/* gpgme.js - Javascript integration for gpgme
 * Copyright (C) 2018 Bundesamt für Sicherheit in der Informationstechnik
 *
 * This file is part of GPGME.
 *
 * GPGME is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * GPGME is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this program; if not, see <https://www.gnu.org/licenses/>.
 * SPDX-License-Identifier: LGPL-2.1+
 *
 * Author(s):
 *     Maximilian Krambach <mkrambach@intevation.de>
 */


import { isFingerprint, isLongId } from './Helpers';
import { gpgme_error } from './Errors';
import { createMessage } from './Message';

/**
 * Validates the given fingerprint and creates a new {@link GPGME_Key}
 * @param {String} fingerprint
 * @param {Boolean} async If True, Key properties (except fingerprint) will be
 * queried from gnupg on each call, making the operation up-to-date, the
 * answers will be Promises, and the performance will likely suffer
 * @param {Object} data additional initial properties this Key will have. Needs
 * a full object as delivered by gpgme-json
 * @returns {Object} The verified and updated data
 */
export function createKey (fingerprint, async = false, data){
    if (!isFingerprint(fingerprint) || typeof (async) !== 'boolean'){
        throw gpgme_error('PARAM_WRONG');
    }
    if (data !== undefined){
        data = validateKeyData(fingerprint, data);
    }
    if (data instanceof Error){
        throw gpgme_error('KEY_INVALID');
    } else {
        return new GPGME_Key(fingerprint, async, data);
    }
}

/**
 * Represents the Keys as stored in the gnupg backend. A key is defined by a
 * fingerprint.
 * A key cannot be directly created via the new operator, please use
 * {@link createKey} instead.
 * A GPGME_Key object allows to query almost all information defined in gpgme
 * Keys. It offers two modes, async: true/false. In async mode, Key properties
 * with the exception of the fingerprint will be queried from gnupg on each
 * call, making the operation up-to-date, the answers will be Promises, and
 * the performance will likely suffer. In Sync modes, all information except
 * for the armored Key export will be cached and can be refreshed by
 * [refreshKey]{@link GPGME_Key#refreshKey}.
 *
 * <pre>
 * see also:
 *      {@link GPGME_UserId} user Id objects
 *      {@link GPGME_Subkey} subKey objects
 * </pre>
 * For other Key properteis, refer to {@link validKeyProperties},
 * and to the [gpgme documentation]{@link https://www.gnupg.org/documentation/manuals/gpgme/Key-objects.html}
 * for meanings and further details.
 *
 * @class
 */
class GPGME_Key {

    constructor (fingerprint, async, data){

        /**
         * @property {Boolean} _async If true, the Key was initialized without
         * cached data
         */
        this._async = async;

        this._data = { fingerprint: fingerprint.toUpperCase() };
        if (data !== undefined
            && data.fingerprint.toUpperCase() === this._data.fingerprint
        ) {
            this._data = data;
        }
    }

    /**
     * Query any property of the Key listed in {@link validKeyProperties}
     * @param {String} property property to be retrieved
     * @returns {Boolean| String | Date | Array | Object}
     * @returns {Promise<Boolean| String | Date | Array | Object>} (if in async
     * mode)
     * <pre>
     * Returns the value of the property requested. If the Key is set to async,
     * the value will be fetched from gnupg and resolved as a Promise. If Key
     * is not  async, the armored property is not available (it can still be
     * retrieved asynchronously by [getArmor]{@link GPGME_Key#getArmor})
     */
    get (property) {
        if (this._async === true) {
            switch (property){
            case 'armored':
                return this.getArmor();
            case 'hasSecret':
                return this.getGnupgSecretState();
            default:
                return getGnupgState(this.fingerprint, property);
            }
        } else {
            if (property === 'armored') {
                throw gpgme_error('KEY_ASYNC_ONLY');
            }
            // eslint-disable-next-line no-use-before-define
            if (!validKeyProperties.hasOwnProperty(property)){
                throw gpgme_error('PARAM_WRONG');
            } else {
                return (this._data[property]);
            }
        }
    }

