/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */

/*

 * Copyright © 2011 – 2017 Red Hat, Inc.

 *

 * This library is free software; you can redistribute it and/or

 * modify it under the terms of the GNU Lesser General Public

 * License as published by the Free Software Foundation; either

 * version 2 of the License, or (at your option) any later version.

 *

 * This library is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

 * Lesser General Public License for more details.

 *

 * You should have received a copy of the GNU Lesser General

 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.

 */

#include "config.h"

#include <glib/gi18n-lib.h>

#include "goamailclient.h"

#include "goautils.h"

/* The timeout used for non-IDLE commands */

#define COMMAND_TIMEOUT_SEC 30

struct _GoaMailClient

{

  /*< private >*/

  GObject parent_instance;

};

typedef struct _GoaMailClientClass GoaMailClientClass;

struct _GoaMailClientClass

{

  GObjectClass parent_class;

};

G_DEFINE_TYPE (GoaMailClient, goa_mail_client, G_TYPE_OBJECT);

/* ---------------------------------------------------------------------------------------------------- */

static void

goa_mail_client_init (GoaMailClient *self)

{

}

static void

goa_mail_client_class_init (GoaMailClientClass *klass)

{

}

/* ---------------------------------------------------------------------------------------------------- */

GoaMailClient *

goa_mail_client_new (void)

{

  return GOA_MAIL_CLIENT (g_object_new (GOA_TYPE_MAIL_CLIENT, NULL));

}

/* ---------------------------------------------------------------------------------------------------- */

typedef struct

{

  GDataInputStream *input;

  GDataOutputStream *output;

  GIOStream *tls_conn;

  GSocket *socket;

  GSocketClient *sc;

  GSocketConnection *conn;

  GTlsCertificateFlags cert_flags;

  GoaMailAuth *auth;

  GoaTlsType tls_type;

  gboolean accept_ssl_errors;

  gchar *host_and_port;

  guint16 default_port;

} CheckData;

static void

mail_client_check_data_free (CheckData *data)

{

  g_object_unref (data->sc);

  g_object_unref (data->auth);

  g_clear_object (&data->input);

  g_clear_object (&data->output);

  g_clear_object (&data->socket);

  g_clear_object (&data->conn);

  g_clear_object (&data->tls_conn);

  g_free (data->host_and_port);

  g_slice_free (CheckData, data);

}

static gboolean

mail_client_check_accept_certificate_cb (GTlsConnection *conn,

                                         GTlsCertificate *peer_cert,

                                         GTlsCertificateFlags errors,

                                         gpointer user_data)

{

  CheckData *data = user_data;

  /* Fail the connection if the certificate is invalid. */

  data->cert_flags = errors;

  return FALSE;

}

static void

mail_client_check_event_cb (GSocketClient *sc,

                            GSocketClientEvent event,

                            GSocketConnectable *connectable,

                            GIOStream *connection,

                            gpointer user_data)

{

  CheckData *data = user_data;

  if (event != G_SOCKET_CLIENT_TLS_HANDSHAKING)

    return;

  data->tls_conn = g_object_ref (connection);

  if (data->accept_ssl_errors)

    g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (data->tls_conn), 0);

  g_signal_connect (data->tls_conn,

                    "accept-certificate",

                    G_CALLBACK (mail_client_check_accept_certificate_cb),

                    data);

}

static void

mail_client_check_auth_run_cb (GObject *source_object, GAsyncResult *res, gpointer user_data)

{

  GTask *task = G_TASK (user_data);

  CheckData *data;

  GError *error;

  data = g_task_get_task_data (task);

  error = NULL;

  if (!goa_mail_auth_run_finish (data->auth, res, &error))

    {

      g_warning ("goa_mail_auth_run() failed: %s (%s, %d)",

                 error->message,

                 g_quark_to_string (error->domain),

                 error->code);

      g_task_return_error (task, error);

      goto out;

    }

  g_io_stream_close (G_IO_STREAM (data->conn), NULL, NULL);

  g_task_return_boolean (task, TRUE);

 out:

  g_object_unref (G_OBJECT (task));

}

static void

mail_client_check_tls_conn_handshake_cb (GObject *source_object, GAsyncResult *res, gpointer user_data)

{

  GTask *task = G_TASK (user_data);

  CheckData *data;

  GCancellable *cancellable;

  GDataInputStream *input;

  GDataOutputStream *output;

  GInputStream *base_input;

  GError *error;

  GOutputStream *base_output;

  input = NULL;

  output = NULL;

  cancellable = g_task_get_cancellable (task);

  data = g_task_get_task_data (task);

  error = NULL;

  if (!g_tls_connection_handshake_finish (G_TLS_CONNECTION (data->tls_conn), res, &error))

    {

      g_warning ("g_tls_connection_handshake() failed: %s (%s, %d)",

                 error->message,

                 g_quark_to_string (error->domain),

                 error->code);

      /* GIO sets G_TLS_ERROR_BAD_CERTIFICATE when it should be

       * setting G_TLS_ERROR_HANDSHAKE. Hence, lets check the

       * GTlsCertificate flags to accommodate future GIO fixes.

