/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/* With the exception of GetPasswordString, this file was
   copied from NSS's cmd/lib/secutil.c hg revision 8f011395145e */

#include "nss_secutil.h"

#include "prprf.h"
#ifdef XP_WIN
#  include <io.h>
#else
#  include <unistd.h>
#endif

#if defined(_WINDOWS)
char* quiet_fgets(char* buf, int length, FILE* input) {
  int c;
  char* end = buf;

  /* fflush (input); */
  memset(buf, 0, length);

  if (!isatty(fileno(input))) {
    return fgets(buf, length, input);
  }

  while (1) {
#  if defined(_WIN32_WCE)
    c = getchar(); /* gets a character from stdin */
#  else
    c = getch(); /* getch gets a character from the console */
#  endif
    if (c == '\b') {
      if (end > buf) end--;
    }

    else if (--length > 0)
      *end++ = c;

    if (!c || c == '\n' || c == '\r') break;
  }

  return buf;
}
#endif

char* GetPasswordString(void* arg, char* prompt) {
  FILE* input = stdin;
  char phrase[200] = {'\0'};
  int isInputTerminal = isatty(fileno(stdin));

#ifndef _WINDOWS
  if (isInputTerminal) {
    static char consoleName[] = {
#  ifdef XP_UNIX
        "/dev/tty"
#  else
        "CON:"
#  endif
    };

    input = fopen(consoleName, "r");
    if (input == NULL) {
      fprintf(stderr, "Error opening input terminal for read\n");
      return NULL;
    }
  }
#endif

  if (isInputTerminal) {
    fprintf(stdout, "Please enter your password:\n");
    fflush(stdout);
  }

  if (!QUIET_FGETS(phrase, sizeof(phrase), input)) {
    fprintf(stderr, "QUIET_FGETS failed\n");
    return NULL;
  }

  if (isInputTerminal) {
    fprintf(stdout, "\n");
  }

#ifndef _WINDOWS
  if (isInputTerminal) {
    fclose(input);
  }
#endif

  /* Strip off the newlines if present */
  if (phrase[PORT_Strlen(phrase) - 1] == '\n' ||
      phrase[PORT_Strlen(phrase) - 1] == '\r') {
    phrase[PORT_Strlen(phrase) - 1] = 0;
  }
  return (char*)PORT_Strdup(phrase);
}

char* SECU_FilePasswd(PK11SlotInfo* slot, PRBool retry, void* arg) {
  char *phrases, *phrase;
  PRFileDesc* fd;
  int32_t nb;
  char* pwFile = arg;
  int i;
  const long maxPwdFileSize = 4096;
  char* tokenName = NULL;
  int tokenLen = 0;

  if (!pwFile) return 0;

  if (retry) {
    return 0; /* no good retrying - the files contents will be the same */
  }

  phrases = PORT_ZAlloc(maxPwdFileSize);

  if (!phrases) {
    return 0; /* out of memory */
  }

  fd = PR_Open(pwFile, PR_RDONLY, 0);
  if (!fd) {
    fprintf(stderr, "No password file \"%s\" exists.\n", pwFile);
    PORT_Free(phrases);
    return NULL;
  }

  nb = PR_Read(fd, phrases, maxPwdFileSize);

  PR_Close(fd);

  if (nb == 0) {
    fprintf(stderr, "password file contains no data\n");
    PORT_Free(phrases);
    return NULL;
  }

  if (slot) {
    tokenName = PK11_GetTokenName(slot);
    if (tokenName) {
      tokenLen = PORT_Strlen(tokenName);
    }
  }
  i = 0;
  do {
    int startphrase = i;
    int phraseLen;

    /* handle the Windows EOL case */
    while (phrases[i] != '\r' && phrases[i] != '\n' && i < nb) i++;
    /* terminate passphrase */
    if (i < nb) {
      phrases[i++] = '\0';
    }
    /* clean up any EOL before the start of the next passphrase */
    while ((i < nb) && (phrases[i] == '\r' || phrases[i] == '\n')) {
      phrases[i++] = '\0';
    }
    /* now analyze the current passphrase */
    phrase = &phrases[startphrase];
    if (!tokenName) break;
    if (PORT_Strncmp(phrase, tokenName, tokenLen)) continue;
    phraseLen = PORT_Strlen(phrase);
    if (phraseLen < (tokenLen + 1)) continue;
    if (phrase[tokenLen] != ':') continue;
    phrase = &phrase[tokenLen + 1];
    break;

  } while (i < nb);

  phrase = PORT_Strdup((char*)phrase);
  PORT_Free(phrases);
  return phrase;
}

char* SECU_GetModulePassword(PK11SlotInfo* slot, PRBool retry, void* arg) {
  char prompt[255];
  secuPWData* pwdata = (secuPWData*)arg;
  secuPWData pwnull = {PW_NONE, 0};
  secuPWData pwxtrn = {PW_EXTERNAL, "external"};
  char* pw;

  if (pwdata == NULL) pwdata = &pwnull;

  if (PK11_ProtectedAuthenticationPath(slot)) {
    pwdata = &pwxtrn;
  }
  if (retry && pwdata->source != PW_NONE) {
    PR_fprintf(PR_STDERR, "Incorrect password/PIN entered.\n");
    return NULL;
  }

  switch (pwdata->source) {
    case PW_NONE:
      sprintf(prompt,
              "Enter Password or Pin for \"%s\":", PK11_GetTokenName(slot));
      return GetPasswordString(NULL, prompt);
    case PW_FROMFILE:
      /* Instead of opening and closing the file every time, get the pw
       * once, then keep it in memory (duh).
       */
      pw = SECU_FilePasswd(slot, retry, pwdata->data);
      pwdata->source = PW_PLAINTEXT;
      pwdata->data = PL_strdup(pw);
      /* it's already been dup'ed */
      return pw;
    case PW_EXTERNAL:
      sprintf(prompt,
              "Press Enter, then enter PIN for \"%s\" on external device.\n",
              PK11_GetTokenName(slot));
      pw = GetPasswordString(NULL, prompt);
      if (pw) {
        memset(pw, 0, PORT_Strlen(pw));
        PORT_Free(pw);
      }
      /* Fall Through */
    case PW_PLAINTEXT:
      return PL_strdup(pwdata->data);
    default:
      break;
  }

  PR_fprintf(PR_STDERR, "Password check failed:  No password found.\n");
  return NULL;
}