/*
  This file is part of TALER
  (C) 2014 GNUnet e.V.
  TALER is free software; you can redistribute it and/or modify it under the
  terms of the GNU Affero General Public License as published by the Free Software
  Foundation; either version 3, or (at your option) any later version.
  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
  A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
  You should have received a copy of the GNU Affero General Public License along with
  TALER; see the file COPYING.  If not, If not, see 
*/
/**
 * @file taler-mint-httpd_refresh.c
 * @brief Handle /refresh/ requests
 * @author Florian Dold
 * @author Benedikt Mueller
 * @author Christian Grothoff
 *
 * TODO:
 * - split properly into parsing, DB-ops and response generation
 */
#include "platform.h"
#include 
#include 
#include 
#include 
#include 
#include "mint.h"
#include "mint_db.h"
#include "taler_signatures.h"
#include "taler_rsa.h"
#include "taler_json_lib.h"
#include "taler-mint-httpd_parsing.h"
#include "taler-mint-httpd_keys.h"
#include "taler-mint-httpd_mhd.h"
#include "taler-mint-httpd_refresh.h"
#include "taler-mint-httpd_responses.h"
/**
 * FIXME: document!
 */
static int
link_iter (void *cls,
           const struct LinkDataEnc *link_data_enc,
           const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub,
           const struct TALER_RSA_Signature *ev_sig)
{
  json_t *list = cls;
  json_t *obj = json_object ();
  json_array_append_new (list, obj);
  json_object_set_new (obj, "link_enc",
                         TALER_JSON_from_data (link_data_enc,
                                       sizeof (struct LinkDataEnc)));
  json_object_set_new (obj, "denom_pub",
                         TALER_JSON_from_data (denom_pub,
                                       sizeof (struct TALER_RSA_PublicKeyBinaryEncoded)));
  json_object_set_new (obj, "ev_sig",
                         TALER_JSON_from_data (ev_sig,
                                       sizeof (struct TALER_RSA_Signature)));
  return GNUNET_OK;
}
static int
check_confirm_signature (struct MHD_Connection *connection,
                         json_t *coin_info,
                         const struct GNUNET_CRYPTO_EcdsaPublicKey *coin_pub,
                         const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub)
{
  struct RefreshMeltConfirmSignRequestBody body;
  struct GNUNET_CRYPTO_EcdsaSignature sig;
  int res;
  body.purpose.size = htonl (sizeof (struct RefreshMeltConfirmSignRequestBody));
  body.purpose.purpose = htonl (TALER_SIGNATURE_REFRESH_MELT_CONFIRM);
  body.session_pub = *session_pub;
  res = GNUNET_MINT_parse_navigate_json (connection, coin_info,
                                  JNAV_FIELD, "confirm_sig",
                                  JNAV_RET_DATA,
                                  &sig,
                                  sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
  if (GNUNET_OK != res)
  {
    GNUNET_break (GNUNET_SYSERR != res);
    return res;
  }
  if (GNUNET_OK !=
      GNUNET_CRYPTO_ecdsa_verify (TALER_SIGNATURE_REFRESH_MELT_CONFIRM,
                                  &body.purpose,
                                  &sig,
                                  coin_pub))
  {
    if (MHD_YES !=
        TALER_MINT_reply_json_pack (connection,
                                    MHD_HTTP_UNAUTHORIZED,
                                    "{s:s}",
                                    "error", "signature invalid"))
      return GNUNET_SYSERR;
    return GNUNET_NO;
  }
  return GNUNET_OK;
}
/**
 * Extract public coin information from a JSON object.