       */

      if (data->cert_flags != 0)

        {

          GError *tls_error;

          tls_error = NULL;

          goa_utils_set_error_ssl (&tls_error, data->cert_flags);

          g_task_return_error (task, tls_error);

          g_error_free (error);

        }

      else

        {

          error->domain = GOA_ERROR;

          error->code = GOA_ERROR_FAILED; /* TODO: more specific */

          g_task_return_error (task, error);

        }

      goto out;

    }

  g_clear_object (&data->conn);

  data->conn = g_tcp_wrapper_connection_new (data->tls_conn, data->socket);

  base_input = g_io_stream_get_input_stream (G_IO_STREAM (data->conn));

  input = g_data_input_stream_new (base_input);

  g_filter_input_stream_set_close_base_stream (G_FILTER_INPUT_STREAM (input), FALSE);

  g_data_input_stream_set_newline_type (input, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);

  goa_mail_auth_set_input (data->auth, input);

  base_output = g_io_stream_get_output_stream (G_IO_STREAM (data->conn));

  output = g_data_output_stream_new (base_output);

  g_filter_output_stream_set_close_base_stream (G_FILTER_OUTPUT_STREAM (output), FALSE);

  goa_mail_auth_set_output (data->auth, output);

  goa_mail_auth_run (data->auth, cancellable, mail_client_check_auth_run_cb, g_object_ref (task));

 out:

  g_clear_object (&input);

  g_clear_object (&output);

  g_object_unref (G_OBJECT (task));

}

static void

mail_client_check_auth_starttls_cb (GObject *source_object, GAsyncResult *res, gpointer user_data)

{

  GTask *task = G_TASK (user_data);

  CheckData *data;

  GCancellable *cancellable;

  GSocketConnectable *server_identity;

  GError *error;

  server_identity = NULL;

  cancellable = g_task_get_cancellable (task);

  data = g_task_get_task_data (task);

  error = NULL;

  if (!goa_mail_auth_starttls_finish (data->auth, res, &error))

    {

      g_warning ("goa_mail_auth_starttls() failed: %s (%s, %d)",

                 error->message,

                 g_quark_to_string (error->domain),

                 error->code);

      g_task_return_error (task, error);

      goto out;

    }

  error = NULL;

  server_identity = g_network_address_parse (data->host_and_port, data->default_port, &error);

  if (server_identity == NULL)

    {

      g_task_return_error (task, error);

      goto out;

    }

  error = NULL;

  data->tls_conn = g_tls_client_connection_new (G_IO_STREAM (data->conn), server_identity, &error);

  if (data->tls_conn == NULL)

    {

      g_task_return_error (task, error);

      goto out;

    }

  if (data->accept_ssl_errors)

    g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (data->tls_conn), 0);

  g_signal_connect (data->tls_conn,

                    "accept-certificate",

                    G_CALLBACK (mail_client_check_accept_certificate_cb),

                    data);

  g_tls_connection_handshake_async (G_TLS_CONNECTION (data->tls_conn),

                                    G_PRIORITY_DEFAULT,

                                    cancellable,

                                    mail_client_check_tls_conn_handshake_cb,

                                    g_object_ref (task));

 out:

  g_clear_object (&server_identity);

  g_object_unref (G_OBJECT (task));

}

static void

mail_client_check_connect_cb (GObject *source_object, GAsyncResult *res, gpointer user_data)

{

  GTask *task = G_TASK (user_data);

  CheckData *data;

  GCancellable *cancellable;

  GDataInputStream *input;

  GDataOutputStream *output;

  GInputStream *base_input;

  GError *error;

  GOutputStream *base_output;

  cancellable = g_task_get_cancellable (task);

  data = g_task_get_task_data (task);

  error = NULL;

  data->conn = g_socket_client_connect_to_host_finish (data->sc, res, &error);

  if (data->conn == NULL)

    {

      g_warning ("g_socket_client_connect_to_host() failed: %s (%s, %d)",

                 error->message,

                 g_quark_to_string (error->domain),

                 error->code);

      /* GIO sets G_TLS_ERROR_BAD_CERTIFICATE when it should be

       * setting G_TLS_ERROR_HANDSHAKE. Hence, lets check the

       * GTlsCertificate flags to accommodate future GIO fixes.