    /**
     * Reloads the Key information from gnupg. This is only useful if the Key
     * use the GPGME_Keys cached. Note that this is a performance hungry
     * operation. If you desire more than a few refreshs, it may be
     * advisable to run [Keyring.getKeys]{@link Keyring#getKeys} instead.
     * @returns {Promise<GPGME_Key>}
     * @async
     */
    refreshKey () {
        let me = this;
        return new Promise(function (resolve, reject) {
            if (!me._data.fingerprint){
                reject(gpgme_error('KEY_INVALID'));
            }
            let msg = createMessage('keylist');
            msg.setParameter('sigs', true);
            msg.setParameter('keys', me._data.fingerprint);
            msg.post().then(function (result){
                if (result.keys.length === 1){
                    const newdata = validateKeyData(
                        me._data.fingerprint, result.keys[0]);
                    if (newdata instanceof Error){
                        reject(gpgme_error('KEY_INVALID'));
                    } else {
                        me._data = newdata;
                        me.getGnupgSecretState().then(function (){
                            me.getArmor().then(function (){
                                resolve(me);
                            }, function (error){
                                reject(error);
                            });
                        }, function (error){
                            reject(error);
                        });
                    }
                } else {
                    reject(gpgme_error('KEY_NOKEY'));
                }
            }, function (error) {
                reject(gpgme_error('GNUPG_ERROR'), error);
            });
        });
    }

    /**
     * Query the armored block of the Key directly from gnupg. Please note
     * that this will not get you any export of the secret/private parts of
     * a Key
     * @returns {Promise<String>}
     * @async
     */
    getArmor () {
        const me = this;
        return new Promise(function (resolve, reject) {
            if (!me._data.fingerprint){
                reject(gpgme_error('KEY_INVALID'));
            }
            let msg = createMessage('export');
            msg.setParameter('armor', true);
            msg.setParameter('keys', me._data.fingerprint);
            msg.post().then(function (result){
                resolve(result.data);
            }, function (error){
                reject(error);
            });
        });
    }

    /**
     * Find out if the Key is part of a Key pair including public and
     * private key(s). If you want this information about more than a few
     * Keys in synchronous mode, it may be advisable to run
     * [Keyring.getKeys]{@link Keyring#getKeys} instead, as it performs faster
     * in bulk querying.
     * @returns {Promise<Boolean>} True if a private Key is available in the
     * gnupg Keyring.
     * @async
     */
    getGnupgSecretState (){
        const me = this;
        return new Promise(function (resolve, reject) {
            if (!me._data.fingerprint){
                reject(gpgme_error('KEY_INVALID'));
            } else {
                let msg = createMessage('keylist');
                msg.setParameter('keys', me._data.fingerprint);
                msg.setParameter('secret', true);
                msg.post().then(function (result){
                    me._data.hasSecret = null;
                    if (
                        result.keys &&
                        result.keys.length === 1 &&
                        result.keys[0].secret === true
                    ) {
                        me._data.hasSecret = true;
                        resolve(true);
                    } else {
                        me._data.hasSecret = false;
                        resolve(false);
                    }
                }, function (error){
                    reject(error);
                });
            }
        });
    }

    /**
     * Deletes the (public) Key from the GPG Keyring. Note that a deletion
     * of a secret key is not supported by the native backend, and gnupg will
     * refuse to delete a Key if there is still a secret/private Key present
     * to that public Key
     * @returns {Promise<Boolean>} Success if key was deleted.
     */
    delete (){
        const me = this;
        return new Promise(function (resolve, reject){
            if (!me._data.fingerprint){
                reject(gpgme_error('KEY_INVALID'));
            }
            let msg = createMessage('delete');
            msg.setParameter('key', me._data.fingerprint);
            msg.post().then(function (result){
                resolve(result.success);
            }, function (error){
                reject(error);
            });
        });
    }

