//Wrap an existing listener + crypto config and return a new TLS enabled listener.
func NewListener(inner net.Listener, config *tls.Config) (net.Listener, error) {
	l := new(gossl.Listener)
	l.Listener = inner
	//FIXME hardcoded in method
	l.Context = gossl.NewContext(gossl.SSLv23Method())
	if l.Context == nil {
		msg := sslerr.SSLErrorMessage().String()
		return nil, errors.New("problem creating ssl context:\n" + msg)
	}
	//set certificates
	//grab the private key
	Kr := config.Certificates[0].PrivateKey
	private_key_der, err := extractDERKey(Kr)
	private_key, err := evp.LoadPrivateKeyDER(private_key_der)
	if err != nil {
		return nil, err
	}
	//set the private key into the context
	err = l.Context.UsePrivateKey(private_key)
	if err != nil {
		return nil, errors.New("problem loading key " + sslerr.SSLErrorMessage().String())
	}
	cert, err := x509.ParseCertificate(config.Certificates[0].Certificate[0])
	if err != nil {
		return nil, err
	}
	err = l.Context.UseCertificate(cert)
	if err != nil {
		return nil, errors.New("problem loading key " + sslerr.SSLErrorMessage().String())
	}
	return l, nil
}

func (self *Context) UseCertificate(cert *Certificate) error {

	if int(C.SSL_CTX_use_certificate(self.Ctx, (*C.X509)(unsafe.Pointer(cert.X509)))) != 1 {
		return errors.New("problem loading cert " + sslerr.SSLErrorMessage())
	}
	return nil
}

func (self *Context) UseCertificateFile(file string, filetype FileType) error {
	ret := int(C.SSL_CTX_use_certificate_file(self.Ctx,
		C.CString(file), C.int(filetype)))
	if ret != 1 {
		return errors.New(sslerr.SSLErrorMessage().String())
	}
	return nil
}

func (self *Context) UseCertificateChainFile(file string) error {
	ret := int(C.SSL_CTX_use_certificate_chain_file(self.Ctx,
		C.CString(file)))
	if ret != 1 {
		return errors.New(sslerr.SSLErrorMessage())
	}
	return nil
}

func (self *Context) UsePrivateKeyFile(file string, filetype int) error {
	ret := int(C.SSL_CTX_use_PrivateKey_file(self.Ctx,
		C.CString(file), C.int(filetype)))
	if ret != 1 {
		return errors.New(sslerr.SSLErrorMessage())
	}
	return nil

}

func newCurve(nid C.int) *C.EC_GROUP {
	if !availableCurves[nid] {
		return nil
	}
	curve := C.EC_GROUP_new_by_curve_name(nid)
	if curve == nil {
		panic("problem creating ec: " + sslerr.SSLErrorMessage().String())
	}
	return curve
}

//Helper function that calls encoding/pem to convert DER to PEM
func ParseCertificatePEM(pemData []byte) (*Certificate, error) {
	length := C.int(len(pemData))
	buffer := unsafe.Pointer(&pemData[0])
	bio := C.BIO_new_mem_buf(buffer, length)
	cert := C.PEM_read_bio_X509(bio, nil, nil, nil)
	if cert == nil {
		return nil, errors.New("problem loading certificate" + sslerr.SSLErrorMessage().String())
	}
	return &Certificate{x509: cert}, nil

}

func LoadPrivateKeyDER(buf []byte) (*PKey, error) {
	bio := C.BIO_new_mem_buf(unsafe.Pointer(&buf[0]), C.int(len(buf)))
	if bio == nil {
		return nil, errors.New("problem converting der key to openssl key")
	}

	pkey := C.d2i_PrivateKey_bio(bio, nil)
	if pkey == nil {
		return nil, errors.New(sslerr.SSLErrorMessage())
	}
	return &PKey{PKey: pkey}, nil
}