 *
 * @param connection the connection to send error responses to
 * @param root the JSON object to extract the coin info from
 * @return #GNUNET_YES if coin public info in JSON was valid
 *         #GNUNET_NO otherwise
 *         #GNUNET_SYSERR on internal error
 */
static int
request_json_require_coin_public_info (struct MHD_Connection *connection,
                                       json_t *root,
                                       struct TALER_CoinPublicInfo *r_public_info)
{
  int ret;
  GNUNET_assert (NULL != root);
  ret = GNUNET_MINT_parse_navigate_json (connection, root,
                                  JNAV_FIELD, "coin_pub",
                                  JNAV_RET_DATA,
                                  &r_public_info->coin_pub,
                                  sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
  if (GNUNET_OK != ret)
    return ret;
  ret = GNUNET_MINT_parse_navigate_json (connection, root,
                                  JNAV_FIELD, "denom_sig",
                                  JNAV_RET_DATA,
                                  &r_public_info->denom_sig,
                                  sizeof (struct TALER_RSA_Signature));
  if (GNUNET_OK != ret)
    return ret;
  ret = GNUNET_MINT_parse_navigate_json (connection, root,
                                  JNAV_FIELD, "denom_pub",
                                  JNAV_RET_DATA,
                                  &r_public_info->denom_pub,
                                  sizeof (struct TALER_RSA_PublicKeyBinaryEncoded));
  if (GNUNET_OK != ret)
    return ret;
  return GNUNET_OK;
}
/**
 * Verify a signature that is encoded in a JSON object
 *
 * @param connection the connection to send errors to
 * @param root the JSON object with the signature
 * @param the public key that the signature was created with
 * @param purpose the signed message
 * @return #GNUNET_YES if the signature was valid
 *         #GNUNET_NO if the signature was invalid
 *         #GNUNET_SYSERR on internal error
 */
static int
request_json_check_signature (struct MHD_Connection *connection,
                              json_t *root,
                              struct GNUNET_CRYPTO_EddsaPublicKey *pub,
                              struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
{
  struct GNUNET_CRYPTO_EddsaSignature signature;
  int size;
  uint32_t purpose_num;
  int res;
  json_t *el;
  res = GNUNET_MINT_parse_navigate_json (connection, root,
                                  JNAV_FIELD, "sig",
                                  JNAV_RET_DATA,
                                  &signature,
                                  sizeof (struct GNUNET_CRYPTO_EddsaSignature));
  if (GNUNET_OK != res)
    return res;
  res = GNUNET_MINT_parse_navigate_json (connection, root,
                                  JNAV_FIELD, "purpose",
                                  JNAV_RET_TYPED_JSON,
                                  JSON_INTEGER,
                                  &el);
  if (GNUNET_OK != res)
    return res;
  purpose_num = json_integer_value (el);
  if (purpose_num != ntohl (purpose->purpose))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "signature invalid (purpose wrong)\n");
    return TALER_MINT_reply_json_pack (connection,
                                       MHD_HTTP_BAD_REQUEST,
                                       "{s:s}",
                                       "error", "signature invalid (purpose)");
  }
  res = GNUNET_MINT_parse_navigate_json (connection, root,
                                  JNAV_FIELD, "size",
                                  JNAV_RET_TYPED_JSON,
                                  JSON_INTEGER,
                                  &el);
  if (GNUNET_OK != res)
    return res;
  size = json_integer_value (el);
  if (size != ntohl (purpose->size))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "signature invalid (size wrong)\n");
    return TALER_MINT_reply_json_pack (connection,
                                       MHD_HTTP_BAD_REQUEST,
                                       GNUNET_NO, GNUNET_SYSERR,
                                       "{s:s}",
                                       "error", "signature invalid (size)");
  }
  if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (purpose_num,
                                               purpose,
                                               &signature,
                                               pub))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "signature invalid (did not verify)\n");
    return TALER_MINT_reply_json_pack (connection,
                                       MHD_HTTP_UNAUTHORIZED,
                                       "{s:s}",
                                       "error",
                                       "invalid signature (verification)");
  }
  return GNUNET_OK;
}
/**
 * Handle a "/refresh/melt" request
 *
 * @param rh context of the handler
 * @param connection the MHD connection to handle
 * @param[IN|OUT] connection_cls the connection's closure (can be updated)
 * @param upload_data upload data
 * @param[IN|OUT] upload_data_size number of bytes (left) in @a upload_data
 * @return MHD result code
 */
int
TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,
                                 struct MHD_Connection *connection,
                                 void **connection_cls,
                                 const char *upload_data,
                                 size_t *upload_data_size)
{
  json_t *root;
  struct GNUNET_CRYPTO_EddsaPublicKey refresh_session_pub;
  int res;
  json_t *new_denoms;
  unsigned int num_new_denoms;
  unsigned int i;
  struct TALER_RSA_PublicKeyBinaryEncoded *denom_pubs;
  json_t *melt_coins;
  struct TALER_CoinPublicInfo *coin_public_infos;
  unsigned int coin_count;
  struct GNUNET_HashContext *hash_context;
  struct GNUNET_HashCode melt_hash;
  struct MintKeyState *key_state;
  struct RefreshMeltSignatureBody body;
  json_t *melt_sig_json;
  res = TALER_MINT_parse_post_json (connection,
                                    connection_cls,
                                    upload_data,
                                    upload_data_size,
                                    &root);
  if (GNUNET_SYSERR == res)
    return MHD_NO;
  if ( (GNUNET_NO == res) || (NULL == root) )
    return MHD_YES;
  /* session_pub field must always be present */
  res = GNUNET_MINT_parse_navigate_json (connection, root,
                                  JNAV_FIELD, "session_pub",
                                  JNAV_RET_DATA,
                                  &refresh_session_pub,
                                  sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
  if (GNUNET_OK != res)
  {
    // FIXME: return 'internal error'?
