/* gpgme.js - Javascript integration for gpgme

 * Copyright (C) 2018 Bundesamt für Sicherheit in der Informationstechnik

 *

 * This file is part of GPGME.

 *

 * GPGME is free software; you can redistribute it and/or modify it

 * under the terms of the GNU Lesser General Public License as

 * published by the Free Software Foundation; either version 2.1 of

 * the License, or (at your option) any later version.

 *

 * GPGME is distributed in the hope that it will be useful, but

 * WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

 * Lesser General Public License for more details.

 *

 * You should have received a copy of the GNU Lesser General Public

 * License along with this program; if not, see <https://www.gnu.org/licenses/>.

 * SPDX-License-Identifier: LGPL-2.1+

 *

 * Author(s):

 *     Maximilian Krambach <mkrambach@intevation.de>

 */

import { isFingerprint, isLongId } from './Helpers';

import { gpgme_error } from './Errors';

import { createMessage } from './Message';

/**

 * Validates the given fingerprint and creates a new {@link GPGME_Key}

 * @param {String} fingerprint

 * @param {Boolean} async If True, Key properties (except fingerprint) will be

 * queried from gnupg on each call, making the operation up-to-date, the

 * answers will be Promises, and the performance will likely suffer

 * @param {Object} data additional initial properties this Key will have. Needs

 * a full object as delivered by gpgme-json

 * @returns {Object} The verified and updated data

 */

export function createKey (fingerprint, async = false, data){

    if (!isFingerprint(fingerprint) || typeof (async) !== 'boolean'){

        throw gpgme_error('PARAM_WRONG');

    }

    if (data !== undefined){

        data = validateKeyData(fingerprint, data);

    }

    if (data instanceof Error){

        throw gpgme_error('KEY_INVALID');

    } else {

        return new GPGME_Key(fingerprint, async, data);

    }

}

/**

 * Represents the Keys as stored in the gnupg backend. A key is defined by a

 * fingerprint.

 * A key cannot be directly created via the new operator, please use

 * {@link createKey} instead.

 * A GPGME_Key object allows to query almost all information defined in gpgme

 * Keys. It offers two modes, async: true/false. In async mode, Key properties

 * with the exception of the fingerprint will be queried from gnupg on each

 * call, making the operation up-to-date, the answers will be Promises, and

 * the performance will likely suffer. In Sync modes, all information except

 * for the armored Key export will be cached and can be refreshed by

 * [refreshKey]{@link GPGME_Key#refreshKey}.

 *

 * 

 * see also:

 *      {@link GPGME_UserId} user Id objects

 *      {@link GPGME_Subkey} subKey objects

 * 

 * For other Key properteis, refer to {@link validKeyProperties},

 * and to the [gpgme documentation]{@link https://www.gnupg.org/documentation/manuals/gpgme/Key-objects.html}

 * for meanings and further details.

 *

 * @class

 */

class GPGME_Key {

    constructor (fingerprint, async, data){

        /**

         * @property {Boolean} _async If true, the Key was initialized without

         * cached data

         */

        this._async = async;

        this._data = { fingerprint: fingerprint.toUpperCase() };

        if (data !== undefined

            && data.fingerprint.toUpperCase() === this._data.fingerprint

        ) {

            this._data = data;

        }

    }

    /**

     * Query any property of the Key listed in {@link validKeyProperties}

     * @param {String} property property to be retrieved

     * @returns {Boolean| String | Date | Array | Object}

     * @returns {Promise<Boolean| String | Date | Array | Object>} (if in async

     * mode)

     * 

     * Returns the value of the property requested. If the Key is set to async,

     * the value will be fetched from gnupg and resolved as a Promise. If Key

     * is not  async, the armored property is not available (it can still be

     * retrieved asynchronously by [getArmor]{@link GPGME_Key#getArmor})

     */

    get (property) {

        if (this._async === true) {

            switch (property){

            case 'armored':

                return this.getArmor();

            case 'hasSecret':

                return this.getGnupgSecretState();

            default:

                return getGnupgState(this.fingerprint, property);

