/* (C) 2003-2007 Willem Jan Hengeveld <itsme@xs4all.nl>
 * Web: http://www.xs4all.nl/~itsme/
 *      http://wiki.xda-developers.com/
 *
 * $Id: prapi.cpp 1749 2008-03-11 17:12:13Z itsme $
 */
#include <windows.h>
#include "debug.h"
#include <rapi.h>
#include "stringutils.h"
#include "args.h"
#include "filefunctions.h"

// note: CryptBinaryToString is not available on win2k or older systems.
//
// http://msdn.microsoft.com/library/en-us/mobilesdk5/html/wce51conconfigurationserviceproviderreferenceforwindowsmobiledevices.asp
// OMA-SyncML-DevInfo-DTD-V1_1_2-20030505-D.dtd
// OMA-WAP-ProvCont-v1_1-20021112-C
// http://www.openmobilealliance.org/release_program/index.html
//
//  <!-- Sample XML to query a certificate store  -->
//  <wap-provisioningdoc>
//  	<characteristic type="CertificateStore">
//  		<characteristic-query type="Privileged Execution Trust Authorities" />
//  		<characteristic-query type="Unprivileged Execution Trust Authorities" />
//  		<characteristic-query type="SPC" />
//  		<characteristic-query type="CA" />
//  		<characteristic-query type="Root" />
//  		<characteristic-query type="MY" />
//  	</characteristic>
//  </wap-provisioningdoc>
//
// done: return errlevel when the operation failed.
//
enum CertifiateStore {
    CERTSTORE_PRIVILEGED,       // for privileged apps (OEM_CERTIFY_TRUST)
    CERTSTORE_UNPRIVILEGED,     // for un-privileged apps (OEM_CERTIFY_RUN)
    CERTSTORE_SPC,              // for signed cabs
    CERTSTORE_CA,               // browser certificate authorities
    CERTSTORE_ROOT,             // browser root certificates
    CERTSTORE_MY,               // my browser certificates
};
const char* storenames[]= {
    "Privileged Execution Trust Authorities",
    "Unprivileged Execution Trust Authorities",
    "SPC",
    "CA",
    "Root",
    "MY",
};
#define CFGFLAG_PROCESS              0x0001
#define CFGFLAG_METADATA             0x0002

bool CalcSha1(const ByteVector& data, ByteVector &hash)
{
    HCRYPTPROV hProv;
    HCRYPTHASH hHash;
    if (!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
    {
        error("CryptAcquireContext");
        hProv= NULL;
        return false;
    }
    if (!CryptCreateHash(hProv, CALG_SHA1, 0, 0, &hHash))
    {
        error("CryptCreateHash");
        return false;
    }
    if (!CryptHashData(hHash, vectorptr(data), data.size(), 0))
    {
        error("CryptHashData");
        return false;
    }
    DWORD dwSize;
    if (!CryptGetHashParam(hHash, HP_HASHVAL, NULL, &dwSize, 0))
    {
        error("CryptGetHashParam");
        return false;
    }

    hash.resize(dwSize);
    if (!CryptGetHashParam(hHash, HP_HASHVAL, vectorptr(hash), &dwSize, 0))
    {
        error("CryptGetHashParam");
        return false;
    }

    CryptDestroyHash(hHash);
    hHash= NULL;
    CryptReleaseContext(hProv, 0);
    hProv= NULL;

    return true;
}
std::string CalcSha1Hex(const ByteVector& data)
{
    ByteVector hash;

    if (!CalcSha1(data, hash))
        return "ERROR";

    std::string hex;
    for (size_t i=0 ; i<hash.size() ; i++)
        hex += stringformat("%02x", hash[i]);

    return hex;
}
const char base64[]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";

unsigned long fmt_base64(char* dest,const unsigned char* src,unsigned long len) {
  register const unsigned char* s= src;
  unsigned short bits=0,temp=0;
  unsigned long written=0,i;   
  for (i=0; i<len; ++i) {      
    temp<<=8; temp+=s[i]; bits+=8;
    while (bits>6) {
      if (dest) dest[written]=base64[((temp>>(bits-6))&63)];
      ++written; bits-=6;
    }
  }  
  if (bits) {
    temp<<=(6-bits);
    if (dest) dest[written]=base64[temp&63];
    ++written;
  }
  while (written&3) { if (dest) dest[written]='='; ++written; }
  return written;
}

