#include <stdio.h>
#include <stdint.h>
#include <stdbool.h>
#include <string.h>
#include <err.h>
#include <openssl/x509.h>

int main(int argc, char **argv)
{
    uint32_t *serial;
    uint32_t desired;
    X509 *cert;

    OpenSSL_add_all_algorithms();
    ERR_load_crypto_strings();

    if (argc != 2) {
        errx(EXIT_FAILURE, "usage: %s <desired 32bit hash> < template.der", *argv);
    }

    desired = strtoul(argv[1], NULL, 0);
    cert    = d2i_X509_fp(stdin, NULL);

    if (!cert)
        errx(EXIT_FAILURE, "failed to parse template certificate");
    }

    // Verify the serialNumber is big enough.
    if (cert->cert_info->serialNumber->length < sizeof(uint32_t)) {
        errx(EXIT_FAILURE, "serialNumber is too short to bruteforce");
    }

    // Fetch pointer to serialNumber bytes.
    serial = (uint32_t *) cert->cert_info->serialNumber->data;

    // Keep hashing until we find a match.
    while ((uint32_t) X509_issuer_and_serial_hash(cert) != desired) {
        ++*serial;
    }

    fprintf(stdout, "serial %u matches hash %#lx\n",
                    ntohl(*serial),
                    X509_issuer_and_serial_hash(cert));


    X509_free(cert);
    return 0;
}