    GNUNET_break (0);
    return MHD_NO;
  }
  if (GNUNET_NO == res)
    return MHD_YES;
  res = GNUNET_MINT_parse_navigate_json (connection, root,
                                         JNAV_FIELD, "new_denoms",
                                         JNAV_RET_TYPED_JSON,
                                         JSON_ARRAY,
                                         &new_denoms);
  if (GNUNET_OK != res)
    return res;
  num_new_denoms = json_array_size (new_denoms);
  denom_pubs = GNUNET_malloc (num_new_denoms *
                              sizeof (struct TALER_RSA_PublicKeyBinaryEncoded));
  for (i=0;i= TALER_refresh_decrypt (commit_link.shared_secret_enc, TALER_REFRESH_SHARED_SECRET_LENGTH,
                                      &transfer_secret, &shared_secret))
      {
        GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decryption failed\n");
        // FIXME: return 'internal error'?
        return MHD_NO;
      }
      if (GNUNET_NO == secret_initialized)
      {
        secret_initialized = GNUNET_YES;
        last_shared_secret = shared_secret;
      }
      else if (0 != memcmp (&shared_secret, &last_shared_secret, sizeof (struct GNUNET_HashCode)))
      {
        GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "shared secrets do not match\n");
        // FIXME: return error code!
        return MHD_NO;
      }
      {
        struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub_check;
        GNUNET_CRYPTO_ecdsa_key_get_public (&transfer_priv, &transfer_pub_check);
        if (0 != memcmp (&transfer_pub_check, &commit_link.transfer_pub, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
        {
          GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "transfer keys do not match\n");
        // FIXME: return error code!
          return MHD_NO;
        }
      }
    }
    /* Check that the commitments for all new coins were correct */
    for (j = 0; j < refresh_session.num_newcoins; j++)
    {
      struct RefreshCommitCoin commit_coin;
      struct LinkData link_data;
      struct TALER_RSA_BlindedSignaturePurpose *coin_ev_check;
      struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub;
      struct TALER_RSA_BlindingKey *bkey;
      struct TALER_RSA_PublicKeyBinaryEncoded denom_pub;
      bkey = NULL;
      res = TALER_MINT_DB_get_refresh_commit_coin (db_conn,
                                                   &refresh_session_pub,
                                                   i, j,
                                                   &commit_coin);
      if (GNUNET_OK != res)
      {
        GNUNET_break (0);
                // FIXME: return error code!
        return MHD_NO;
      }
      if (0 >= TALER_refresh_decrypt (commit_coin.link_enc, sizeof (struct LinkData),
                                      &last_shared_secret, &link_data))
      {
        GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "decryption failed\n");
                // FIXME: return error code!
        return MHD_NO;
      }
      GNUNET_CRYPTO_ecdsa_key_get_public (&link_data.coin_priv, &coin_pub);
      if (NULL == (bkey = TALER_RSA_blinding_key_decode (&link_data.bkey_enc)))
      {
        GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Invalid blinding key\n");
                        // FIXME: return error code!
        return MHD_NO;
      }
      res = TALER_MINT_DB_get_refresh_order (db_conn, j, &refresh_session_pub, &denom_pub);
      if (GNUNET_OK != res)
      {
        GNUNET_break (0);
          // FIXME: return error code!
