#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <ctype.h>
#include <tlmplib.h>
#include "internal.h"
#include "apache.m"
#include <misc.h>
#include <popen.h>

static HELP_FILE help_csr ("apache","certrequest");

static CONFIG_FILE f_pemfile ("/etc/httpd/conf/ssl.csr",help_csr
	,CONFIGF_OPTIONAL|CONFIGF_NOARCH
	,"root","root",0600);


static int makecert_checkaccess (const char *pemfile)
{
	int ret = -1;
	if (file_type(pemfile)==0){
		ret = access (pemfile,W_OK);
	}else{
		// The file does not exist, check if the directory is writable
		char tmp[strlen(pemfile)+1];
		strcpy (tmp,pemfile);
		char *pt = strrchr (tmp,'/');
		if (pt != NULL){
			*pt = '\0';
			ret = access (tmp,W_OK);
		}else{
			ret = access (".",W_OK);
		}
	}
	return ret;
}

<mod>
PUBLIC int HTTPD_CONFIG::certreq ()
{
	int ret = -1;
	DIALOG dia;
	SSTRING country,state,city,org,dep,name,email;
	{
		char tmp[1000];
		if (gethostname(tmp,sizeof(tmp)-1)!=-1){
			name.setfrom (tmp);
		}
	}
	dia.newf_str (MSG_U(F_COUNTRY,"ISO Country code (Two letters)"),country,5);
	dia.last_noempty();
	dia.newf_str (MSG_U(F_STATE,"State or province"),state);
	dia.newf_str (MSG_U(F_CITY,"City"),city);
	dia.last_noempty();
	dia.newf_str (MSG_U(F_COMPANY,"Organisation/Company"),org);
	dia.newf_str (MSG_U(F_DEPARTMENT,"Department"),dep);
	dia.newf_str (MSG_U(F_NAME,"Machine name + domain"),name);
	dia.last_noempty();
	dia.newf_str (MSG_U(F_EMAIL,"Your email address"),email);
	dia.last_noempty();
	SSTRING pemfile;
	pemfile.setfromf ("%s/server.csr",f_pemfile.getpath());
	int pemfile_field = dia.getnb();
	dia.newf_str (MSG_U(F_PEMFILE,"Certificate to produce"),pemfile);
	dia.last_noempty();
	int nof = 0;
	while (1){
		MENU_STATUS code = dia.edit (MSG_U(T_LNXCERTIFICATE
			,"Linuxconf SSL certificate generation")
			,MSG_U(I_LNXCERTIFICATE
				,"Fill the following form and a special certificate\n"
				 "will be produced.")
				,help_csr
				,nof);
		if (code == MENU_CANCEL || code == MENU_ESCAPE){
			break;
		}else if (country.getlen()!=2
			|| !isalpha(country.get()[0])
			|| !isalpha(country.get()[1])){
			nof = 0;
			xconf_error (MSG_U(E_COUNTRY,"Country must be a 2 letters code"));
		}else if (makecert_checkaccess(pemfile.get())==-1){
			nof = pemfile_field;
			xconf_error (MSG_U(E_ACCESS
				,"You are not allowed to write the file\n"
				 "%s.\n"
				 "Either run makecert as root or pick a different path")
				,pemfile.get());
		}else{
			SSTRING oldpem;
			oldpem.setfromf ("%s.old",pemfile.get());
			rename (pemfile.get(),oldpem.get());
			POPEN pop ("apache.makesslcert",pemfile.get());
			if (pop.isok()){
				FILE *fout = pop.getfout();
				fprintf (fout,"%s\n",country.get());
				fprintf (fout,"%s\n",state.get());
				fprintf (fout,"%s\n",city.get());
				fprintf (fout,"%s\n",org.get());
				fprintf (fout,"%s\n",dep.get());
				fprintf (fout,"%s\n",name.get());
				fprintf (fout,"%s\n",email.get());
				fflush (fout);
				for (int i=0; i<20; i++){
					int ok = pop.wait(1);
					if (ok < 0) break;
					char line[1000];
					while (pop.readerr(line,sizeof(line))>0){
						xconf_error (MSG_U(E_ERRSSL
							,"Error from the certificate generation process\n"
							 "\n%s"),line);
					}
					while (pop.readout(line,sizeof(line))>0){
						xconf_notice ("%s",line);
					}
				}
				pop.close();
				ret = pop.getstatus();
				if (ret == 0){
					xconf_notice (MSG_U(N_CERTOK
						,"Certificate request %s\n"
						 "was successfully created"),pemfile.get());
				}else{
					xconf_error (MSG_U(E_FAILCREATE
						,"Can't create the certificate"));
				}
				break;
			}else{
				xconf_error (MSG_R(E_FAILCREATE));
			}
		}
	}
	return ret;
}
</mod>

<mod>
PUBLIC int HTTPD_CONFIG::signreq ()
{
	return 0;
}
</mod>