std::string ToBase64(const ByteVector& data)
{
#if 0
    // not using CryptBinaryToString, to be w2k compatible.
    DWORD dwSize= 0;
    if (!CryptBinaryToString(vectorptr(data), data.size(), CRYPT_STRING_BASE64, NULL, &dwSize)) {
        error("CryptBinaryToString");
        return "ERROR";
    }
    std::string str;
    str.resize(dwSize);
    if (!CryptBinaryToString(vectorptr(data), data.size(), CRYPT_STRING_BASE64, stringptr(str), &dwSize)) {
        error("CryptBinaryToString#2");
        return "ERROR";
    }
#endif
    std::string str;
    str.resize((data.size()*8)/6+1);
    int result= fmt_base64(stringptr(str), vectorptr(data), data.size());
    str.resize(result);
    return str;
}

typedef HRESULT (WINAPI *fnCeProcessConfig)(LPCWSTR pszWXMLin, DWORD dwFlags, WCHAR **presult);
fnCeProcessConfig CeProcessConfig;
HMODULE rapiModule;
bool LoadRapi()
{
    if (FAILED(CeRapiInit()))
    {
        error("CeRapiInit failed\n");
        return false;
    }


    rapiModule = LoadLibrary(TEXT("rapi.dll"));
    if (rapiModule==NULL || rapiModule==INVALID_HANDLE_VALUE) {
        error("LoadLibrary(rapi.dll)");
        return false;
    }
    CeProcessConfig= (fnCeProcessConfig)GetProcAddress(rapiModule,   (LPCSTR)0x19);
    if (CeProcessConfig==NULL) {
        error("GetProcAddress");
        return false;
    }
    return true;
}
void UnloadRapi()
{
    CeProcessConfig= NULL;
    FreeLibrary(rapiModule);
    rapiModule= NULL;

    CeRapiUninit();
}

// policy handlers
std::string pd_SetSecurityPolicy(DWORD dwPolicyId, DWORD dwValue)
{
    return stringformat("<wap-provisioningdoc> <characteristic type=\"SecurityPolicy\"> <parm name=\"%d\" value=\"%d\"/> </characteristic> </wap-provisioningdoc>", dwPolicyId, dwValue);
}
std::string pd_GetSecurityPolicy(DWORD dwPolicyId)
{
    return stringformat("<wap-provisioningdoc> <characteristic type=\"SecurityPolicy\"> <parm-query name=\"%d\"/> </characteristic> </wap-provisioningdoc>", dwPolicyId);
}
std::string pd_DeleteSecurityPolicy(DWORD dwPolicyId)
{
    return stringformat("<wap-provisioningdoc> <characteristic type=\"SecurityPolicy\"> <noparm name=\"%d\"/> </characteristic> </wap-provisioningdoc>", dwPolicyId);
}


// certificate handlers
std::string pd_LoadCertificate(const std::string& storename, DWORD dwRole, const ByteVector &certificate)
{
    std::string sha1hex_str= CalcSha1Hex(certificate);
    std::string base64_str= ToBase64(certificate);
    return stringformat("<wap-provisioningdoc> <characteristic type=\"CertificateStore\"> <characteristic type=\"%s\"> <characteristic type=\"%s\"> <parm name=\"EncodedCertificate\" value=\"%s\"/> <parm name=\"Role\" value=\"%d\"/> </characteristic> </characteristic> </characteristic> </wap-provisioningdoc>", 
            storename.c_str(), 
            sha1hex_str.c_str(), 
            base64_str.c_str(), 
            dwRole);
}
std::string pd_QueryCertificateStore(const std::string& storename)
{
    return stringformat("<wap-provisioningdoc> <characteristic type=\"CertificateStore\"> <characteristic-query type=\"%s\" /> </characteristic> </wap-provisioningdoc>", storename.c_str());
}