//Helper function to load a private key from it's bytes
func LoadPrivateKeyPEM(buf []byte) (*PKey, error) {
	bio := C.BIO_new_mem_buf(unsafe.Pointer(&buf[0]), C.int(len(buf)))
	if bio == nil {
		return nil, errors.New("problem converting der key to openssl key")
	}

	pkey := C.PEM_read_bio_PrivateKey(bio, nil, nil, nil)
	if pkey == nil {
		return nil, errors.New("Problem reading key:" + sslerr.SSLErrorMessage().String())
	}
	return &PKey{PKey: pkey}, nil
}

// ParseDERCRL parses a DER encoded CRL from the given bytes.
func ParseDERCRL(derBytes []byte) (certList *pkix.CertificateList, err error) {
	var (
		crl  *C.X509_CRL
		buf  = unsafe.Pointer(&derBytes[0])
		blen = C.int(len(derBytes))
		bio  = C.BIO_new_mem_buf(buf, blen)
	)
	crl = C.d2i_X509_CRL_bio(bio, nil)
	if crl == nil {
		return nil, errors.New("error parsing der data: " + sslerr.SSLErrorMessage().String())
	}
	// use crl
	return &pkix.CertificateList{}, nil
}

func (r *reader) Read(p []byte) (n int, err error) {
	var (
		p_len          = len(p)
		buf   *C.uchar = (*C.uchar)(C.malloc(C.size_t(p_len)))
	)
	defer C.free(unsafe.Pointer(buf))

	if C.RAND_bytes(buf, C.int(p_len)) == 1 {
		copy(p, C.GoBytes(unsafe.Pointer(buf), C.int(p_len)))
		return len(p), nil
	}
	//return 0, errors.New("farts") // TODO read the error from SSL
	return 0, errors.New(sslerr.SSLErrorMessage())
}

//Import an OpenSSL X509 certificate from a DER buffer
func ParseCertificate(asn1Data []byte) (*Certificate, error) {
	//with credit to exarkun and pyopenssl's crypto.c
	//you're my inspiration!
	length := C.int(len(asn1Data))
	buffer := unsafe.Pointer(&asn1Data[0])
	bio := C.BIO_new_mem_buf(buffer, length)
	sslCert := C.d2i_X509_bio(bio, nil)
	if sslCert == nil {
		return nil, errors.New("problem loading cert" + sslerr.SSLErrorMessage().String())
	}
	cert := new(Certificate)
	cert.X509 = sslCert
	return cert, nil
}

func (self *PKey) DumpPEM() ([]byte, error) {
	bio := C.BIO_new(C.BIO_s_mem())
	defer C.BIO_free(bio)
	if bio == nil {
		return nil, errors.New("problem converting pem key to openssl key")
	}
	ret := C.PEM_write_bio_PrivateKey(bio, self.PKey, nil, nil, 0, nil, nil)
	if int(ret) == 0 {
		return nil, errors.New(sslerr.SSLErrorMessage())
	}
	var temp *C.char
	buf_len := C.BIO_ctrl(bio, C.BIO_CTRL_INFO, C.long(0), unsafe.Pointer(&temp))
	buffer := C.GoBytes(unsafe.Pointer(temp), C.int(buf_len))
	return buffer, nil
}

func (self *SSL) getError(ret C.int) error {
	err := C.SSL_get_error(self.SSL, ret)
	switch err {
	case C.SSL_ERROR_NONE:
	case C.SSL_ERROR_ZERO_RETURN:
		return nil
	case C.SSL_ERROR_SYSCALL:
		if int(C.ERR_peek_error()) != 0 {
			return syscall.Errno(C.get_errno())
		}

	default:
		msg := sslerr.SSLErrorMessage()
		return errors.New(msg)
	}
	return nil
}

// ParseCertificate parses a single certificate from the given ASN.1 DER data.
func ParseCertificate(asn1Data []byte) (*Certificate, error) {
	var (
		c       *C.X509
		dlen    = C.long(len(asn1Data))
		buf     = (*C.uchar)(&asn1Data[0])
		counter = C.long(0)
	)
	c = C.d2i_X509_with_counter(&buf, dlen, &counter)
	if c == nil {
		return nil, errors.New("error parsing der data: " + sslerr.SSLErrorMessage().String())
	}
	cert, err := getCertificate(asn1Data[:counter], c)
	if err != nil {
		return nil, err
	}
	return cert, nil
}

