/*
Usage: ./cert-match-name <domain name>...

This is a test program for the ssl_post_connect_check function,
specifically the wildcard matching code within it. It makes an SSL
connection to localhost on port 10000 and retrieves the server
certificate. It then matches each of the names given as command line
arguments against the names in the certificate. The ones that match are
printed out in this form:

+www.a.com
+www.b.com
END

The END is so you can distinguish an empty set of matching names from
the program failing to run correctly for some reason.

See test-wildcard.sh for the test driver that uses this program.
*/

#include <stdio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>

#include "ncat_core.h"


#define SSL_TRUST_FILE "wildcard-certs/ca.pem"
#define HOST "127.0.0.1"
#define PORT 10000

int ssl_post_connect_check(SSL *ssl, const char *hostname);

int main(int argc, char *argv[]){

  SSL_CTX *ctx;
  SSL *ssl;
  int sock,err,rc;
  union sockaddr_u server_addr;
  
  SSL_load_error_strings();
  SSL_library_init();

  ctx = SSL_CTX_new( SSLv23_client_method());
  if ( ! ctx ) {
    printf("OpenSSL failed to create a new SSL_CTX: %s \n", 
	  ERR_error_string(ERR_get_error(), NULL));
    return 0;
  }


  if (SSL_CTX_load_verify_locations(ctx,SSL_TRUST_FILE, NULL) != 1) {          
                printf("Could not load trusted certificates from %s.\n%s \n",
                    SSL_TRUST_FILE, ERR_error_string(ERR_get_error(), NULL));
      return 0;
   }

  /* Set a callback function (verify_callback) for peer certificate  verification */
  SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER,NULL); 
  
  /* Set the verification depth to 1 */
  SSL_CTX_set_verify_depth(ctx,1);

  
  sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
  if(sock == -1){
    printf("socket error \n");
    return 0;
  }

  memset (&server_addr.storage, '\0', sizeof(server_addr.storage));
  server_addr.in.sin_family      = AF_INET;
  server_addr.in.sin_port        = htons(PORT);       
  server_addr.in.sin_addr.s_addr = inet_addr(HOST); 
 
  err = connect(sock, &server_addr.sockaddr, sizeof(server_addr.storage));
  if(err == -1){
    printf("Connection failed \n");
    return 0;
  }
  
  ssl = SSL_new(ctx);
  SSL_set_fd(ssl, sock);

  rc = SSL_connect(ssl);
  if (rc != 1) {
      printf("SSL connect failed: %s \n",ERR_error_string(ERR_get_error(), NULL));
      return 1;
  }
    
  
  while(--argc){
    if (ssl_post_connect_check(ssl,*++argv))  
        printf("+%s\n",*argv);
  }
  printf("END\n");

  return 0;
}