// Copyright 2018 The go-ethereum Authors
// This file is part of go-ethereum.
//
// go-ethereum is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// go-ethereum is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with go-ethereum. If not, see <http://www.gnu.org/licenses/>.
package main

import (
	"crypto/rand"
	"encoding/json"
	"fmt"
	"io"
	"io/ioutil"
	"strings"

	"github.com/ethereum/go-ethereum/cmd/utils"
	"github.com/ethereum/go-ethereum/swarm/api"
	"github.com/ethereum/go-ethereum/swarm/api/client"
	"gopkg.in/urfave/cli.v1"
)

var (
	salt          = make([]byte, 32)
	accessCommand = cli.Command{
		CustomHelpTemplate: helpTemplate,
		Name:               "access",
		Usage:              "encrypts a reference and embeds it into a root manifest",
		ArgsUsage:          "<ref>",
		Description:        "encrypts a reference and embeds it into a root manifest",
		Subcommands: []cli.Command{
			{
				CustomHelpTemplate: helpTemplate,
				Name:               "new",
				Usage:              "encrypts a reference and embeds it into a root manifest",
				ArgsUsage:          "<ref>",
				Description:        "encrypts a reference and embeds it into a root access manifest and prints the resulting manifest",
				Subcommands: []cli.Command{
					{
						Action:             accessNewPass,
						CustomHelpTemplate: helpTemplate,
						Flags: []cli.Flag{
							utils.PasswordFileFlag,
							SwarmDryRunFlag,
						},
						Name:        "pass",
						Usage:       "encrypts a reference with a password and embeds it into a root manifest",
						ArgsUsage:   "<ref>",
						Description: "encrypts a reference and embeds it into a root access manifest and prints the resulting manifest",
					},
					{
						Action:             accessNewPK,
						CustomHelpTemplate: helpTemplate,
						Flags: []cli.Flag{
							utils.PasswordFileFlag,
							SwarmDryRunFlag,
							SwarmAccessGrantKeyFlag,
						},
						Name:        "pk",
						Usage:       "encrypts a reference with the node's private key and a given grantee's public key and embeds it into a root manifest",
						ArgsUsage:   "<ref>",
						Description: "encrypts a reference and embeds it into a root access manifest and prints the resulting manifest",
					},
					{
						Action:             accessNewACT,
						CustomHelpTemplate: helpTemplate,
						Flags: []cli.Flag{
							SwarmAccessGrantKeysFlag,
							SwarmDryRunFlag,
							utils.PasswordFileFlag,
						},
						Name:        "act",
						Usage:       "encrypts a reference with the node's private key and a given grantee's public key and embeds it into a root manifest",
						ArgsUsage:   "<ref>",
						Description: "encrypts a reference and embeds it into a root access manifest and prints the resulting manifest",
					},
				},
			},
		},
	}
)

func init() {
	if _, err := io.ReadFull(rand.Reader, salt); err != nil {
		panic("reading from crypto/rand failed: " + err.Error())
	}
}

func accessNewPass(ctx *cli.Context) {
	args := ctx.Args()
	if len(args) != 1 {
		utils.Fatalf("Expected 1 argument - the ref")
	}

	var (
		ae        *api.AccessEntry
		accessKey []byte
		err       error
		ref       = args[0]
		password  = getPassPhrase("", 0, makePasswordList(ctx))
		dryRun    = ctx.Bool(SwarmDryRunFlag.Name)
	)
	accessKey, ae, err = api.DoPassword(ctx, password, salt)
	if err != nil {
		utils.Fatalf("error getting session key: %v", err)
	}
	m, err := api.GenerateAccessControlManifest(ctx, ref, accessKey, ae)
	if err != nil {
		utils.Fatalf("had an error generating the manifest: %v", err)
	}
	if dryRun {
		err = printManifests(m, nil)
		if err != nil {
			utils.Fatalf("had an error printing the manifests: %v", err)
		}
	} else {
		err = uploadManifests(ctx, m, nil)
		if err != nil {
			utils.Fatalf("had an error uploading the manifests: %v", err)
		}
	}
}

func accessNewPK(ctx *cli.Context) {
	args := ctx.Args()
	if len(args) != 1 {
		utils.Fatalf("Expected 1 argument - the ref")
	}

