/**
 * @file llsecapi.cpp
 * @brief Security API for services such as certificate handling
 * secure local storage, etc.
 *
 * $LicenseInfo:firstyear=2009&license=viewerlgpl$
 * Second Life Viewer Source Code
 * Copyright (C) 2010, Linden Research, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation;
 * version 2.1 of the License only.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 *
 * Linden Research, Inc., 945 Battery Street, San Francisco, CA  94111  USA
 * $/LicenseInfo$
 */


#include "llviewerprecompiledheaders.h"
#include "llsecapi.h"
#include "llsechandler_basic.h"
#include "llexception.h"
#include "stringize.h"
#include <openssl/evp.h>
#include <openssl/err.h>
#include <map>



std::map<std::string, LLPointer<LLSecAPIHandler> > gHandlerMap;
LLPointer<LLSecAPIHandler> gSecAPIHandler;

void initializeSecHandler()
{
    ERR_load_crypto_strings();
    OpenSSL_add_all_algorithms();

    gHandlerMap[BASIC_SECHANDLER] = new LLSecAPIBasicHandler();


    // Currently, we only have the Basic handler, so we can point the main sechandler
    // pointer to the basic handler.  Later, we'll create a wrapper handler that
    // selects the appropriate sechandler as needed, for instance choosing the
    // mac keyring handler, with fallback to the basic sechandler
    gSecAPIHandler = gHandlerMap[BASIC_SECHANDLER];

    // initialize all SecAPIHandlers
    std::string exception_msg;
    std::map<std::string, LLPointer<LLSecAPIHandler> >::const_iterator itr;
    for(itr = gHandlerMap.begin(); itr != gHandlerMap.end(); ++itr)
    {
        LLPointer<LLSecAPIHandler> handler = (*itr).second;
        try
        {
            handler->init();
        }
        catch (LLProtectedDataException& e)
        {
            exception_msg = e.what();
        }
    }
    if (!exception_msg.empty())  // an exception was thrown.
    {
        LLTHROW(LLProtectedDataException(exception_msg));
    }

}

void clearSecHandler()
{
    gSecAPIHandler = NULL;
    gHandlerMap.clear();
}
// start using a given security api handler.  If the string is empty
// the default is used
LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type)
{
    if (gHandlerMap.find(handler_type) != gHandlerMap.end())
    {
        return gHandlerMap[handler_type];
    }
    else
    {
        return LLPointer<LLSecAPIHandler>(NULL);
    }
}
// register a handler
void registerSecHandler(const std::string& handler_type,
                        LLPointer<LLSecAPIHandler>& handler)
{
    gHandlerMap[handler_type] = handler;
}

std::ostream& operator <<(std::ostream& s, const LLCredential& cred)
{
    return s << (std::string)cred;
}

LLSD LLCredential::getLoginParams()
{
    LLSD result = LLSD::emptyMap();
    std::string username;
    try
    {
        if (mIdentifier["type"].asString() == "agent")
        {
            // legacy credential
            result["passwd"] = "$1$" + mAuthenticator["secret"].asString();
            result["first"] = mIdentifier["first_name"];
            result["last"] = mIdentifier["last_name"];
            username = result["first"].asString() + " " + result["last"].asString();
        }
        else if (mIdentifier["type"].asString() == "account")
        {
            result["username"] = mIdentifier["account_name"];
            result["passwd"] = mAuthenticator["secret"].asString();
            username = result["username"].asString();
        }
    }
    catch (...)
    {
        // nat 2016-08-18: not clear what exceptions the above COULD throw?!
        LOG_UNHANDLED_EXCEPTION(STRINGIZE("for '" << username << "'"));
        // we could have corrupt data, so simply return a null login param if so
        LL_WARNS("AppInit") << "Invalid credential" << LL_ENDL;
    }
    return result;
}

void LLCredential::identifierType(std::string &idType)
{
    if(mIdentifier.has("type"))
    {
        idType = mIdentifier["type"].asString();
    }
    else {
        idType = std::string();

    }
}

void LLCredential::authenticatorType(std::string &idType)
{
    if(mAuthenticator.has("type"))
    {
        idType = mAuthenticator["type"].asString();
    }
    else {
        idType = std::string();

    }
}

LLCertException::LLCertException(const LLSD& cert_data, const std::string& msg)
  : LLException(msg),
    mCertData(cert_data)
{
    LL_WARNS("SECAPI") << "Certificate Error: " << msg << LL_ENDL;
}