/* A simple standalone XML-RPC server program based on Abyss that uses SSL
   (Secure Sockets Layer) via OpenSSL.

   This server is not sophisticated enough to do any actual verification of
   client or server, but it works with a client that is willing to do an
   HTTPS connection using a non-authenticating cipher.  The 'curl_client'
   example program is one way to run such a client.

   Example:

     $ ./ssl_server 8080 &
     $ ./curl_client https://localhost:8080/RPC2

   You can drive the most difficult part of this example (initial SSL
   handshake) with the 'openssl' program that comes with OpenSSL, as follows.

      $ ./ssl_server 8080 &
      $ openssl s_client -connect localhost:8080 \
          -cipher @SECLEVEL=0,aNULL+eNULL -state

   The 'openssl' command connects and handshakes with the server, then waits
   for you to type stuff to send to the server.  You would have to type a
   complete HTTP header followed by a valid XML-RPC call to complete the
   demonstration.

   Note that the examples above do no authentication, so you don't have to
   supply certificates and keys to the server.  See the 'ssl_secure_server'
   example for that.

   Set environment variable ABYSS_TRACE_SWITCH=1 for the server to see what it
   is doing and even get error information from the OpenSSL library if it
   doesn't work.

   This uses the "provide your own Abyss server" mode of operation,
   as opposed to other Xmlrpc-c facilities that create an Abyss server under
   the covers, because this is the only way to get SSL.

   NOTE: We deliberately don't check error indications here to make the code
   easier to read.  If you're having trouble getting this code to run, by all
   means add checks of the "error" and "env" variables!
*/

#define _XOPEN_SOURCE 600
#define WIN32_LEAN_AND_MEAN  /* required by xmlrpc-c/server_abyss.h */

#include <stdlib.h>
#include <stdio.h>
#include <signal.h>
#ifndef _WIN32
#include <sys/socket.h>
#include <netinet/in.h>
#endif

#include <openssl/ssl.h>

#include <xmlrpc-c/base.h>
#include <xmlrpc-c/abyss.h>
#include <xmlrpc-c/abyss_openssl.h>
#include <xmlrpc-c/server.h>
#include <xmlrpc-c/server_abyss.h>

#include "config.h"  /* information about this build environment */


static void
sslInfoCallback(const SSL * const sslP,
                int         const where,
                int         const ret) {

    int const state = where & ~SSL_ST_MASK;

    const char * stateStr;
    const char * eventStr;

    if (state & SSL_ST_CONNECT)
        stateStr = "CONNECT";
    else if (state & SSL_ST_ACCEPT)
        stateStr = "CONNECT";
    else
        stateStr = "???";

    if (where & SSL_CB_LOOP)
        eventStr = "LOOP";
    else if (where & SSL_CB_READ_ALERT)
        eventStr = "READ ALERT";
    else if (where & SSL_CB_WRITE_ALERT)
        eventStr = "WRITE ALERT";
    else if (where & SSL_CB_EXIT)
        eventStr = "HANDSHAKE ERROR EXIT";
    else if (where & SSL_CB_HANDSHAKE_START)
        eventStr = "HANDSHAKE START";
    else if (where & SSL_CB_HANDSHAKE_DONE)
        eventStr = "HANDSHAKE DONE";
    else
        eventStr = "???";

    fprintf(stderr, "Callback from openssl.  State = '%s'\n",
            SSL_state_string_long(sslP));
    fprintf(stderr, "  Stage = %s; event = %s\n",
            stateStr, eventStr);

    if (where & SSL_CB_ALERT) {
        fprintf(stderr, "  Alert type: '%s'\n",
                SSL_alert_type_string_long(ret));
        fprintf(stderr, "  Alert desc: '%s'\n",
                SSL_alert_desc_string_long(ret));
    }

    if (where & SSL_CB_EXIT) {
        if (ret == 0)
            fprintf(stderr, "  failed\n");
        else if (ret < 0)
            fprintf(stderr, "  error %d\n", ret);
        else
            fprintf(stderr, "  succeeded %d\n", ret);
    }
}



static SSL_CTX *
newSslCtx(void) {

    SSL_CTX * sslCtxP;

    sslCtxP = SSL_CTX_new(TLS_server_method());