    /**
     * @returns {String} The fingerprint defining this Key. Convenience getter
     */
    get fingerprint (){
        return this._data.fingerprint;
    }
}

/**
 * Representing a subkey of a Key. See {@link validSubKeyProperties} for
 * possible properties.
 * @class
 * @protected
 */
class GPGME_Subkey {

    /**
     * Initializes with the json data sent by gpgme-json
     * @param {Object} data
     * @private
     */
    constructor (data){
        this._data = {};
        let keys = Object.keys(data);
        const me = this;

        /**
         * Validates a subkey property against {@link validSubKeyProperties} and
         * sets it if validation is successful
         * @param {String} property
         * @param {*} value
         * @param private
         */
        const setProperty = function (property, value){
            // eslint-disable-next-line no-use-before-define
            if (validSubKeyProperties.hasOwnProperty(property)){
                // eslint-disable-next-line no-use-before-define
                if (validSubKeyProperties[property](value) === true) {
                    if (property === 'timestamp' || property === 'expires'){
                        me._data[property] = new Date(value * 1000);
                    } else {
                        me._data[property] = value;
                    }
                }
            }
        };
        for (let i=0; i< keys.length; i++) {
            setProperty(keys[i], data[keys[i]]);
        }
    }

    /**
     * Fetches any information about this subkey
     * @param {String} property Information to request
     * @returns {String | Number | Date}
     */
    get (property) {
        if (this._data.hasOwnProperty(property)){
            return (this._data[property]);
        }
    }

}

/**
 * Representing user attributes associated with a Key or subkey. See
 * {@link validUserIdProperties} for possible properties.
 * @class
 * @protected
 */
class GPGME_UserId {

    /**
     * Initializes with the json data sent by gpgme-json
     * @param {Object} data
     * @private
     */
    constructor (data){
        this._data = {};
        const me = this;
        let keys = Object.keys(data);
        const setProperty = function (property, value){
            // eslint-disable-next-line no-use-before-define
            if (validUserIdProperties.hasOwnProperty(property)){
                // eslint-disable-next-line no-use-before-define
                if (validUserIdProperties[property](value) === true) {
                    if (property === 'last_update'){
                        me._data[property] = new Date(value*1000);
                    } else {
                        me._data[property] = value;
                    }
                }
            }
        };
        for (let i=0; i< keys.length; i++) {
            setProperty(keys[i], data[keys[i]]);
        }
    }

    /**
     * Fetches information about the user
     * @param {String} property Information to request
     * @returns {String | Number}
     */
    get (property) {
        if (this._data.hasOwnProperty(property)){
            return (this._data[property]);
        }
    }

}

/**
 * Validation definition for userIds. Each valid userId property is represented
 * as a key- Value pair, with their value being a validation function to check
 * against
 * @protected
 * @const
 */
const validUserIdProperties = {
    'revoked': function (value){
        return typeof (value) === 'boolean';
    },
    'invalid':  function (value){
        return typeof (value) === 'boolean';
    },
    'uid': function (value){
        if (typeof (value) === 'string' || value === ''){
            return true;
        }
        return false;
    },
    'validity': function (value){
        if (typeof (value) === 'string'){
            return true;
        }
        return false;
    },
    'name': function (value){
        if (typeof (value) === 'string' || value === ''){
            return true;
        }
        return false;
    },
    'email': function (value){
        if (typeof (value) === 'string' || value === ''){
            return true;
        }
        return false;
    },
    'address': function (value){
        if (typeof (value) === 'string' || value === ''){
            return true;
        }
        return false;
    },
    'comment': function (value){
        if (typeof (value) === 'string' || value === ''){
            return true;
        }
        return false;
    },
    'origin':  function (value){
        return Number.isInteger(value);
    },
    'last_update':  function (value){
        return Number.isInteger(value);
    }
};