            }

        } else {

            if (property === 'armored') {

                throw gpgme_error('KEY_ASYNC_ONLY');

            }

            // eslint-disable-next-line no-use-before-define

            if (!validKeyProperties.hasOwnProperty(property)){

                throw gpgme_error('PARAM_WRONG');

            } else {

                return (this._data[property]);

            }

        }

    }

    /**

     * Reloads the Key information from gnupg. This is only useful if the Key

     * use the GPGME_Keys cached. Note that this is a performance hungry

     * operation. If you desire more than a few refreshs, it may be

     * advisable to run [Keyring.getKeys]{@link Keyring#getKeys} instead.

     * @returns {Promise<GPGME_Key>}

     * @async

     */

    refreshKey () {

        let me = this;

        return new Promise(function (resolve, reject) {

            if (!me._data.fingerprint){

                reject(gpgme_error('KEY_INVALID'));

            }

            let msg = createMessage('keylist');

            msg.setParameter('sigs', true);

            msg.setParameter('keys', me._data.fingerprint);

            msg.post().then(function (result){

                if (result.keys.length === 1){

                    const newdata = validateKeyData(

                        me._data.fingerprint, result.keys[0]);

                    if (newdata instanceof Error){

                        reject(gpgme_error('KEY_INVALID'));

                    } else {

                        me._data = newdata;

                        me.getGnupgSecretState().then(function (){

                            me.getArmor().then(function (){

                                resolve(me);

                            }, function (error){

                                reject(error);

                            });

                        }, function (error){

                            reject(error);

                        });

                    }

                } else {

                    reject(gpgme_error('KEY_NOKEY'));

                }

            }, function (error) {

                reject(gpgme_error('GNUPG_ERROR'), error);

            });

        });

    }

    /**

     * Query the armored block of the Key directly from gnupg. Please note

     * that this will not get you any export of the secret/private parts of

     * a Key

     * @returns {Promise<String>}

     * @async

     */

    getArmor () {

        const me = this;

        return new Promise(function (resolve, reject) {

            if (!me._data.fingerprint){

                reject(gpgme_error('KEY_INVALID'));

            }

            let msg = createMessage('export');

            msg.setParameter('armor', true);

            msg.setParameter('keys', me._data.fingerprint);

            msg.post().then(function (result){

                resolve(result.data);

            }, function (error){

                reject(error);

            });

        });

    }

    /**

     * Find out if the Key is part of a Key pair including public and

     * private key(s). If you want this information about more than a few

     * Keys in synchronous mode, it may be advisable to run

     * [Keyring.getKeys]{@link Keyring#getKeys} instead, as it performs faster

     * in bulk querying.

     * @returns {Promise<Boolean>} True if a private Key is available in the

     * gnupg Keyring.

     * @async

     */

    getGnupgSecretState (){

        const me = this;

        return new Promise(function (resolve, reject) {

            if (!me._data.fingerprint){

                reject(gpgme_error('KEY_INVALID'));

            } else {

                let msg = createMessage('keylist');

                msg.setParameter('keys', me._data.fingerprint);

                msg.setParameter('secret', true);

                msg.post().then(function (result){

                    me._data.hasSecret = null;

                    if (

                        result.keys &&

                        result.keys.length === 1 &&

                        result.keys[0].secret === true

                    ) {

                        me._data.hasSecret = true;

                        resolve(true);

                    } else {

                        me._data.hasSecret = false;

                        resolve(false);

                    }

                }, function (error){

                    reject(error);

                });

            }

        });

    }

    /**

     * Deletes the (public) Key from the GPG Keyring. Note that a deletion

     * of a secret key is not supported by the native backend, and gnupg will

     * refuse to delete a Key if there is still a secret/private Key present

     * to that public Key

     * @returns {Promise<Boolean>} Success if key was deleted.

