%%% Copyright (c) 2014-2015, NORDUnet A/S.
%%% See LICENSE for licensing information.

%%% @doc Certificate Transparency (RFC 6962)

-module(v1).
%% API (URL)
-export([request/3]).

check_valid_sth() ->
    case plop:sth() of
        noentry ->
            lager:error("No valid STH found"),
            exit({internalerror, "No valid STH found"});
        {struct, PropList} ->
            Now = plop:generate_timestamp(),
            Timestamp = proplists:get_value(<<"timestamp">>, PropList),
            MMD = application:get_env(catlfish, mmd, 86400) * 1000,
            if
                Now - Timestamp > MMD ->
                    lager:error("Old STH found, " ++
                                    "now: ~p, STH timestamp: ~p, diff: ~p",
                                [Now, Timestamp, Now - Timestamp]),
                    exit({internalerror, "No valid STH found"});
                true ->
                    ok
            end
    end.

%% Public functions, i.e. part of URL.
request(post, "ct/v1/add-blob", Input) ->
    check_valid_sth(),
    add_blob(Input);

request(get, "ct/v1/get-sth", _Query) ->
    check_valid_sth(),
    case plop:sth() of
        noentry ->
            lager:error("No valid STH found"),
            internalerror("No valid STH found");
        R ->
            success(R)
    end;

request(get, "ct/v1/get-sth-consistency", Query) ->
    check_valid_sth(),
    case lists:sort(Query) of
        [{"first", FirstInput}, {"second", SecondInput}] ->
            {First, _} = string:to_integer(FirstInput),
            {Second, _} = string:to_integer(SecondInput),
            case lists:member(error, [First, Second]) of
                true ->
                    err400("get-sth-consistency: bad input:",
                           [FirstInput, SecondInput]);
                false ->
                    success(
                      {[{consistency,
                         [base64:encode(X) ||
                             X <- plop:consistency(First, Second)]}]})
            end;
        _ -> err400("get-sth-consistency: bad input:", Query)
    end;

request(get, "ct/v1/get-proof-by-hash", Query) ->
    check_valid_sth(),
    case lists:sort(Query) of
        [{"hash", HashInput}, {"tree_size", TreeSizeInput}] ->
            Hash = case (catch base64:decode(HashInput)) of
                       {'EXIT', _} -> error;
                       H -> H
                   end,
            {TreeSize, _} = string:to_integer(TreeSizeInput),
            case lists:member(error, [Hash, TreeSize]) of
                true ->
                    err400("get-proof-by-hash: bad input:",
                           [HashInput, TreeSizeInput]);
                false ->
                      case plop:inclusion(Hash, TreeSize) of
                          {ok, Index, Path} ->
                              success({[{leaf_index, Index},
                                        {audit_path,
                                         [base64:encode(X) || X <- Path]}]});
                          {notfound, Msg} ->
                              err400("get-proof-by-hash: hash not found", Msg)
                      end
            end;
        _ -> err400("get-proof-by-hash: bad input:", Query)
    end;

request(get, "ct/v1/get-entries", Query) ->
    check_valid_sth(),
    case lists:sort(Query) of
        [{"end", EndInput}, {"start", StartInput}] ->
            {Start, _} = string:to_integer(StartInput),
            {End, _} = string:to_integer(EndInput),
            case lists:member(error, [Start, End]) of
                true -> err400("get-entries: bad input:", [Start, End]);
                false -> success(
                           catlfish:entries(Start, min(End, Start + 999)))
            end;
        _ -> err400("get-entries: bad input:", Query)
    end;

request(get, "ct/v1/get-entry-and-proof", Query) ->
    check_valid_sth(),
    case lists:sort(Query) of
        [{"leaf_index", IndexInput}, {"tree_size", TreeSizeInput}] ->
            {Index, _} = string:to_integer(IndexInput),
            {TreeSize, _} = string:to_integer(TreeSizeInput),
            case lists:member(error, [Index, TreeSize]) of
                true ->
                    err400("get-entry-and-proof: not integers: ",
                           [IndexInput, TreeSizeInput]);
                false -> success(catlfish:entry_and_proof(Index, TreeSize))
            end;
        _ -> err400("get-entry-and-proof: bad input:", Query)
    end;

request(get, "ct/v1/get-roots", _Query) ->
    check_valid_sth(),
    R = [{certificates,
          [base64:encode(Der) ||
              Der <- catlfish:update_known_roots()]}],
    success({R});

request(_Method, _Path, _) ->
    none.

%% Private functions.
err400(Text, Input) ->
    {400, [{"Content-Type", "text/html"}],
     io_lib:format(
       "<html><body><p>~n" ++
           "~s~n" ++
           "~p~n" ++
           "</body></html>~n", [Text, Input])}.

success(Data) ->
    {200, [{"Content-Type", "text/json"}], mochijson2:encode(Data)}.

internalerror(Text) ->
    {500, [{"Content-Type", "text/html"}],
     io_lib:format(
       "<html><body><p>~n" ++
           "~s~n" ++
           "</body></html>~n", [Text])}.

-spec add_blob(any()) -> any().
add_blob(Input) ->
    case (catch mochijson2:decode(Input)) of
        {error, E} ->
            err400("add-blob: bad input:", E);
        {struct, [{<<"blob">>, Blob}]} ->
            success(catlfish:add_chain(Blob, normal));
        _ -> err400("add-blob: missing input: blob", Input)
    end.