#ifndef __CERT_MANAGER_H
#define __CERT_MANAGER_H

#define apps_startup() \
	do { CRYPTO_malloc_init(); \
	ERR_load_crypto_strings(); \
	OpenSSL_add_all_algorithms(); } while(0)
#define apps_shutdown() \
	do { CONF_modules_unload(1); \
	EVP_cleanup(); \
	CRYPTO_cleanup_all_ex_data(); \
	ERR_remove_state(0); \
	ERR_free_strings(); } while(0)

class CCertMng
{
public:
	typedef struct pw_cb_data
	{
		const char *password;
		const char *prompt_info;
	} PW_CB_DATA;
	typedef void (CALLBACK * LPGENERATEKEY) ( int p, int n, void * lpVoid );
	typedef int (CALLBACK * LPPASSWORD_CALLBACK) ( char * buf, int bufsiz, int verify, void * lpVoid );
	typedef int (CALLBACK * LPGET_DN_VALUE) ( const char * prompt, const char * def, char * val, int min, int max, void * lpvoid );
	typedef int (CALLBACK * LPVERIFY_CALLBACK ) ( xmlChar * pszXML, int nLen );
public:
	CCertMng ();
	
public:
	static CCertMng * Interface ()
	{
		if ( ! m_bCert_Locked )
		{
			CWLockGuard guard ( & m_Cert_Lock );
			if ( ! m_bCert_Locked )
			{
				m_pMng = new CCertMng ( );
				m_bCert_Locked = true;
			}
		}
		return m_pMng;
	}
	static void Free_Interface ()
	{
		if ( m_bCert_Locked )
		{
			CWLockGuard guard ( & m_Cert_Lock );
			if ( m_bCert_Locked )
			{
				delete m_pMng;
				m_pMng = 0;
				m_bCert_Locked = false;
			}
		}
	}
public:
	int        Initialize ( conv_tool::OPERATORS_MAP mapOpr, LPGENERATEKEY, LPPASSWORD_CALLBACK, LPGET_DN_VALUE, LPVERIFY_CALLBACK, void * );
	void       Uninitialize ();
	EVP_PKEY * Load_Key ( char * pBuf, int nLen, int fmt, int nType = FILE_TYPE );
	int        Generate_Key ( conv_tool::OPERATORS_MAP mapOpt, xmlChar ** ppszXML, int *pnLen );
	int        Generate_Req ( conv_tool::OPERATORS_MAP mapOpt, xmlChar ** ppszXML, int * pnLen );
	int        Sign_Cert ( conv_tool::OPERATORS_MAP mapOpt,  xmlChar ** ppszXML, int *pnLen );
	int        Verify_Cert ( conv_tool::OPERATORS_MAP mapOpt );
	int        IsMatch(conv_tool::OPERATORS_MAP mapOpt);
	BIO *      Bio_Read ( int in_type, const char * in, int len );
	BIO *      Bio_Write ( int out_type, const char * out );
private:
	int    Load_Config ( CONF * cnf );
	int    Add_Oid_Section ( CONF * cnf );
	int    Make_Request ( CONF * req_cnf, X509_REQ * req, EVP_PKEY *pKey, int nAttribs, unsigned long nCharset );
	int    Prompt_Info ( CONF * req_cnf, X509_REQ * req, STACK_OF(CONF_VALUE) * dn_sk, char * dn_sect, STACK_OF(CONF_VALUE) * attr_sk, char * attr_sect, int nAttribs, unsigned long nCharset );
	int    Check_End ( char * src, char * end );
	int    Add_DN_Object ( X509_NAME * x509_name, char * text, const char * def, const char * value, int nid, long n_min, long n_max, unsigned long char_set );
	int    Add_DN_Attribute ( X509_REQ * req, char * text, const char * def, const char * value, int nid, long n_min, long n_max, unsigned long char_set );
	int    Get_Section ( CONF * req_cnf, CONF_VALUE * cnf_val, const char * section, std::string & def, std::string & val, long * min, long * max );
	int    Sign_Request ( CONF * req_cnf, X509 * x509, X509_REQ * req, EVP_PKEY *pKey, const char * ext, ASN1_INTEGER * serial, int days, const EVP_MD * digest);
	int    Verify_Request ( X509_REQ * req, EVP_PKEY * pKey );
	int    Out_Request ( X509 * x509, X509_REQ * req, int out_type, const char *out, bool is_x509, bool is_pub_key, int out_fmt, xmlChar ** ppszXML, int * pnLen );
	X509 * Load_Cert ( int in_type, const char *in, int format );
	X509_REQ * Load_Request ( int in_type, const char * in );
	ASN1_INTEGER * X509_Load_Serial ( const char * cafile, const char * snfile, bool create = true);
	int    Out_Pubkey ( X509_REQ * req, BIO * out );
	int    Out_X509 ( X509 * x, int out_type, const char * outfile, int outfmt, xmlChar ** ppszXML, int * pnLen );
	X509 * Request2X509 ( X509_REQ * req, ASN1_INTEGER * sn, long days );
	int    x509_Sign ( X509_STORE * ctx, const char * cafile, const EVP_MD * digest,
		X509 * x, X509 * xca, EVP_PKEY * pKey, const char * serial, bool create_sn, long days,
		CONF * conf, const char * ext_section, ASN1_INTEGER * sn );
	int   CA_Sign ( X509 * x, X509 * xca, EVP_PKEY * pKey, ASN1_INTEGER * ai, long days, const EVP_MD * digest, CONF * conf, const char * extsection );
	STACK_OF ( X509 ) * Load_UnTrusted ( const char * certfile );
	int Check_Cert ( X509_STORE * ctx, const char * certfile, int type, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int vFlag = X509_V_FLAG_IGNORE_CRITICAL );
	int Get_BioStr ( BIO * bio_out, std::string & sout, int * pnLen );
private:
	static void MS_CALLBACK Process_Key ( int p, int n, void * lpVoid );
	static int  password_callback ( char * buf, int bufsiz, int verify, void *);
	static int  verify_callback ( int ok, X509_STORE_CTX * ctx );
private:
	std::string            m_szRandFile, m_szConfFile;
	void  *                m_pVoid;
	LPGENERATEKEY          m_lpfnGenKey;
	LPPASSWORD_CALLBACK    m_lpfnPass_Callback;
	LPGET_DN_VALUE         m_lpfnGet_Dn_Value;
	LPVERIFY_CALLBACK      m_lpfnVerify_Callback;
private:
	static CCertMng * m_pMng;
	static CRWLock m_Cert_Lock;
	static volatile bool m_bCert_Locked;
};

#endif