/* $Id$ */
/* 
 * Copyright (C) 2008-2011 Teluu Inc. (http://www.teluu.com)
 * Copyright (C) 2003-2008 Benny Prijono <benny@prijono.org>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA 
 */
#include "auth.h"
#include <pjlib.h>


#define MAX_REALM	80
#define MAX_USERNAME	32
#define MAX_PASSWORD	32
#define MAX_NONCE	32

static char g_realm[MAX_REALM];

static struct cred_t
{
    char    username[MAX_USERNAME];
    char    passwd[MAX_PASSWORD];
} g_cred[] = 
{
    { "100", "100" },
    { "700", "700" },
    { "701", "701" }
};

#define THIS_FILE	"auth.c"
#define THE_NONCE	"pjnath"
#define LOG(expr)	PJ_LOG(3,expr)


/*
 * Initialize TURN authentication subsystem.
 */
PJ_DEF(pj_status_t) pj_turn_auth_init(const char *realm)
{
    PJ_ASSERT_RETURN(pj_ansi_strlen(realm) < MAX_REALM, PJ_ENAMETOOLONG);
    pj_ansi_strcpy(g_realm, realm);
    return PJ_SUCCESS;
}

/*
 * Shutdown TURN authentication subsystem.
 */
PJ_DEF(void) pj_turn_auth_dinit(void)
{
    /* Nothing to do */
}


/*
 * This function is called by pj_stun_verify_credential() when
 * server needs to challenge the request with 401 response.
 */
PJ_DEF(pj_status_t) pj_turn_get_auth(void *user_data,
				     pj_pool_t *pool,
				     pj_str_t *realm,
				     pj_str_t *nonce)
{
    PJ_UNUSED_ARG(user_data);
    PJ_UNUSED_ARG(pool);

    *realm = pj_str(g_realm);
    *nonce = pj_str(THE_NONCE);

    return PJ_SUCCESS;
}

/*
 * This function is called to get the password for the specified username.
 * This function is also used to check whether the username is valid.
 */
PJ_DEF(pj_status_t) pj_turn_get_password(const pj_stun_msg *msg,
					 void *user_data, 
					 const pj_str_t *realm,
					 const pj_str_t *username,
					 pj_pool_t *pool,
					 pj_stun_passwd_type *data_type,
					 pj_str_t *data)
{
    unsigned i;

    PJ_UNUSED_ARG(msg);
    PJ_UNUSED_ARG(user_data);
    PJ_UNUSED_ARG(pool);

    if (pj_stricmp2(realm, g_realm)) {
	LOG((THIS_FILE, "auth error: invalid realm '%.*s'", 
			(int)realm->slen, realm->ptr));
	return PJ_EINVAL;
    }

    for (i=0; i<PJ_ARRAY_SIZE(g_cred); ++i) {
	if (pj_stricmp2(username, g_cred[i].username) == 0) {
	    *data_type = PJ_STUN_PASSWD_PLAIN;
	    *data = pj_str(g_cred[i].passwd);
	    return PJ_SUCCESS;
	}
    }

    LOG((THIS_FILE, "auth error: user '%.*s' not found", 
		    (int)username->slen, username->ptr));
    return PJ_ENOTFOUND;
}

/*
 * This function will be called to verify that the NONCE given
 * in the message can be accepted. If this callback returns
 * PJ_FALSE, 438 (Stale Nonce) response will be created.
 */
PJ_DEF(pj_bool_t) pj_turn_verify_nonce(const pj_stun_msg *msg,
				       void *user_data,
				       const pj_str_t *realm,
				       const pj_str_t *username,
				       const pj_str_t *nonce)
{
    PJ_UNUSED_ARG(msg);
    PJ_UNUSED_ARG(user_data);
    PJ_UNUSED_ARG(realm);
    PJ_UNUSED_ARG(username);

    if (pj_stricmp2(nonce, THE_NONCE)) {
	LOG((THIS_FILE, "auth error: invalid nonce '%.*s'", 
			(int)nonce->slen, nonce->ptr));
	return PJ_FALSE;
    }

    return PJ_TRUE;
}