	var (
		ae               *api.AccessEntry
		sessionKey       []byte
		err              error
		ref              = args[0]
		privateKey       = getPrivKey(ctx)
		granteePublicKey = ctx.String(SwarmAccessGrantKeyFlag.Name)
		dryRun           = ctx.Bool(SwarmDryRunFlag.Name)
	)
	sessionKey, ae, err = api.DoPK(ctx, privateKey, granteePublicKey, salt)
	if err != nil {
		utils.Fatalf("error getting session key: %v", err)
	}
	m, err := api.GenerateAccessControlManifest(ctx, ref, sessionKey, ae)
	if err != nil {
		utils.Fatalf("had an error generating the manifest: %v", err)
	}
	if dryRun {
		err = printManifests(m, nil)
		if err != nil {
			utils.Fatalf("had an error printing the manifests: %v", err)
		}
	} else {
		err = uploadManifests(ctx, m, nil)
		if err != nil {
			utils.Fatalf("had an error uploading the manifests: %v", err)
		}
	}
}

func accessNewACT(ctx *cli.Context) {
	args := ctx.Args()
	if len(args) != 1 {
		utils.Fatalf("Expected 1 argument - the ref")
	}

	var (
		ae                   *api.AccessEntry
		actManifest          *api.Manifest
		accessKey            []byte
		err                  error
		ref                  = args[0]
		pkGrantees           []string
		passGrantees         []string
		pkGranteesFilename   = ctx.String(SwarmAccessGrantKeysFlag.Name)
		passGranteesFilename = ctx.String(utils.PasswordFileFlag.Name)
		privateKey           = getPrivKey(ctx)
		dryRun               = ctx.Bool(SwarmDryRunFlag.Name)
	)
	if pkGranteesFilename == "" && passGranteesFilename == "" {
		utils.Fatalf("you have to provide either a grantee public-keys file or an encryption passwords file (or both)")
	}

	if pkGranteesFilename != "" {
		bytes, err := ioutil.ReadFile(pkGranteesFilename)
		if err != nil {
			utils.Fatalf("had an error reading the grantee public key list")
		}
		pkGrantees = strings.Split(strings.Trim(string(bytes), "\n"), "\n")
	}

	if passGranteesFilename != "" {
		bytes, err := ioutil.ReadFile(passGranteesFilename)
		if err != nil {
			utils.Fatalf("could not read password filename: %v", err)
		}
		passGrantees = strings.Split(strings.Trim(string(bytes), "\n"), "\n")
	}
	accessKey, ae, actManifest, err = api.DoACT(ctx, privateKey, salt, pkGrantees, passGrantees)
	if err != nil {
		utils.Fatalf("error generating ACT manifest: %v", err)
	}

	if err != nil {
		utils.Fatalf("error getting session key: %v", err)
	}
	m, err := api.GenerateAccessControlManifest(ctx, ref, accessKey, ae)
	if err != nil {
		utils.Fatalf("error generating root access manifest: %v", err)
	}

	if dryRun {
		err = printManifests(m, actManifest)
		if err != nil {
			utils.Fatalf("had an error printing the manifests: %v", err)
		}
	} else {
		err = uploadManifests(ctx, m, actManifest)
		if err != nil {
			utils.Fatalf("had an error uploading the manifests: %v", err)
		}
	}
}

func printManifests(rootAccessManifest, actManifest *api.Manifest) error {
	js, err := json.Marshal(rootAccessManifest)
	if err != nil {
		return err
	}
	fmt.Println(string(js))

	if actManifest != nil {
		js, err := json.Marshal(actManifest)
		if err != nil {
			return err
		}
		fmt.Println(string(js))
	}
	return nil
}

func uploadManifests(ctx *cli.Context, rootAccessManifest, actManifest *api.Manifest) error {
	bzzapi := strings.TrimRight(ctx.GlobalString(SwarmApiFlag.Name), "/")
	client := client.NewClient(bzzapi)

	var (
		key string
		err error
	)
	if actManifest != nil {
		key, err = client.UploadManifest(actManifest, false)
		if err != nil {
			return err
		}

		rootAccessManifest.Entries[0].Access.Act = key
	}
	key, err = client.UploadManifest(rootAccessManifest, false)
	if err != nil {
		return err
	}
	fmt.Println(key)
	return nil
}

// makePasswordList reads password lines from the file specified by the global --password flag
// and also by the same subcommand --password flag.
// This function ia a fork of utils.MakePasswordList to lookup cli context for subcommand.
// Function ctx.SetGlobal is not setting the global flag value that can be accessed
// by ctx.GlobalString using the current version of cli package.
func makePasswordList(ctx *cli.Context) []string {
	path := ctx.GlobalString(utils.PasswordFileFlag.Name)
	if path == "" {
		path = ctx.String(utils.PasswordFileFlag.Name)
		if path == "" {
			return nil
		}
	}
	text, err := ioutil.ReadFile(path)
	if err != nil {
		utils.Fatalf("Failed to read password file: %v", err)
	}
	lines := strings.Split(string(text), "\n")
	// Sanitise DOS line endings.
	for i := range lines {
		lines[i] = strings.TrimRight(lines[i], "\r")
	}
	return lines
}