/**
 * Validation definition for subKeys. Each valid userId property is represented
 * as a key-value pair, with the value being a validation function
 * @protected
 * @const
 */
const validSubKeyProperties = {
    'invalid': function (value){
        return typeof (value) === 'boolean';
    },
    'can_encrypt': function (value){
        return typeof (value) === 'boolean';
    },
    'can_sign': function (value){
        return typeof (value) === 'boolean';
    },
    'can_certify':  function (value){
        return typeof (value) === 'boolean';
    },
    'can_authenticate':  function (value){
        return typeof (value) === 'boolean';
    },
    'secret': function (value){
        return typeof (value) === 'boolean';
    },
    'is_qualified': function (value){
        return typeof (value) === 'boolean';
    },
    'is_cardkey':  function (value){
        return typeof (value) === 'boolean';
    },
    'is_de_vs':  function (value){
        return typeof (value) === 'boolean';
    },
    'pubkey_algo_name': function (value){
        return typeof (value) === 'string';
        // TODO: check against list of known?['']
    },
    'pubkey_algo_string': function (value){
        return typeof (value) === 'string';
        // TODO: check against list of known?['']
    },
    'keyid': function (value){
        return isLongId(value);
    },
    'pubkey_algo': function (value) {
        return (Number.isInteger(value) && value >= 0);
    },
    'length': function (value){
        return (Number.isInteger(value) && value > 0);
    },
    'timestamp': function (value){
        return (Number.isInteger(value) && value > 0);
    },
    'expires': function (value){
        return (Number.isInteger(value) && value > 0);
    }
};

/**
 * Validation definition for Keys. Each valid Key property is represented
 * as a key-value pair, with their value being a validation function. For
 * details on the meanings, please refer to the gpgme documentation
 * https://www.gnupg.org/documentation/manuals/gpgme/Key-objects.html#Key-objects
 * @param {String} fingerprint
 * @param {Boolean} revoked
 * @param {Boolean} expired
 * @param {Boolean} disabled
 * @param {Boolean} invalid
 * @param {Boolean} can_encrypt
 * @param {Boolean} can_sign
 * @param {Boolean} can_certify
 * @param {Boolean} can_authenticate
 * @param {Boolean} secret
 * @param {Boolean}is_qualified
 * @param {String} protocol
 * @param {String} issuer_serial
 * @param {String} issuer_name
 * @param {Boolean} chain_id
 * @param {String} owner_trust
 * @param {Date} last_update
 * @param {String} origin
 * @param {Array<GPGME_Subkey>} subkeys
 * @param {Array<GPGME_UserId>} userids
 * @param {Array<String>} tofu
 * @param {Boolean} hasSecret
 * @protected
 * @const
 */
const validKeyProperties = {
    'fingerprint': function (value){
        return isFingerprint(value);
    },
    'revoked': function (value){
        return typeof (value) === 'boolean';
    },
    'expired': function (value){
        return typeof (value) === 'boolean';
    },
    'disabled': function (value){
        return typeof (value) === 'boolean';
    },
    'invalid': function (value){
        return typeof (value) === 'boolean';
    },
    'can_encrypt': function (value){
        return typeof (value) === 'boolean';
    },
    'can_sign': function (value){
        return typeof (value) === 'boolean';
    },
    'can_certify': function (value){
        return typeof (value) === 'boolean';
    },
    'can_authenticate': function (value){
        return typeof (value) === 'boolean';
    },
    'secret': function (value){
        return typeof (value) === 'boolean';
    },
    'is_qualified': function (value){
        return typeof (value) === 'boolean';
    },
    'protocol': function (value){
        return typeof (value) === 'string';
        // TODO check for implemented ones
    },
    'issuer_serial': function (value){
        return typeof (value) === 'string';
    },
    'issuer_name': function (value){
        return typeof (value) === 'string';
    },
    'chain_id': function (value){
        return typeof (value) === 'string';
    },
    'owner_trust': function (value){
        return typeof (value) === 'string';
    },
    'last_update': function (value){
        return (Number.isInteger(value));
        // TODO undefined/null possible?
    },
    'origin': function (value){
        return (Number.isInteger(value));
    },
    'subkeys': function (value){
        return (Array.isArray(value));
    },
    'userids': function (value){
        return (Array.isArray(value));
    },
    'tofu': function (value){
        return (Array.isArray(value));
    },
    'hasSecret': function (value){
        return typeof (value) === 'boolean';
    }

