/*
 * Copyright (C) 2015 Red Hat, Inc.
 *
 * SPDX-License-Identifier: LGPL-2.0+
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the
 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
 * Boston, MA 02111-1307, USA.
 */

#include "config.h"

#include "otutil.h"

#include "ot-main.h"
#include "ot-remote-builtins.h"

static char **opt_set;
static gboolean opt_no_gpg_verify;
static gboolean opt_no_sign_verify;
static gboolean opt_if_not_exists;
static gboolean opt_force;
static char *opt_gpg_import;
static char **opt_sign_verify;
static char *opt_contenturl;
static char *opt_collection_id;
static char *opt_sysroot;
static char *opt_repo;

/* ATTENTION:
 * Please remember to update the bash-completion script (bash/ostree) and
 * man page (man/ostree-remote.xml) when changing the option list.
 */

static GOptionEntry option_entries[] = {
  { "set", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_set, "Set config option KEY=VALUE for remote", "KEY=VALUE" },
  { "no-gpg-verify", 0, 0, G_OPTION_ARG_NONE, &opt_no_gpg_verify, "Disable GPG verification", NULL },
  { "no-sign-verify", 0, 0, G_OPTION_ARG_NONE, &opt_no_sign_verify, "Disable signature verification", NULL },
  { "sign-verify", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_sign_verify, "Verify signatures using KEYTYPE=inline:PUBKEY or KEYTYPE=file:/path/to/key", "KEYTYPE=[inline|file]:PUBKEY" },
  { "if-not-exists", 0, 0, G_OPTION_ARG_NONE, &opt_if_not_exists, "Do nothing if the provided remote exists", NULL },
  { "force", 0, 0, G_OPTION_ARG_NONE, &opt_force, "Replace the provided remote if it exists", NULL },
  { "gpg-import", 0, 0, G_OPTION_ARG_FILENAME, &opt_gpg_import, "Import GPG key from FILE", "FILE" },
  { "contenturl", 0, 0, G_OPTION_ARG_STRING, &opt_contenturl, "Use URL when fetching content", "URL" },
  { "collection-id", 0, 0, G_OPTION_ARG_STRING, &opt_collection_id,
    "Globally unique ID for this repository as an collection of refs for redistribution to other repositories", "COLLECTION-ID" },
  { "repo", 0, 0, G_OPTION_ARG_FILENAME, &opt_repo, "Path to OSTree repository (defaults to /sysroot/ostree/repo)", "PATH" },
  { "sysroot", 0, 0, G_OPTION_ARG_FILENAME, &opt_sysroot, "Use sysroot at PATH (overrides --repo)", "PATH" },
  { NULL }
};

static char *
add_verify_opt (GVariantBuilder *builder,
                const char *keyspec,
                GError **error)
{
  g_auto(GStrv) parts = g_strsplit (keyspec, "=", 2);
  g_assert (parts && *parts);
  const char *keytype = parts[0];
  if (!parts[1])
    return glnx_null_throw (error, "Failed to parse KEYTYPE=[inline|file]:DATA in %s", keyspec);

  g_autoptr(OstreeSign) sign = ostree_sign_get_by_name (keytype, error);
  if (!sign)
    return NULL;

  const char *rest = parts[1];
  g_assert (!parts[2]);
  g_auto(GStrv) keyparts = g_strsplit (rest, ":", 2);
  g_assert (keyparts && *keyparts);
  const char *keyref = keyparts[0];
  g_assert (keyref);
  g_autofree char *optname = NULL;
  if (g_str_equal (keyref, "inline"))
    optname = g_strdup_printf ("verification-%s-key", keytype);
  else if (g_str_equal (keyref, "file"))
    optname = g_strdup_printf ("verification-%s-file", keytype);
  else
    return glnx_null_throw (error, "Invalid key reference %s, expected inline|file", keyref);

  g_assert (keyparts[1] && !keyparts[2]);
  g_variant_builder_add (builder, "{s@v}",
                         optname,
                         g_variant_new_variant (g_variant_new_string (keyparts[1])));
  return g_strdup (ostree_sign_get_name (sign));
}

gboolean
ot_remote_builtin_add (int argc, char **argv, OstreeCommandInvocation *invocation, GCancellable *cancellable, GError **error)
{
  g_autoptr(GOptionContext) context = NULL;
  g_autoptr(OstreeSysroot) sysroot = NULL;
  g_autoptr(OstreeRepo) repo = NULL;
  g_autoptr(GString) sign_verify = NULL;
  const char *remote_name;
  const char *remote_url;
  char **iter;
  g_autoptr(GVariantBuilder) optbuilder = NULL;
  g_autoptr(GVariant) options = NULL;
  gboolean ret = FALSE;

  context = g_option_context_new ("NAME [metalink=|mirrorlist=]URL [BRANCH...]");

  if (!ostree_option_context_parse (context, option_entries, &argc, &argv,
                                    invocation, NULL, cancellable, error))
    goto out;

  if (!ostree_parse_sysroot_or_repo_option (context, opt_sysroot, opt_repo,
                                            &sysroot, &repo,
                                            cancellable, error))
    goto out;