     */

    delete (){

        const me = this;

        return new Promise(function (resolve, reject){

            if (!me._data.fingerprint){

                reject(gpgme_error('KEY_INVALID'));

            }

            let msg = createMessage('delete');

            msg.setParameter('key', me._data.fingerprint);

            msg.post().then(function (result){

                resolve(result.success);

            }, function (error){

                reject(error);

            });

        });

    }

    /**

     * @returns {String} The fingerprint defining this Key. Convenience getter

     */

    get fingerprint (){

        return this._data.fingerprint;

    }

}

/**

 * Representing a subkey of a Key. See {@link validSubKeyProperties} for

 * possible properties.

 * @class

 * @protected

 */

class GPGME_Subkey {

    /**

     * Initializes with the json data sent by gpgme-json

     * @param {Object} data

     * @private

     */

    constructor (data){

        this._data = {};

        let keys = Object.keys(data);

        const me = this;

        /**

         * Validates a subkey property against {@link validSubKeyProperties} and

         * sets it if validation is successful

         * @param {String} property

         * @param {*} value

         * @param private

         */

        const setProperty = function (property, value){

            // eslint-disable-next-line no-use-before-define

            if (validSubKeyProperties.hasOwnProperty(property)){

                // eslint-disable-next-line no-use-before-define

                if (validSubKeyProperties[property](value) === true) {

                    if (property === 'timestamp' || property === 'expires'){

                        me._data[property] = new Date(value * 1000);

                    } else {

                        me._data[property] = value;

                    }

                }

            }

        };

        for (let i=0; i< keys.length; i++) {

            setProperty(keys[i], data[keys[i]]);

        }

    }

    /**

     * Fetches any information about this subkey

     * @param {String} property Information to request

     * @returns {String | Number | Date}

     */

    get (property) {

        if (this._data.hasOwnProperty(property)){

            return (this._data[property]);

        }

    }

}

/**

 * Representing user attributes associated with a Key or subkey. See

 * {@link validUserIdProperties} for possible properties.

 * @class

 * @protected

 */

class GPGME_UserId {

    /**

     * Initializes with the json data sent by gpgme-json

     * @param {Object} data

     * @private

     */

    constructor (data){

        this._data = {};

        const me = this;

        let keys = Object.keys(data);

        const setProperty = function (property, value){

            // eslint-disable-next-line no-use-before-define

            if (validUserIdProperties.hasOwnProperty(property)){

                // eslint-disable-next-line no-use-before-define

                if (validUserIdProperties[property](value) === true) {

                    if (property === 'last_update'){

                        me._data[property] = new Date(value*1000);

                    } else {

                        me._data[property] = value;

                    }

                }

            }

        };

        for (let i=0; i< keys.length; i++) {

            setProperty(keys[i], data[keys[i]]);

        }

    }

    /**

     * Fetches information about the user

     * @param {String} property Information to request

     * @returns {String | Number}

     */

    get (property) {

        if (this._data.hasOwnProperty(property)){

            return (this._data[property]);

        }

    }

}

/**

 * Validation definition for userIds. Each valid userId property is represented

 * as a key- Value pair, with their value being a validation function to check

 * against

 * @protected

 * @const

 */

const validUserIdProperties = {

    'revoked': function (value){

        return typeof (value) === 'boolean';

    },

    'invalid':  function (value){

        return typeof (value) === 'boolean';

    },

    'uid': function (value){

        if (typeof (value) === 'string' || value === ''){

            return true;

        }

        return false;

    },

    'validity': function (value){

        if (typeof (value) === 'string'){

            return true;

        }

        return false;

    },

    'name': function (value){

        if (typeof (value) === 'string' || value === ''){

            return true;

        }

        return false;

    },

    'email': function (value){

        if (typeof (value) === 'string' || value === ''){

            return true;

        }

        return false;

    },

    'address': function (value){

        if (typeof (value) === 'string' || value === ''){

            return true;

        }

        return false;

    },

    'comment': function (value){

        if (typeof (value) === 'string' || value === ''){

            return true;

        }

        return false;

    },

    'origin':  function (value){

        return Number.isInteger(value);

    },

    'last_update':  function (value){

        return Number.isInteger(value);