std::string pd_QueryCertificateStore(const std::string& storename, const std::string& certsha1)
{
    return stringformat("<wap-provisioningdoc> <characteristic type=\"CertificateStore\"> <characteristic type=\"%s\"> <characteristic-query type=\"%s\" /> </characteristic> </characteristic> </wap-provisioningdoc>", storename.c_str(), certsha1.c_str());
}
std::string pd_DeleteCertificate(const std::string& storename, const std::string& sha1hex_str)
{
    return stringformat("<wap-provisioningdoc> <characteristic type=\"CertificateStore\"> <characteristic type=\"%s\"> <nocharacteristic type=\"%s\"/> </characteristic> </characteristic> </wap-provisioningdoc>", 
            storename.c_str(), 
            sha1hex_str.c_str());
}
// registry handlers
std::string pd_DeleteRegistryValue(const std::string &key, const std::string &valname)
{
    return stringformat("<wap-provisioningdoc> <characteristic type=\"Registry\"> <characteristic type=\"%s\"  translation=\"filesystem\" > <noparm name=\"%s\" /> </characteristic> </characteristic> </wap-provisioningdoc>", key.c_str(), valname.c_str());
}
std::string pd_DeleteRegistryValues(const std::string &key, StringList::const_iterator begin, StringList::const_iterator end)
{
    std::string xml;
    for (StringList::const_iterator i=begin ; i!=end ; ++i)
        xml += stringformat("<noparm name=\"%s\" />", (*i).c_str());
    return stringformat("<wap-provisioningdoc> <characteristic type=\"Registry\"> <characteristic type=\"%s\"  translation=\"filesystem\" > %s </characteristic> </characteristic> </wap-provisioningdoc>", key.c_str(), xml.c_str());
}
std::string pd_DeleteRegistryKey(const std::string &key)
{
    return stringformat("<wap-provisioningdoc> <characteristic type=\"Registry\"> <nocharacteristic type=\"%s\" />  </characteristic> </wap-provisioningdoc>", key.c_str());
}
std::string pd_QueryRegistryValue(const std::string &key, const std::string &valname)
{
    return stringformat("<wap-provisioningdoc> <characteristic type=\"Registry\"> <characteristic type=\"%s\"  translation=\"filesystem\" > <parm-query name=\"%s\" /> </characteristic> </characteristic> </wap-provisioningdoc>", key.c_str(), valname.c_str());
}
std::string pd_QueryRegistryKey(const std::string &key)
{
    return stringformat("<wap-provisioningdoc> <characteristic type=\"Registry\"> <characteristic-query type=\"%s\" />  </characteristic> </wap-provisioningdoc>", key.c_str());
}

std::string pd_SetRegistryValue(const std::string &key, const std::string &valname, const std::string &type, const std::string &value)
{
    std::string datatype;
    if (!type.empty())
        datatype= stringformat(" datatype=\"%s\"", type.c_str());
    return stringformat("<wap-provisioningdoc> <characteristic type=\"Registry\"> <characteristic type=\"%s\"  translation=\"filesystem\" > <parm name=\"%s\" %s value=\"%s\" /> </characteristic> </characteristic> </wap-provisioningdoc>", key.c_str(), valname.c_str(), datatype.c_str(), value.c_str());
}
std::string pd_SetRegistryInteger(const std::string &key, const std::string &valname, DWORD value)
{
    return pd_SetRegistryValue(key, valname, "integer", stringformat("%d", value));
}
std::string pd_SetRegistryString(const std::string &key, const std::string &valname, const std::string &value)
{
    return pd_SetRegistryValue(key, valname, "string", value);
}
std::string pd_SetRegistryStringList(const std::string &key, const std::string &valname, const StringList &value)
{
    return pd_SetRegistryValue(key, valname, "multiplestring", JoinStringList(value, "&#xF000;")+"&#xF000;");
}

