# frozen_string_literal: true

require 'uri'
require 'net/http'

MAX_KEY_SIZE = 125000 # don't import if the ascii keyfile is larger than this

# check signature on an attachment
#

if $0 == __FILE__
  require 'wunderbar'
  $LOAD_PATH.unshift '/srv/whimsy/lib'
  require 'whimsy/asf'
  require_relative '../../models/mailbox'
end

ENV['GNUPGHOME'] = GNUPGHOME if GNUPGHOME

# see WHIMSY-274 for secure servers
# ** N.B. ensure the keyserver URI is known below **

KEYSERVERS = %w{keyserver.ubuntu.com}
# openpgp does not return the uid needed by gpg

# ** N.B. ensure the keyserver URI is known below **
def getServerURI(server, keyid)
  if server == 'keys.openpgp.org'
    if keyid.length == 40
      uri = "https://#{server}/vks/v1/by-fingerprint/#{keyid}"
    else
      uri = "https://#{server}/vks/v1/by-keyid/#{keyid}"
    end
  elsif server == 'keyserver.ubuntu.com'
    uri = "https://#{server}/pks/lookup?search=0x#{keyid}&op=get"
  else
    # default to format used by sks-keyserver pool members
    uri = "https://#{server}/pks/lookup?search=0x#{keyid}&exact=on&options=mr&op=get"
  end
  Wunderbar.warn uri
  return uri
end

# fetch the Key from the URI and store in the file
def getURI(uri, file)
  uri = URI.parse(uri)
  opts = {use_ssl: uri.scheme == 'https'}
  # The pool needs a special CA cert
  Net::HTTP.start(uri.host, uri.port, opts ) do |https|
    https.request_get(uri.request_uri) do |res|
      unless res.code == '200'
        raise Exception.new("Get #{uri} failed with #{res.code}: #{res.message}")
      end
      cl = res.content_length
      if cl
        Wunderbar.warn "Content-Length: #{cl}"
        if cl > MAX_KEY_SIZE # fail early
          raise Exception.new("Content-Length: #{cl} > #{MAX_KEY_SIZE}")
        end
      else
        Wunderbar.warn 'Content-Length not provided, continuing'
      end
      File.open(file, 'w') do |f|
        # Save the data directly; don't store in memory
        res.read_body do |segment|
          f.write segment
        end
      end
      size = File.size(file)
      Wunderbar.warn "File: #{file} Size: #{size}"
      if size > MAX_KEY_SIZE
        raise Exception.new("File: #{file} size #{size} > #{MAX_KEY_SIZE}")
      end
    end
  end
end

def validate_sig(attachment, signature, msgid, message)
  # pick the latest gpg version
  gpg = `which gpg2`.chomp
  gpg = `which gpg`.chomp if gpg.empty?

  # run gpg verify command - this is needed to determine the key-id
  # TODO: may need to drop the keyid-format parameter when gpg is updated as it might
  # reduce the keyid length from the full fingerprint
  out, err, rc = Open3.capture3 gpg,
    '--keyid-format', 'long', # Show a longer id
    '--verify', signature.path, attachment.path

  # N.B. the code now always fetches the key, so it is guaranteed current.
  # Might need to consider allowing for using a cached key if fetches fail frequently,
  # but this should probably be on demand only

  # Allow auto key fetch to be turned off; create the file /srv/gpg/whimsy_use_db
  # This is intended for local testing
  fetchKey = !File.exist?('/srv/gpg/whimsy_use_db')
  # If the key is not in the database, we need to try and fetch it
  unless fetchKey
    if
      err.include? "gpg: Can't check signature: No public key" or
      err.include? "gpg: Can't check signature: public key not found"
    then
      fetchKey = true
    end
  end

