", 8, argc, argv);
    if (ret > 0) {
        format = argv[ret+1];
    }
    ret = wolfCLU_checkOutform(format);
    if (ret == PEM_FORM || ret == DER_FORM) {
        printf("OUTPUT A %s FILE\n", (ret == PEM_FORM)? "PEM": "DER");
        formatArg = ret;
    } else {
        printf("ERROR: \"%s\" is not a valid file format\n", format);
        return ret;
    }

    /* type of key to generate */
    if (0) {
        /* force fail w/ check on condition "false" */
    } else if (XSTRNCMP(keyType, "ed25519", 7) == 0) {

    #ifdef HAVE_ED25519

        ret = wolfCLU_checkForArg("-output", 7, argc, argv);
        if (ret > 0) {
            if (argv[ret+1] != NULL) {
                if (XSTRNCMP(argv[ret+1], "pub", 3) == 0)
                    ret = wolfCLU_genKey_ED25519(&rng, keyOutFName, PUB_ONLY,
                                                                     formatArg);
                else if (XSTRNCMP(argv[ret+1], "priv", 4) == 0)
                    ret = wolfCLU_genKey_ED25519(&rng, keyOutFName, PRIV_ONLY,
                                                                     formatArg);
                else if (XSTRNCMP(argv[ret+1], "keypair", 7) == 0)
                    ret = wolfCLU_genKey_ED25519(&rng, keyOutFName,
                                                       PRIV_AND_PUB, formatArg);
            }
        } else {
            printf("No -output <PUB/PRIV/KEYPAIR>\n");
            printf("DEFAULT: output public and private key pair\n");
            ret = wolfCLU_genKey_ED25519(&rng, keyOutFName, PRIV_AND_PUB,
                                                                     formatArg);
        }
    #else
        printf("Invalid option, ED25519 not enabled.\n");
        printf("Please re-configure wolfSSL with --enable-ed25519 and "
               "try again\n");
        return NOT_COMPILED_IN;
    #endif /* HAVE_ED25519 */

    } else if (XSTRNCMP(keyType, "ecc", 3) == 0) {
    #if defined(HAVE_ECC) && defined(WOLFSSL_KEY_GEN)
        /* ECC flags */
        int directiveArg;
        int sizeArg;

        printf("generate ECC key\n");

        /* get the directive argument */
        ret = wolfCLU_checkForArg("-output", 7, argc, argv);
        if (ret > 0) {
            if (argv[ret+1] != NULL) {
                if (XSTRNCMP(argv[ret+1], "pub", 3) == 0)
                    directiveArg = PUB_ONLY;
                else if (XSTRNCMP(argv[ret+1], "priv", 4) == 0)
                    directiveArg = PRIV_ONLY;
                else if (XSTRNCMP(argv[ret+1], "keypair", 7) == 0)
                    directiveArg = PRIV_AND_PUB;
            }
        } else {
            printf("No -output <PUB/PRIV/KEYPAIR>\n");
            printf("DEFAULT: output public and private key pair\n");
            directiveArg = PRIV_AND_PUB;
        }

        /* get the size argument */
        ret = wolfCLU_checkForArg("-size", 5, argc, argv);
        if (ret > 0) {
            if (argv[ret+1] != NULL) {
                char* cur;
                /* make sure it's an integer */
                if (*argv[ret+1] == '\0') {
                    printf("Empty -size argument, using 32\n");
                    sizeArg = 32;
                }
                else {
                    for (cur = argv[ret+1]; *cur && isdigit(*cur); ++cur);
                    if (*cur == '\0') {
                        sizeArg = atoi(argv[ret+1]);
                    }
                    else {
                        printf("Invalid -size (%s), using 32\n",
                               argv[ret+1]);
                        sizeArg = 32;
                    }
                }
            }
        } else {
            printf("No -size <SIZE>\n");
            printf("DEFAULT: use a 32 ECC key\n");
            sizeArg = 32;
        }

        ret = wolfCLU_genKey_ECC(&rng, keyOutFName, directiveArg,
                                 formatArg, sizeArg);
    #else
        printf("Invalid option, ECC not enabled.\n");
        printf("Please re-configure wolfSSL with --enable-ecc and "
               "try again\n");
        return NOT_COMPILED_IN;
    #endif /* HAVE_ECC */
    } else if (XSTRNCMP(keyType, "rsa", 3) == 0) {
    #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
        /* RSA flags */
        int directiveArg;
        int sizeArg;
        int expArg;

        printf("generate RSA key\n");

        /* get the directive argument */
        ret = wolfCLU_checkForArg("-output", 7, argc, argv);
        if (ret > 0) {
            if (argv[ret+1] != NULL) {
                if (XSTRNCMP(argv[ret+1], "pub", 3) == 0)
                    directiveArg = PUB_ONLY;
                else if (XSTRNCMP(argv[ret+1], "priv", 4) == 0)
                    directiveArg = PRIV_ONLY;
                else if (XSTRNCMP(argv[ret+1], "keypair", 7) == 0)
                    directiveArg = PRIV_AND_PUB;
            }
        } else {
            printf("No -output <PUB/PRIV/KEYPAIR>\n");
            printf("DEFAULT: output public and private key pair\n");
            directiveArg = PRIV_AND_PUB;
        }

        /* get the size argument */
        ret = wolfCLU_checkForArg("-size", 5, argc, argv);
        if (ret > 0) {
            if (argv[ret+1] != NULL) {
                char* cur;
                /* make sure it's an integer */
                if (*argv[ret+1] == '\0') {
                    printf("Empty -size argument, using 2048\n");
                    sizeArg = 2048;
                }
                else {
                    for (cur = argv[ret+1]; *cur && isdigit(*cur); ++cur);
                    if (*cur == '\0') {
                        sizeArg = atoi(argv[ret+1]);
                    }
                    else {
                        printf("Invalid -size (%s), using 2048\n",
                               argv[ret+1]);
                        sizeArg = 2048;
                    }
                }
            }
        } else {
            printf("No -size <SIZE>\n");
            printf("DEFAULT: use a 2048 RSA key\n");
            sizeArg = 2048;
        }

        /* get the exponent argument */
        ret = wolfCLU_checkForArg("-exponent", 9, argc, argv);
        if (ret > 0) {
            if (argv[ret+1] != NULL) {
                char* cur;
                /* make sure it's an integer */
                if (*argv[ret+1] == '\0') {
                    printf("Empty -exponent argument, using 65537\n");
                    expArg = 65537;
                }
                else {
                    for (cur = argv[ret+1]; *cur && isdigit(*cur); ++cur);
                    if (*cur == '\0') {
                        sizeArg = atoi(argv[ret+1]);
                    }
                    else {
                        printf("Invalid -exponent (%s), using 65537\n",
                               argv[ret+1]);
                        expArg = 65537;
                    }
                }
            }
        } else {
            printf("No -exponent <SIZE>\n");
            printf("DEFAULT: use an exponent of 65537\n");
            expArg = 65537;
        }

        ret = wolfCLU_genKey_RSA(&rng, keyOutFName, directiveArg,
                                 formatArg, sizeArg, expArg);
    #else
        printf("Invalid option, RSA not enabled.\n");
        printf("Please re-configure wolfSSL with --enable-rsa and "
               "try again\n");
        return NOT_COMPILED_IN;
    #endif /* NO_RSA */
    } else {
        printf("\"%s\" is an invalid key type, or not compiled in\n", keyType);
        return USER_INPUT_ERROR;
    }

    return ret;
}