// metabase handlers
std::string pd_SetMetabaseKey(const std::string& key, DWORD rwaccess, DWORD role)
{
    return stringformat("<wap-provisioningdoc> <characteristic type=\"Metabase\"> <characteristic type=\"%s\"> <parm name=\"rw-access\" value=\"%d\" /> <parm name=\"access-role\" value=\"%d\" /> </characteristic> </characteristic> </wap-provisioningdoc>", key.c_str(), rwaccess, role);
}
std::string pd_DeleteMetabaseKey(const std::string& key)
{
    return stringformat("<wap-provisioningdoc> <characteristic type=\"Metabase\"> <nocharacteristic type=\"%s\"/> </characteristic> </wap-provisioningdoc>", key.c_str());
}
std::string pd_QueryMetabaseKey(const std::string& key)
{
    return stringformat("<wap-provisioningdoc> <characteristic type=\"Metabase\"> <characteristic-query type=\"%s\"/> </characteristic> </wap-provisioningdoc>", key.c_str());
}

// main functions
bool LoadProvisioningDoc(const std::string& xml, std::string& answer)
{
    WCHAR *reply= NULL;
    HRESULT hr = CeProcessConfig(ToWString(xml).c_str(), CFGFLAG_PROCESS, &reply);

    if (hr) {
        error(hr, "CeProcessConfig - r=%08lx ce=%08lx le=%08lx hr=%08lx\n", reply, CeGetLastError(), GetLastError(), hr);
        printf("%ls\n", reply);
        return false;
    }
    answer= ToString(reply);
    return true;
}

bool calc_cert_sha1(const std::string& certfile, std::string& sha1hex_str)
{
    if (certfile.find('.')==std::string::npos && certfile.length()==40) {
        sha1hex_str= certfile;
        return true;
    }
    ByteVector cert;
    if (!LoadFileData(certfile, cert)) {
        return false;
    }
    sha1hex_str= CalcSha1Hex(cert);
    return true;
}
void usage()
{
    printf("(C) 2003-2008 Willem jan Hengeveld  itsme@xs4all.nl\n");
    debug("Usage: prapi [-q|-d] [-p | -s | -c | -m] <params>\n");
    debug("   -q -p <policyid>                : query policy setting\n");
    debug("   -p <policyid> <policyvalue>     : set policy\n");
    debug("   -d -p <policyid>                : delete policy setting\n");

    debug("   -q -m <key>                     : query metabase key\n");
    debug("   -m <key> [-r role] [-a access]  : set metabase key\n");
    debug("   -d -m <key>                     : delete metabase key\n");

    debug("   -q <key> [<name>]               : query registry key or value\n");
    debug("   -s <key> <name> <type> <value>  : set registry key\n");
    debug("   -d <key> [<name>]               : delete registry key or value\n");

    debug("   -q -c[STORE] [file.cer]         : query certificate, whole store, or one cert\n");
    debug("   -c[STORE] [-r role] <file.cer>  : add certificate to store\n");
    debug("   -d -c[STORE] <file.cer>         : delete certificate from store\n");

    debug("Stores: codesigning: p=privileged, u=unprivileged, c=SPC/cabsigning\n");
    debug("      ssl/webserver: a=Certificate Authorities, r=root, m=my\n");
}
int main(int argc, char **argv)
{
    DebugStdOut();

    bool bPrintAnswer= false;

    bool doSetSecurityPolicy= false;
    bool doSetRegistryValue= false;
    bool doSetMetabase= false;
    bool doDelete= false;
    bool doQuery= false;
    bool doLoadCertificate= false;
    DWORD dwCertStore= 0;
    DWORD role=0;
    DWORD rwaccess=3;
    StringList args;
    for (int i=1 ; i<argc ; i++)
    {
        if (argv[i][0]=='-') switch(argv[i][1])
        {
            case 'p': doSetSecurityPolicy=true; break;
            case 'm': doSetMetabase=true; break;
            case 's': doSetRegistryValue=true; break;
            case 'd': doDelete=true; break;
            case 'q': doQuery=true; break;
            case 'r': HANDLEULOPTION(role,DWORD); break;
            case 'a': HANDLEULOPTION(rwaccess,DWORD); break;
            case 'c': doLoadCertificate=true; 
                  switch(argv[i][2]) {
                      case 'p': dwCertStore=CERTSTORE_PRIVILEGED;   break;
                      case 'u': dwCertStore=CERTSTORE_UNPRIVILEGED; break;
                      case 'c': dwCertStore=CERTSTORE_SPC;          break;
                      case 'a': dwCertStore=CERTSTORE_CA;           break;
                      case 'r': dwCertStore=CERTSTORE_ROOT;         break;
                      case 'm': dwCertStore=CERTSTORE_MY;           break;
                      default:  dwCertStore=CERTSTORE_PRIVILEGED;
                  }
                  break;
            default:
                  usage();
                  return 1;
        }
        else {
            args.push_back(argv[i]);
        }
    }