  # Look for the keyid so we can fetch the current key
  keyid = err[/[RD]SA key (ID )?(\w+)/,2]

  # we have a keyid and we need to fetch it
  if keyid and fetchKey
  then
    # Try to fetch the key
    Dir.mktmpdir do |dir|
      found = false
      tmpfile = File.join(dir, keyid)
      KEYSERVERS.each do |server|
        begin
          uri = getServerURI(server, keyid)
          # get the public key if possible (throws if not)
          getURI(uri, tmpfile)
          # import the key for use in validation
          out, err, rc = Open3.capture3 gpg,
            '--batch', '--import', tmpfile
          # For later analysis
          Wunderbar.warn "#{gpg} --import #{tmpfile} rc=#{rc} out=#{out} err=#{err}"
          if err.include?('processed: 1') # downloaded key is valid; store it for posterity
            Dir.mktmpdir do |tmpdir|
              container = ASF::SVN.svnpath!('iclas', '__keys__')
              ASF::SVN.svn!('checkout',[container, tmpdir], {depth: 'empty', env: env})
              outfile = File.join(tmpdir, keyid)
              # Just in case we already have a copy
              ASF::SVN.svn!('update', outfile, {env: env})
              present = File.exist? outfile
              FileUtils.cp(tmpfile, outfile) # add the latest copy
              if present # must have been dropped from the pubkey database (or was maybe backfilled)
                Wunderbar.warn "Already have a copy of #{keyid}"
                # Has it changed?
                Wunderbar.warn ASF::SVN.svn('diff', outfile, {verbose: true}).inspect
              else # we have a new key
                ASF::SVN.svn!('add', outfile, {verbose: true})
              end
              begin
                message.add_email_details(outfile)
              rescue StandardError => err
                Wunderbar.warn "Failed to add properties for #{keyid} - #{err}"
              end
              ASF::SVN.svn!('commit', outfile, {msg: "Adding key for msgid: #{msgid}", env: env})
            end
          else
            Wunderbar.warn "Failed to import #{keyid}"
          end
          found = true
        rescue Exception => e
          Wunderbar.warn "GET uri=#{uri} e=#{e}"
          err = "Key #{keyid} not found: #{e.to_s}".dup # Dup needed to unfreeze string for later
        end
        break if found
      end
      if found

        # run gpg verify command again
        # TODO: may need to drop the keyid-format parameter when gpg is updated as it might
        # reduce the keyid length from the full fingerprint
        out, err, rc = Open3.capture3 gpg,
          '--keyid-format', 'long', # Show a longer id
          '--verify', signature.path, attachment.path
      end
    end
  end

  # list of strings to ignore
  ignore = [
    /^gpg:\s+WARNING: This key is not certified with a trusted signature!$/,
    /^gpg:\s+There is no indication that the signature belongs to the owner\.$/
  ]

  unless err.valid_encoding?
    err = err.force_encoding('windows-1252').encode('utf-8')
  end

  ignore.each {|re| err.gsub! re, ''}

  return out, err, rc
end

def process
  message = Mailbox.find(@message) # e.g. /secretary/workbench/yyyymm/123456789a/

  begin
    # fetch attachment and signature
    # e.g. icla.pdf and icla.pdf.asc
    attachment = message.find(URI::RFC2396_Parser.new.unescape(@attachment)).as_file # This is derived from a URI
    signature  = message.find(@signature).as_file # This is derived from the YAML file
    msgid = message.headers.select{|k,v| k.downcase == 'message-id'}.values.first

    out, err, rc = validate_sig(attachment, signature, msgid, message)

  ensure
    attachment.unlink if attachment
    signature.unlink if signature
  end

  return {output: out, error: err, rc: rc.exitstatus}
end

# Allow direct testing
if $0 == __FILE__
  yyyymmid = ARGV.shift or fail 'Need yyyymm/msgid'
  att = ARGV.shift || 'icla.pdf'
  sig = ARGV.shift || att + '.asc'
  @message = "/secretary/workbench/#{yyyymmid}/"
  @attachment=att
  @signature=sig
  ret = process
  if ret[:rc] == 0
    puts "Success: #{ret[:output]} #{ret[:error]}"
  else
    puts "Failure(#{ret[:rc]}): #{ret[:output]} #{ret[:error]}"
  end
else
  process # must be the last executable statement
end