       */

      if (data->cert_flags != 0)

        {

          GError *tls_error;

          tls_error = NULL;

          goa_utils_set_error_ssl (&tls_error, data->cert_flags);

          g_task_return_error (task, tls_error);

          g_error_free (error);

        }

      else

        {

          error->domain = GOA_ERROR;

          error->code = GOA_ERROR_FAILED; /* TODO: more specific */

          g_task_return_error (task, error);

        }

      goto out;

    }

  /* fail quickly */

  data->socket = g_object_ref (g_socket_connection_get_socket (data->conn));

  g_socket_set_timeout (data->socket, COMMAND_TIMEOUT_SEC);

  base_input = g_io_stream_get_input_stream (G_IO_STREAM (data->conn));

  input = g_data_input_stream_new (base_input);

  g_filter_input_stream_set_close_base_stream (G_FILTER_INPUT_STREAM (input), FALSE);

  g_data_input_stream_set_newline_type (input, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);

  goa_mail_auth_set_input (data->auth, input);

  g_object_unref (input);

  base_output = g_io_stream_get_output_stream (G_IO_STREAM (data->conn));

  output = g_data_output_stream_new (base_output);

  g_filter_output_stream_set_close_base_stream (G_FILTER_OUTPUT_STREAM (output), FALSE);

  goa_mail_auth_set_output (data->auth, output);

  g_object_unref (output);

  if (data->tls_type == GOA_TLS_TYPE_STARTTLS)

    goa_mail_auth_starttls (data->auth, cancellable, mail_client_check_auth_starttls_cb, g_object_ref (task));

  else

    goa_mail_auth_run (data->auth, cancellable, mail_client_check_auth_run_cb, g_object_ref (task));

 out:

  g_object_unref (G_OBJECT (task));

}

void

goa_mail_client_check (GoaMailClient       *self,

                       const gchar         *host_and_port,

                       GoaTlsType           tls_type,

                       gboolean             accept_ssl_errors,

                       guint16              default_port,

                       GoaMailAuth         *auth,

                       GCancellable        *cancellable,

                       GAsyncReadyCallback  callback,

                       gpointer             user_data)

{

  CheckData *data;

  GTask *task;

  g_return_if_fail (GOA_IS_MAIL_CLIENT (self));

  g_return_if_fail (host_and_port != NULL && host_and_port[0] != '\0');

  g_return_if_fail (GOA_IS_MAIL_AUTH (auth));

  g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));

  task = g_task_new (self, cancellable, callback, user_data);

  g_task_set_source_tag (task, goa_mail_client_check);

  data = g_slice_new0 (CheckData);

  g_task_set_task_data (task, data, (GDestroyNotify) mail_client_check_data_free);

  data->sc = g_socket_client_new ();

  if (tls_type == GOA_TLS_TYPE_SSL)

    {

      g_socket_client_set_tls (data->sc, TRUE);

      g_signal_connect (data->sc, "event", G_CALLBACK (mail_client_check_event_cb), data);

    }

  data->host_and_port = g_strdup (host_and_port);

  data->tls_type = tls_type;

  data->accept_ssl_errors = accept_ssl_errors;

  data->default_port = default_port;

  data->auth = g_object_ref (auth);

  g_socket_client_connect_to_host_async (data->sc,

                                         data->host_and_port,

                                         data->default_port,

                                         cancellable,

                                         mail_client_check_connect_cb,

                                         g_object_ref (task));

  g_object_unref (task);

}

gboolean

goa_mail_client_check_finish (GoaMailClient *self, GAsyncResult *res, GError **error)

{

  GTask *task;

  g_return_val_if_fail (GOA_IS_MAIL_CLIENT (self), FALSE);

  g_return_val_if_fail (error == NULL || *error == NULL, FALSE);

  g_return_val_if_fail (g_task_is_valid (res, self), FALSE);

  task = G_TASK (res);

  g_return_val_if_fail (g_task_get_source_tag (task) == goa_mail_client_check, FALSE);

  return g_task_propagate_boolean (task, error);

}

/* ---------------------------------------------------------------------------------------------------- */

typedef struct

{

  GError **error;

  GMainLoop *loop;

  gboolean op_res;

} CheckSyncData;

static void

mail_client_check_sync_cb (GObject *source_object, GAsyncResult *res, gpointer user_data)

{

  CheckSyncData *data = user_data;

  data->op_res = goa_mail_client_check_finish (GOA_MAIL_CLIENT (source_object), res, data->error);

  g_main_loop_quit (data->loop);

}

gboolean

goa_mail_client_check_sync (GoaMailClient  *self,

                            const gchar    *host_and_port,

                            GoaTlsType      tls_type,

                            gboolean        accept_ssl_errors,

                            guint16         default_port,

                            GoaMailAuth    *auth,

                            GCancellable   *cancellable,

                            GError        **error)

{

  CheckSyncData data;

  GMainContext *context = NULL;

  data.error = error;

  context = g_main_context_new ();

  g_main_context_push_thread_default (context);

  data.loop = g_main_loop_new (context, FALSE);

  goa_mail_client_check (self,

                         host_and_port,

                         tls_type,

                         accept_ssl_errors,

                         default_port,

                         auth,

                         cancellable,

                         mail_client_check_sync_cb,

                         &data);

  g_main_loop_run (data.loop);

  g_main_loop_unref (data.loop);

  g_main_context_pop_thread_default (context);

  g_main_context_unref (context);

  return data.op_res;

}