    }

};

/**

 * Validation definition for subKeys. Each valid userId property is represented

 * as a key-value pair, with the value being a validation function

 * @protected

 * @const

 */

const validSubKeyProperties = {

    'invalid': function (value){

        return typeof (value) === 'boolean';

    },

    'can_encrypt': function (value){

        return typeof (value) === 'boolean';

    },

    'can_sign': function (value){

        return typeof (value) === 'boolean';

    },

    'can_certify':  function (value){

        return typeof (value) === 'boolean';

    },

    'can_authenticate':  function (value){

        return typeof (value) === 'boolean';

    },

    'secret': function (value){

        return typeof (value) === 'boolean';

    },

    'is_qualified': function (value){

        return typeof (value) === 'boolean';

    },

    'is_cardkey':  function (value){

        return typeof (value) === 'boolean';

    },

    'is_de_vs':  function (value){

        return typeof (value) === 'boolean';

    },

    'pubkey_algo_name': function (value){

        return typeof (value) === 'string';

        // TODO: check against list of known?['']

    },

    'pubkey_algo_string': function (value){

        return typeof (value) === 'string';

        // TODO: check against list of known?['']

    },

    'keyid': function (value){

        return isLongId(value);

    },

    'pubkey_algo': function (value) {

        return (Number.isInteger(value) && value >= 0);

    },

    'length': function (value){

        return (Number.isInteger(value) && value > 0);

    },

    'timestamp': function (value){

        return (Number.isInteger(value) && value > 0);

    },

    'expires': function (value){

        return (Number.isInteger(value) && value > 0);

    }

};

/**

 * Validation definition for Keys. Each valid Key property is represented

 * as a key-value pair, with their value being a validation function. For

 * details on the meanings, please refer to the gpgme documentation

 * https://www.gnupg.org/documentation/manuals/gpgme/Key-objects.html#Key-objects

 * @param {String} fingerprint

 * @param {Boolean} revoked

 * @param {Boolean} expired

 * @param {Boolean} disabled

 * @param {Boolean} invalid

 * @param {Boolean} can_encrypt

 * @param {Boolean} can_sign

 * @param {Boolean} can_certify

 * @param {Boolean} can_authenticate

 * @param {Boolean} secret

 * @param {Boolean}is_qualified

 * @param {String} protocol

 * @param {String} issuer_serial

 * @param {String} issuer_name

 * @param {Boolean} chain_id

 * @param {String} owner_trust

 * @param {Date} last_update

 * @param {String} origin

 * @param {Array<GPGME_Subkey>} subkeys

 * @param {Array<GPGME_UserId>} userids

 * @param {Array<String>} tofu

 * @param {Boolean} hasSecret

 * @protected

 * @const

 */

const validKeyProperties = {

    'fingerprint': function (value){

        return isFingerprint(value);

    },

    'revoked': function (value){

        return typeof (value) === 'boolean';

    },

    'expired': function (value){

        return typeof (value) === 'boolean';

    },

    'disabled': function (value){

        return typeof (value) === 'boolean';

    },

    'invalid': function (value){

        return typeof (value) === 'boolean';

    },

    'can_encrypt': function (value){

        return typeof (value) === 'boolean';

    },

    'can_sign': function (value){

        return typeof (value) === 'boolean';

    },

    'can_certify': function (value){

        return typeof (value) === 'boolean';

    },

    'can_authenticate': function (value){

        return typeof (value) === 'boolean';

    },

    'secret': function (value){

        return typeof (value) === 'boolean';

    },

    'is_qualified': function (value){

        return typeof (value) === 'boolean';

    },

    'protocol': function (value){

        return typeof (value) === 'string';

        // TODO check for implemented ones

    },

    'issuer_serial': function (value){

        return typeof (value) === 'string';

    },

    'issuer_name': function (value){

        return typeof (value) === 'string';

    },

    'chain_id': function (value){

        return typeof (value) === 'string';

    },

    'owner_trust': function (value){

        return typeof (value) === 'string';

    },

    'last_update': function (value){

        return (Number.isInteger(value));

        // TODO undefined/null possible?

