// Copyright 2021 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package asymkey

import (
	"context"
	"strings"

	"code.gitea.io/gitea/models/db"
	"code.gitea.io/gitea/modules/log"

	"github.com/keybase/go-crypto/openpgp"
)

//   __________________  ________   ____  __.
//  /  _____/\______   \/  _____/  |    |/ _|____ ___.__.
// /   \  ___ |     ___/   \  ___  |      <_/ __ <   |  |
// \    \_\  \|    |   \    \_\  \ |    |  \  ___/\___  |
//  \______  /|____|    \______  / |____|__ \___  > ____|
//         \/                  \/          \/   \/\/
//    _____       .___  .___
//   /  _  \    __| _/__| _/
//	/  /_\  \  / __ |/ __ |
// /    |    \/ /_/ / /_/ |
// \____|__  /\____ \____ |
//         \/      \/    \/

// This file contains functions relating to adding GPG Keys

// addGPGKey add key, import and subkeys to database
func addGPGKey(ctx context.Context, key *GPGKey, content string) (err error) {
	// Add GPGKeyImport
	if err = db.Insert(ctx, &GPGKeyImport{
		KeyID:   key.KeyID,
		Content: content,
	}); err != nil {
		return err
	}
	// Save GPG primary key.
	if err = db.Insert(ctx, key); err != nil {
		return err
	}
	// Save GPG subs key.
	for _, subkey := range key.SubsKey {
		if err := addGPGSubKey(ctx, subkey); err != nil {
			return err
		}
	}
	return nil
}

// addGPGSubKey add subkeys to database
func addGPGSubKey(ctx context.Context, key *GPGKey) (err error) {
	// Save GPG primary key.
	if err = db.Insert(ctx, key); err != nil {
		return err
	}
	// Save GPG subs key.
	for _, subkey := range key.SubsKey {
		if err := addGPGSubKey(ctx, subkey); err != nil {
			return err
		}
	}
	return nil
}

// AddGPGKey adds new public key to database.
func AddGPGKey(ownerID int64, content, token, signature string) ([]*GPGKey, error) {
	ekeys, err := checkArmoredGPGKeyString(content)
	if err != nil {
		return nil, err
	}

	ctx, committer, err := db.TxContext(db.DefaultContext)
	if err != nil {
		return nil, err
	}
	defer committer.Close()

	keys := make([]*GPGKey, 0, len(ekeys))

	verified := false
	// Handle provided signature
	if signature != "" {
		signer, err := openpgp.CheckArmoredDetachedSignature(ekeys, strings.NewReader(token), strings.NewReader(signature))
		if err != nil {
			signer, err = openpgp.CheckArmoredDetachedSignature(ekeys, strings.NewReader(token+"\n"), strings.NewReader(signature))
		}
		if err != nil {
			signer, err = openpgp.CheckArmoredDetachedSignature(ekeys, strings.NewReader(token+"\r\n"), strings.NewReader(signature))
		}
		if err != nil {
			log.Error("Unable to validate token signature. Error: %v", err)
			return nil, ErrGPGInvalidTokenSignature{
				ID:      ekeys[0].PrimaryKey.KeyIdString(),
				Wrapped: err,
			}
		}
		ekeys = []*openpgp.Entity{signer}
		verified = true
	}

	if len(ekeys) > 1 {
		id2key := map[string]*openpgp.Entity{}
		newEKeys := make([]*openpgp.Entity, 0, len(ekeys))
		for _, ekey := range ekeys {
			id := ekey.PrimaryKey.KeyIdString()
			if original, has := id2key[id]; has {
				// Coalesce this with the other one
				for _, subkey := range ekey.Subkeys {
					if subkey.PublicKey == nil {
						continue
					}
					found := false

					for _, originalSubkey := range original.Subkeys {
						if originalSubkey.PublicKey == nil {
							continue
						}
						if originalSubkey.PublicKey.KeyId == subkey.PublicKey.KeyId {
							found = true
							break
						}
					}
					if !found {
						original.Subkeys = append(original.Subkeys, subkey)
					}
				}
				for name, identity := range ekey.Identities {
					if _, has := original.Identities[name]; has {
						continue
					}
					original.Identities[name] = identity
				}
				continue
			}
			id2key[id] = ekey
			newEKeys = append(newEKeys, ekey)
		}
		ekeys = newEKeys
	}

	for _, ekey := range ekeys {
		// Key ID cannot be duplicated.
		has, err := db.GetEngine(ctx).Where("key_id=?", ekey.PrimaryKey.KeyIdString()).
			Get(new(GPGKey))
		if err != nil {
			return nil, err
		} else if has {
			return nil, ErrGPGKeyIDAlreadyUsed{ekey.PrimaryKey.KeyIdString()}
		}

		// Get DB session

		key, err := parseGPGKey(ownerID, ekey, verified)
		if err != nil {
			return nil, err
		}

		if err = addGPGKey(ctx, key, content); err != nil {
			return nil, err
		}
		keys = append(keys, key)
	}
	return keys, committer.Commit()
}