package testsuite

import (
	"crypto/tls"
	"github.com/nemunaire/eyespot"
)

type Ciphers struct {}

func (Ciphers) GetTestDescription() string {
	return "Test the ciphers suite accepted by the remote host."
}

func (test Ciphers) Run(protocol string, host string) (map[string]eyespot.Result, error) {
	var results = map[string]eyespot.Result{}

	for _, c := range []uint16{
		tls.TLS_RSA_WITH_RC4_128_SHA,
		tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
		tls.TLS_RSA_WITH_AES_128_CBC_SHA,
		tls.TLS_RSA_WITH_AES_256_CBC_SHA,
		tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
		tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
		tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
		tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
		tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
	} {
		if r, err := cipher_test(protocol, host, c); err != nil {
			return results, err
		} else {
			var cstr string

			switch c {
			case tls.TLS_RSA_WITH_RC4_128_SHA:
				cstr = "TLS_RSA_WITH_RC4_128_SHA"
			case tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA:
				cstr = "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
			case tls.TLS_RSA_WITH_AES_128_CBC_SHA:
				cstr = "TLS_RSA_WITH_AES_128_CBC_SHA"
			case tls.TLS_RSA_WITH_AES_256_CBC_SHA:
				cstr = "TLS_RSA_WITH_AES_256_CBC_SHA"
			case tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
				cstr = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
			case tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
				cstr = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
			case tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
				cstr = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
			case tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA:
				cstr = "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
			case tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
				cstr = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
			case tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
				cstr = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
			case tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
				cstr = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
			case tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
				cstr = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
			case tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
				cstr = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
			default:
				cstr = ""
			}

			results[cstr] = eyespot.Result{r}
		}
	}

	return results, nil
}

func cipher_test(protocol string, host string, cipher uint16) (bool, error) {
	conn, err := tls.Dial(protocol, host, &tls.Config{
		CipherSuites: []uint16{cipher},
		InsecureSkipVerify: true,
	})
	if err != nil {
		return false, nil
	}
	defer conn.Close();

	return true, nil
}