    },

    'origin': function (value){

        return (Number.isInteger(value));

    },

    'subkeys': function (value){

        return (Array.isArray(value));

    },

    'userids': function (value){

        return (Array.isArray(value));

    },

    'tofu': function (value){

        return (Array.isArray(value));

    },

    'hasSecret': function (value){

        return typeof (value) === 'boolean';

    }

};

/**

* sets the Key data in bulk. It can only be used from inside a Key, either

* during construction or on a refresh callback.

* @param {Object} key the original internal key data.

* @param {Object} data Bulk set the data for this key, with an Object structure

* as sent by gpgme-json.

* @returns {Object|GPGME_Error} the changed data after values have been set,

* an error if something went wrong.

* @private

*/

function validateKeyData (fingerprint, data){

    const key = {};

    if (!fingerprint || typeof (data) !== 'object' || !data.fingerprint

     || fingerprint !== data.fingerprint.toUpperCase()

    ){

        return gpgme_error('KEY_INVALID');

    }

    let props = Object.keys(data);

    for (let i=0; i< props.length; i++){

        if (!validKeyProperties.hasOwnProperty(props[i])){

            return gpgme_error('KEY_INVALID');

        }

        // running the defined validation function

        if (validKeyProperties[props[i]](data[props[i]]) !== true ){

            return gpgme_error('KEY_INVALID');

        }

        switch (props[i]){

        case 'subkeys':

            key.subkeys = [];

            for (let i=0; i< data.subkeys.length; i++) {

                key.subkeys.push(

                    new GPGME_Subkey(data.subkeys[i]));

            }

            break;

        case 'userids':

            key.userids = [];

            for (let i=0; i< data.userids.length; i++) {

                key.userids.push(

                    new GPGME_UserId(data.userids[i]));

            }

            break;

        case 'last_update':

            key[props[i]] = new Date( data[props[i]] * 1000 );

            break;

        default:

            key[props[i]] = data[props[i]];

        }

    }

    return key;

}

/**

 * Fetches and sets properties from gnupg

 * @param {String} fingerprint

 * @param {String} property to search for.

 * @private

 * @async

 */

function getGnupgState (fingerprint, property){

    return new Promise(function (resolve, reject) {

        if (!isFingerprint(fingerprint)) {

            reject(gpgme_error('KEY_INVALID'));

        } else {

            let msg = createMessage('keylist');

            msg.setParameter('keys', fingerprint);

            msg.post().then(function (res){

                if (!res.keys || res.keys.length !== 1){

                    reject(gpgme_error('KEY_INVALID'));

                } else {

                    const key = res.keys[0];

                    let result;

                    switch (property){

                    case 'subkeys':

                        result = [];

                        if (key.subkeys.length){

                            for (let i=0; i < key.subkeys.length; i++) {

                                result.push(

                                    new GPGME_Subkey(key.subkeys[i]));

                            }

                        }

                        resolve(result);

                        break;

                    case 'userids':

                        result = [];

                        if (key.userids.length){

                            for (let i=0; i< key.userids.length; i++) {

                                result.push(

                                    new GPGME_UserId(key.userids[i]));

                            }

                        }

                        resolve(result);

                        break;

                    case 'last_update':

                        if (key.last_update === undefined){

                            reject(gpgme_error('CONN_UNEXPECTED_ANSWER'));

                        } else if (key.last_update !== null){

                            resolve(new Date( key.last_update * 1000));

                        } else {

                            resolve(null);

                        }

                        break;

                    default:

                        if (!validKeyProperties.hasOwnProperty(property)){

                            reject(gpgme_error('PARAM_WRONG'));

                        } else {

                            if (key.hasOwnProperty(property)){

                                resolve(key[property]);

                            } else {

                                reject(gpgme_error(

                                    'CONN_UNEXPECTED_ANSWER'));

                            }

                        }

                        break;

                    }

                }

            }, function (error){

                reject(gpgme_error(error));

            });

        }

    });

}