// demo0.cpp : Defines the entry point for the console application.
//

#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <stdexcept>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <inttypes.h>
#include <fcntl.h>
#include <errno.h>
#include <poll.h>
#include <string.h>
#include <unistd.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <gcrypt.h>

#define SA struct sockaddr
#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
#define MAX_BUF 1024
#define SERVER "200.61.250.16"
#define PORT 5556 
#define MSG "GET / HTTP/1.0\r\n\r\n"

void DisplayError(); 


#define CAFILE "ttcert.pem"


gnutls_certificate_credentials_t x509_cred;
gnutls_x509_crt_t crt;
gnutls_x509_privkey_t key;

int buildClientSocket(const char* szIpAddress_,int nPort_)
{
    struct sockaddr_in sin;	
    int addr;

    memset(&sin, 0, sizeof(sin));    

    sin.sin_family = AF_INET;    
        addr = inet_addr(szIpAddress_);
        if (addr == -1 )    	
        {	     
            return -1;//invalid ip address
        }        
        else        
        {        	
            sin.sin_addr.s_addr = addr;        
        }            
    
    sin.sin_port = htons((u_short)nPort_);

	int fd = socket(AF_INET, SOCK_STREAM, 0);  
	if (fd < 0) {
        return -1;
    }

    /* Connect the socket to other module*/
	if (connect(fd, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
		close(fd);
		return -1;
    }
 	return fd;	 
}


gnutls_priority_t priority_cache;
static gnutls_session_t initialize_tls_session (void)
{
gnutls_session_t session;
gnutls_init (&session, GNUTLS_SERVER);
gnutls_priority_set (session, priority_cache);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
/* request client certificate if any.
*/
gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
/* Set maximum compatibility mode. This is only suggested on public webservers
* that need to trade security for compatibility
*/
gnutls_session_enable_compatibility_mode (session);
return session;
}

void print_info (gnutls_session_t session)
{
const char *tmp;
gnutls_credentials_type_t cred;
gnutls_kx_algorithm_t kx;
/* print the key exchange¡¯s algorithm name
*/
kx = gnutls_kx_get (session);
tmp = gnutls_kx_get_name (kx);
printf ("- Key Exchange: %s\n", tmp);
/* Check the authentication type used and switch
* to the appropriate.
*/
cred = gnutls_auth_get_type (session);
switch (cred)
{
case GNUTLS_CRD_IA:
printf ("- TLS/IA session\n");
break;
#ifdef ENABLE_SRP
case GNUTLS_CRD_SRP:
printf ("- SRP session with username %s\n",
gnutls_srp_server_get_username (session));
break;
#endif
case GNUTLS_CRD_PSK:
/* This returns NULL in server side.
*/
if (gnutls_psk_client_get_hint (session) != NULL)
printf ("- PSK authentication. PSK hint ¡¯%s¡¯\n",
gnutls_psk_client_get_hint (session));
/* This returns NULL in client side.
*/
if (gnutls_psk_server_get_username (session) != NULL)
printf ("- PSK authentication. Connected as ¡¯%s¡¯\n",
gnutls_psk_server_get_username (session));
break;
case GNUTLS_CRD_ANON: /* anonymous authentication */
printf ("- Anonymous DH using prime of %d bits\n",
gnutls_dh_get_prime_bits (session));
break;
case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */
/* Check if we have been using ephemeral Diffie-Hellman.
*/
if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
{
printf ("\n- Ephemeral DH using prime of %d bits\n",
gnutls_dh_get_prime_bits (session));
}
/* if the certificate list is available, then
* print some information about it.
*/
//print_x509_certificate_info (session);
} /* switch */
/* print the protocol¡¯s name (ie TLS 1.0)
*/
tmp = gnutls_protocol_get_name (gnutls_protocol_get_version (session));
printf ("- Protocol: %s\n", tmp);
/* print the certificate type of the peer.
* ie X.509
*/
tmp =
gnutls_certificate_type_get_name (gnutls_certificate_type_get (session));
printf ("- Certificate Type: %s\n", tmp);
/* print the compression algorithm (if any)
*/
tmp = gnutls_compression_get_name (gnutls_compression_get (session));
printf ("- Compression: %s\n", tmp);
/* print the name of the cipher used.
* ie 3DES.
*/
tmp = gnutls_cipher_get_name (gnutls_cipher_get (session));
printf ("- Cipher: %s\n", tmp);
/* Print the MAC algorithms name.
* ie SHA1
*/
tmp = gnutls_mac_get_name (gnutls_mac_get (session));
printf ("- MAC: %s\n", tmp);
return;
}


int main(int argc, char* argv[])
{
	int ret, sd, ii;
	gnutls_session_t session;
	char buffer[MAX_BUF + 1];
	const char *err;
	gnutls_certificate_credentials_t xcred;
	
	gnutls_global_init ();
	
	gnutls_certificate_allocate_credentials (&xcred);
	gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);

    for(int i=0;i<1;i++)
    {
	gnutls_init (&session, GNUTLS_CLIENT);
	
	ret = gnutls_priority_set_direct (session, "NONE:+VERS-TLS1.2:+AES-256-CBC:+RSA:+SHA256:+COMP-NULL", &err);
	//ret = gnutls_priority_set_direct (session, "NORMAL", &err);
	if (ret < 0)
	{
		if (ret == GNUTLS_E_INVALID_REQUEST)
		{
			fprintf (stderr, "Syntax error at: %s\n", err);
		}
		exit (1);
	}
        gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
	sd = buildClientSocket(SERVER,PORT);
	gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
	ret = gnutls_handshake (session);
	if (ret < 0)
	{
		fprintf (stderr, "*** Handshake failed\n");
		gnutls_perror (ret);
		goto end;
	}	
	else
	{
		printf ("- Handshake was completed\n");
		print_info(session);
	}
	gnutls_record_send (session, MSG, strlen (MSG));
	ret = gnutls_record_recv (session, buffer, MAX_BUF);
	if (ret == 0)
	{
		printf ("- Peer has closed the TLS connection\n");
		goto end;
	}
	else if (ret < 0)
	{
		fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
		goto end;
	}
	printf ("- Received %d bytes: ",ret);
	for (ii = 0; ii < ret; ii++)
	{
		fputc (buffer[ii], stdout);
	}
	gnutls_bye (session, GNUTLS_SHUT_RDWR);	
end:
	close(sd);
	gnutls_deinit (session);
     }
     printf("end of test!\n");
     gnutls_certificate_free_credentials (xcred);
     gnutls_global_deinit ();	
     return 0;
}