    std::string xml;
    if (doSetSecurityPolicy) {
        if (doQuery) {
            if (args.size()!=1) { usage(); return 1; }
            xml= pd_GetSecurityPolicy(strtoul(args[0].c_str(), 0, 0));
            bPrintAnswer= true;
        }
        else if (doDelete) {
            if (args.size()!=1) { usage(); return 1; }
            xml= pd_DeleteSecurityPolicy(strtoul(args[0].c_str(), 0, 0));
        }
        else {
            if (args.size()!=2) { usage(); return 1; }
            xml= pd_SetSecurityPolicy(strtoul(args[0].c_str(), 0, 0), strtoul(args[1].c_str(), 0, 0));
        }
    }
    else if (doSetMetabase) {
        if (doQuery) {
            if (args.size()!=1) { usage(); return 1; }

            xml= pd_QueryMetabaseKey(args[0]);
            bPrintAnswer= true;
        }
        else if (doDelete) {
            if (args.size()!=1) { usage(); return 1; }

            xml= pd_DeleteMetabaseKey(args[0]);
        }
        else {
            if (args.size()!=1) { usage(); return 1; }

            xml= pd_SetMetabaseKey(args[0], rwaccess, role);
        }
    }
    else if (doLoadCertificate) {
        if (doQuery) {
            if (args.size()) {
                std::string sha1hex_str;
                if (!calc_cert_sha1(args[0], sha1hex_str))
                    return 1;
                xml= pd_QueryCertificateStore(storenames[dwCertStore], sha1hex_str);
            }
            else {
                xml= pd_QueryCertificateStore(storenames[dwCertStore]);
            }
            bPrintAnswer= true;
        }
        else if (doDelete) {
            if (args.size()!=1) { usage(); return 1; }
            std::string sha1hex_str;
            if (!calc_cert_sha1(args[0], sha1hex_str))
                return 1;
            xml= pd_DeleteCertificate(storenames[dwCertStore], sha1hex_str);
        }
        else {
            if (args.size()!=1) { usage(); return 1; }
            ByteVector cert;
            if (!LoadFileData(args[0], cert)) {
                return 1;
            }
            xml= pd_LoadCertificate(storenames[dwCertStore], role, cert);
        }
    }
    else if (doQuery) {
        if (args.size()==1)
            xml= pd_QueryRegistryKey(args[0]);
        else if (args.size()==2)
            xml= pd_QueryRegistryValue(args[0], args[1]);
        else {
            usage();
            return 1;
        }
        bPrintAnswer= true;
    }
    else if (doSetRegistryValue) {
        if (args.size()!=4) { usage(); return 1; }
        xml= pd_SetRegistryValue(args[0], args[1], args[2], args[3]);
    }
    else if (doDelete) {
        if (args.size()==1)
            xml= pd_DeleteRegistryKey(args[0]);
        else if (args.size()>=2)
            xml= pd_DeleteRegistryValues(args[0], args.begin()+1, args.end());
        else {
            usage();
            return 1;
        }
    }
    else {
        usage();
        return 1;
    }

    if (!LoadRapi())
        return 1;

    if (xml.empty()) {
        printf("error - no query selected\n");
        usage();
        return 1;
    }
    std::string answer;
    if (!LoadProvisioningDoc(xml, answer)) {
        UnloadRapi();
        return 1;
    }
    if (bPrintAnswer) {
        for (size_t i=answer.find("><") ; i!=answer.npos ; i= answer.find("><", i+1))
            answer.replace(i, 2, ">\n<");

        // .. don't use debug here, it truncates at 16K
        fputs(answer.c_str(), stdout);
    }
    UnloadRapi();
    return 0;
}