// ParseCertificates parses one or more certificates from the given ASN.1 DER
// data. The certificates must be concatenated with no intermediate padding.
func ParseCertificates(asn1Data []byte) ([]*Certificate, error) {
	var (
		cs      []*Certificate
		dlen    = C.long(len(asn1Data))
		buf     = (*C.uchar)(&asn1Data[0])
		counter = C.long(0)
		prev    int
	)
	for counter < dlen {
		c := C.d2i_X509_with_counter(&buf, dlen, &counter)
		if c == nil {
			return nil, errors.New("error parsing der data: " + sslerr.SSLErrorMessage().String())
		}
		cert, err := getCertificate(asn1Data[prev:counter], c)
		if err != nil {
			return nil, err
		}
		cs = append(cs, cert)
		prev = int(counter)
	}
	return cs, nil
}

func buildCurveParams(curve *C.EC_GROUP) *elliptic.CurveParams {
	cp := &elliptic.CurveParams{}
	// handle go < 1.5
	// Name wasn't in CurveParams before
	elem := reflect.ValueOf(cp).Elem()
	f := elem.FieldByName("Name")
	if f.IsValid() {
		f.SetString(getCurveName(curve))
	}
	cp.BitSize = getCurveBitSize(curve)

	p := C.BN_new()
	if p == nil {
		panic(sslerr.SSLErrorMessage().String())
	}
	defer C.BN_free(p)
	a := C.BN_new()
	if a == nil {
		panic(sslerr.SSLErrorMessage().String())
	}
	defer C.BN_free(a)
	b := C.BN_new()
	if b == nil {
		panic(sslerr.SSLErrorMessage().String())
	}
	defer C.BN_free(b)

	if C.EC_GROUP_get_curve_GFp(curve, p, a, b, nil) != 1 {
		panic(sslerr.SSLErrorMessage().String())
	}
	if p == nil || a == nil || b == nil {
		panic("something went wrong getting GFp params")
	}
	cp.P, _ = new(big.Int).SetString(C.GoString(C.BN_bn2dec(p)), 10)
	cp.N, _ = new(big.Int).SetString(C.GoString(C.BN_bn2dec(a)), 10)
	cp.B, _ = new(big.Int).SetString(C.GoString(C.BN_bn2hex(b)), 16)

	generator := C.EC_GROUP_get0_generator(curve)
	if generator == nil {
		panic("generator cannot be nil")
	}
	x := C.BN_new()
	if x == nil {
		panic(sslerr.SSLErrorMessage().String())
	}
	defer C.BN_free(x)
	y := C.BN_new()
	if y == nil {
		panic(sslerr.SSLErrorMessage().String())
	}
	defer C.BN_free(y)
	if C.EC_POINT_get_affine_coordinates_GFp(curve, generator, x, y, nil) != 1 {
		panic(sslerr.SSLErrorMessage().String())
	}
	if x == nil || y == nil {
		panic("something went wrong getting affine coordinates")
	}
	cp.Gx, _ = new(big.Int).SetString(C.GoString(C.BN_bn2hex(x)), 16)
	cp.Gy, _ = new(big.Int).SetString(C.GoString(C.BN_bn2hex(y)), 16)

	return cp
}

func (self *Context) UsePrivateKey(key *evp.PKey) error {
	if int(C.SSL_CTX_use_PrivateKey(self.Ctx, (*C.EVP_PKEY)(unsafe.Pointer(key.PKey)))) != 1 {
		return errors.New("problem loading key " + sslerr.SSLErrorMessage())
	}
	return nil
}

func (self *Context) CheckPrivateKey() error {
	if int(C.SSL_CTX_check_private_key(self.Ctx)) != 1 {
		return errors.New(sslerr.SSLErrorMessage())
	}
	return nil
}