    /* Make it willing to use a non-encrypting cipher (as we request below) */
    SSL_CTX_set_security_level(sslCtxP, 0);

    /* Make server able to use a null cipher for simplicity.  A null cipher
       doesn't do any encryption, which means you don't have to supply any
       certificates.  By default, Openssl servers refuse to use a null cipher.
    */
    SSL_CTX_set_cipher_list(sslCtxP, "AECDH-NULL-SHA");

    // Provide handy tracing to Standard Error of the SSL handshake
    SSL_CTX_set_info_callback(sslCtxP, sslInfoCallback);

    return sslCtxP;
}



static void
printPeerIpAddr(TSession * const abyssSessionP) {

#ifdef _WIN32
    struct abyss_win_chaninfo * channelInfoP;
#else
    struct abyss_unix_chaninfo * channelInfoP;
#endif
    struct sockaddr_in * sockAddrInP;
    unsigned char * ipAddr;  /* 4 byte array */

    SessionGetChannelInfo(abyssSessionP, (void*)&channelInfoP);

    sockAddrInP = (struct sockaddr_in *) &channelInfoP->peerAddr;

    ipAddr = (unsigned char *)&sockAddrInP->sin_addr.s_addr;

    printf("RPC is from IP address %u.%u.%u.%u\n",
           ipAddr[0], ipAddr[1], ipAddr[2], ipAddr[3]);
}



static xmlrpc_server_shutdown_fn requestShutdown;

static void
shutdownAbyss(xmlrpc_env * const faultP,
              void *       const context,
              const char * const comment,
              void *       const callInfo) {

    TServer * const abyssServerP = context;

    xmlrpc_env_init(faultP);

    ServerTerminate(abyssServerP);
}



static xmlrpc_value *
sample_add(xmlrpc_env *   const envP,
           xmlrpc_value * const paramArrayP,
           void *         const serverInfo,
           void *         const channelInfo) {

    xmlrpc_int x, y, z;

    printPeerIpAddr(channelInfo);

    /* Parse our argument array. */
    xmlrpc_decompose_value(envP, paramArrayP, "(ii)", &x, &y);
    if (envP->fault_occurred)
        return NULL;

    /* Add our two numbers. */
    z = x + y;

    /* Return our result. */
    return xmlrpc_build_value(envP, "i", z);
}



int
main(int           const argc,
     const char ** const argv) {

    struct xmlrpc_method_info3 const methodInfo = {
        .methodName     = "sample.add",
        .methodFunction = &sample_add,
        .serverInfo = NULL
    };

    SSL_CTX * sslCtxP;
    TChanSwitch * chanSwitchP;
    TServer abyssServer;
    xmlrpc_registry * registryP;
    xmlrpc_env env;
    const char * error;

    if (argc-1 != 1) {
        fprintf(stderr, "You must specify 1 argument:  The TCP port number "
                "on which to listen for XML-RPC calls.  "
                "You specified %d.\n",  argc-1);
        exit(1);
    }

    AbyssInit(&error);

    xmlrpc_env_init(&env);

    sslCtxP = newSslCtx();

    ChanSwitchOpenSslCreateIpV4Port(atoi(argv[1]), sslCtxP,
                                    &chanSwitchP, &error);

    ServerCreateSwitch(&abyssServer, chanSwitchP, &error);

    registryP = xmlrpc_registry_new(&env);

    xmlrpc_registry_add_method3(&env, registryP, &methodInfo);

    xmlrpc_registry_set_shutdown(registryP, &shutdownAbyss, &abyssServer);

    xmlrpc_server_abyss_set_handlers2(&abyssServer, "/RPC2", registryP);

    ServerInit(&abyssServer);

    printf("Running server...\n");

    ServerRun(&abyssServer);
        /* This waits for TCP connections and processes them as XML-RPC
           RPCs indefinitely (until system.shutdown method performed).
        */

    ServerFree(&abyssServer);
    ChanSwitchDestroy(chanSwitchP);
    SSL_CTX_free(sslCtxP);
    AbyssTerm();

    return 0;
}