  if (argc < 3)
    {
      ot_util_usage_error (context, "NAME and URL must be specified", error);
      goto out;
    }

  if (opt_if_not_exists && opt_force)
    {
      ot_util_usage_error (context,
                           "Can only specify one of --if-not-exists and --force",
                           error);
      goto out;
    }

  remote_name = argv[1];
  remote_url  = argv[2];

  optbuilder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));

  if (argc > 3)
    {
      g_autoptr(GPtrArray) branchesp = g_ptr_array_new ();
      int i;

      for (i = 3; i < argc; i++)
        g_ptr_array_add (branchesp, argv[i]);
      g_ptr_array_add (branchesp, NULL);

      g_variant_builder_add (optbuilder, "{s@v}",
                             "branches",
                             g_variant_new_variant (g_variant_new_strv ((const char*const*)branchesp->pdata, -1)));
    }

  /* We could just make users use --set instead for this since it's a string,
   * but e.g. when mirrorlist support is added, it'll be kinda awkward to type:
   *   --set=contenturl=mirrorlist=... */

  if (opt_contenturl != NULL)
    g_variant_builder_add (optbuilder, "{s@v}",
                           "contenturl", g_variant_new_variant (g_variant_new_string (opt_contenturl)));

  for (iter = opt_set; iter && *iter; iter++)
    {
      const char *keyvalue = *iter;
      g_autofree char *subkey = NULL;
      g_autofree char *subvalue = NULL;

      if (!ot_parse_keyvalue (keyvalue, &subkey, &subvalue, error))
        goto out;

      g_variant_builder_add (optbuilder, "{s@v}",
                             subkey, g_variant_new_variant (g_variant_new_string (subvalue)));
    }

#ifndef OSTREE_DISABLE_GPGME
  /* No signature verification implies no verification for GPG signature as well */
  if (opt_no_gpg_verify || opt_no_sign_verify)
    g_variant_builder_add (optbuilder, "{s@v}",
                           "gpg-verify",
                           g_variant_new_variant (g_variant_new_boolean (FALSE)));
#endif /* OSTREE_DISABLE_GPGME */

  if (opt_no_sign_verify)
    {
      if (opt_sign_verify)
        return glnx_throw (error, "Cannot specify both --sign-verify and --no-sign-verify");
      g_variant_builder_add (optbuilder, "{s@v}",
                            "sign-verify",
                            g_variant_new_variant (g_variant_new_boolean (FALSE)));
    }

  for (char **iter = opt_sign_verify; iter && *iter; iter++)
    {
      const char *keyspec = *iter;
      g_autofree char *signname = add_verify_opt (optbuilder, keyspec, error);
      if (!signname)
        return FALSE;
      if (!sign_verify)
        {
          sign_verify = g_string_new (signname);
        }
      else
        {
          g_string_append_c (sign_verify, ',');
          g_string_append (sign_verify, signname);
        }
    }
  if (sign_verify != NULL)
    g_variant_builder_add (optbuilder, "{s@v}",
                          "sign-verify",
                          g_variant_new_variant (g_variant_new_string (sign_verify->str)));

  if (opt_collection_id != NULL)
    g_variant_builder_add (optbuilder, "{s@v}", "collection-id",
                           g_variant_new_variant (g_variant_new_take_string (g_steal_pointer (&opt_collection_id))));

  options = g_variant_ref_sink (g_variant_builder_end (optbuilder));

  OstreeRepoRemoteChange changeop;
  if (opt_if_not_exists)
    changeop = OSTREE_REPO_REMOTE_CHANGE_ADD_IF_NOT_EXISTS;
  else if (opt_force)
    changeop = OSTREE_REPO_REMOTE_CHANGE_REPLACE;
  else
    changeop = OSTREE_REPO_REMOTE_CHANGE_ADD;
  if (!ostree_repo_remote_change (repo, NULL, changeop,
                                  remote_name, remote_url,
                                  options,
                                  cancellable, error))
    goto out;

#ifndef OSTREE_DISABLE_GPGME
  /* This is just a convenience option and is not as flexible as the full
   * "ostree remote gpg-import" command.  It imports all keys from a file,
   * which is likely the most common case.
   *
   * XXX Not sure this interacts well with if-not-exists since we don't
   *     know whether the remote already existed.  We import regardless. */
  if (opt_gpg_import != NULL)
    {
      g_autoptr(GFile) file = NULL;
      g_autoptr(GInputStream) input_stream = NULL;
      guint imported = 0;

      file = g_file_new_for_path (opt_gpg_import);
      input_stream = (GInputStream *) g_file_read (file, cancellable, error);

      if (input_stream == NULL)
        goto out;

      if (!ostree_repo_remote_gpg_import (repo, remote_name, input_stream,
                                          NULL, &imported, cancellable, error))
        goto out;

      /* XXX If we ever add internationalization, use ngettext() here. */
      g_print ("Imported %u GPG key%s to remote \"%s\"\n",
               imported, (imported == 1) ? "" : "s", remote_name);
    }
#endif /* OSTREE_DISABLE_GPGME */

  ret = TRUE;
 out:
  return ret;
}