};

/**
* sets the Key data in bulk. It can only be used from inside a Key, either
* during construction or on a refresh callback.
* @param {Object} key the original internal key data.
* @param {Object} data Bulk set the data for this key, with an Object structure
* as sent by gpgme-json.
* @returns {Object|GPGME_Error} the changed data after values have been set,
* an error if something went wrong.
* @private
*/
function validateKeyData (fingerprint, data){
    const key = {};
    if (!fingerprint || typeof (data) !== 'object' || !data.fingerprint
     || fingerprint !== data.fingerprint.toUpperCase()
    ){
        return gpgme_error('KEY_INVALID');
    }
    let props = Object.keys(data);
    for (let i=0; i< props.length; i++){
        if (!validKeyProperties.hasOwnProperty(props[i])){
            return gpgme_error('KEY_INVALID');
        }
        // running the defined validation function
        if (validKeyProperties[props[i]](data[props[i]]) !== true ){
            return gpgme_error('KEY_INVALID');
        }
        switch (props[i]){
        case 'subkeys':
            key.subkeys = [];
            for (let i=0; i< data.subkeys.length; i++) {
                key.subkeys.push(
                    new GPGME_Subkey(data.subkeys[i]));
            }
            break;
        case 'userids':
            key.userids = [];
            for (let i=0; i< data.userids.length; i++) {
                key.userids.push(
                    new GPGME_UserId(data.userids[i]));
            }
            break;
        case 'last_update':
            key[props[i]] = new Date( data[props[i]] * 1000 );
            break;
        default:
            key[props[i]] = data[props[i]];
        }
    }
    return key;
}

/**
 * Fetches and sets properties from gnupg
 * @param {String} fingerprint
 * @param {String} property to search for.
 * @private
 * @async
 */
function getGnupgState (fingerprint, property){
    return new Promise(function (resolve, reject) {
        if (!isFingerprint(fingerprint)) {
            reject(gpgme_error('KEY_INVALID'));
        } else {
            let msg = createMessage('keylist');
            msg.setParameter('keys', fingerprint);
            msg.post().then(function (res){
                if (!res.keys || res.keys.length !== 1){
                    reject(gpgme_error('KEY_INVALID'));
                } else {
                    const key = res.keys[0];
                    let result;
                    switch (property){
                    case 'subkeys':
                        result = [];
                        if (key.subkeys.length){
                            for (let i=0; i < key.subkeys.length; i++) {
                                result.push(
                                    new GPGME_Subkey(key.subkeys[i]));
                            }
                        }
                        resolve(result);
                        break;
                    case 'userids':
                        result = [];
                        if (key.userids.length){
                            for (let i=0; i< key.userids.length; i++) {
                                result.push(
                                    new GPGME_UserId(key.userids[i]));
                            }
                        }
                        resolve(result);
                        break;
                    case 'last_update':
                        if (key.last_update === undefined){
                            reject(gpgme_error('CONN_UNEXPECTED_ANSWER'));
                        } else if (key.last_update !== null){
                            resolve(new Date( key.last_update * 1000));
                        } else {
                            resolve(null);
                        }
                        break;
                    default:
                        if (!validKeyProperties.hasOwnProperty(property)){
                            reject(gpgme_error('PARAM_WRONG'));
                        } else {
                            if (key.hasOwnProperty(property)){
                                resolve(key[property]);
                            } else {
                                reject(gpgme_error(
                                    'CONN_UNEXPECTED_ANSWER'));
                            }
                        }
                        break;
                    }
                }
            }, function (error){
                reject(gpgme_error(error));
            });
        }
    });
}