        return MHD_NO;
      }
      if (NULL == (coin_ev_check =
                   TALER_RSA_message_blind (&coin_pub,
                                            sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
                                            bkey,
                                            &denom_pub)))
      {
        GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "blind failed\n");
          // FIXME: return error code!
        return MHD_NO;
      }
      if (0 != memcmp (&coin_ev_check,
                       &commit_coin.coin_ev,
                       sizeof (struct TALER_RSA_BlindedSignaturePurpose)))
      {
        GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "blind envelope does not match for kappa=%d, old=%d\n",
                    (int) i, (int) j);
        // FIXME: return error code!
        return MHD_NO;
      }
    }
  }
  if (GNUNET_OK != TALER_MINT_DB_transaction (db_conn))
  {
    GNUNET_break (0);
            // FIXME: return error code!
    return MHD_NO;
  }
  for (j = 0; j < refresh_session.num_newcoins; j++)
  {
    struct RefreshCommitCoin commit_coin;
    struct TALER_RSA_PublicKeyBinaryEncoded denom_pub;
    struct TALER_MINT_DenomKeyIssuePriv *dki;
    struct TALER_RSA_Signature ev_sig;
    res = TALER_MINT_DB_get_refresh_commit_coin (db_conn,
                                                 &refresh_session_pub,
                                                 refresh_session.noreveal_index % refresh_session.kappa,
                                                 j,
                                                 &commit_coin);
    if (GNUNET_OK != res)
    {
      GNUNET_break (0);
              // FIXME: return error code!
      return MHD_NO;
    }
    res = TALER_MINT_DB_get_refresh_order (db_conn, j, &refresh_session_pub, &denom_pub);
    if (GNUNET_OK != res)
    {
      GNUNET_break (0);
                    // FIXME: return error code!
      return MHD_NO;
    }
    key_state = TALER_MINT_key_state_acquire ();
    dki = TALER_MINT_get_denom_key (key_state, &denom_pub);
    TALER_MINT_key_state_release (key_state);
    if (NULL == dki)
    {
      GNUNET_break (0);
                    // FIXME: return error code!
      return MHD_NO;
    }
    if (GNUNET_OK !=
        TALER_RSA_sign (dki->denom_priv,
                        &commit_coin.coin_ev,
                        sizeof (struct TALER_RSA_BlindedSignaturePurpose),
                        &ev_sig))
    {
      GNUNET_break (0);
                    // FIXME: return error code!
      return MHD_NO;
    }
    res = TALER_MINT_DB_insert_refresh_collectable (db_conn,
                                                    j,
                                                    &refresh_session_pub,
                                                    &ev_sig);
    if (GNUNET_OK != res)
    {
      GNUNET_break (0);
                          // FIXME: return error code!
      return MHD_NO;
    }
  }
  /* mark that reveal was successful */
  res = TALER_MINT_DB_set_reveal_ok (db_conn, &refresh_session_pub);
  if (GNUNET_OK != res)
  {
    GNUNET_break (0);
    // FIXME: return error code!
    return MHD_NO;
  }
  if (GNUNET_OK != TALER_MINT_DB_commit (db_conn))
  {
    GNUNET_break (0);
    return MHD_NO;
  }
  return helper_refresh_reveal_send_response (connection, db_conn, &refresh_session_pub);
}
/**
 * Handle a "/refresh/link" request
 *
 * @param rh context of the handler
 * @param connection the MHD connection to handle
 * @param[IN|OUT] connection_cls the connection's closure (can be updated)
 * @param upload_data upload data
 * @param[IN|OUT] upload_data_size number of bytes (left) in @a upload_data
 * @return MHD result code
  */
int
TALER_MINT_handler_refresh_link (struct RequestHandler *rh,
                                 struct MHD_Connection *connection,
                                 void **connection_cls,
                                 const char *upload_data,
                                 size_t *upload_data_size)
{
  struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub;
  int res;
  json_t *root;
  json_t *list;
  PGconn *db_conn;
  struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub;
  struct SharedSecretEnc shared_secret_enc;
  res = TALER_MINT_mhd_request_arg_data (connection,
                                         "coin_pub",
                                         &coin_pub,
                                         sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
  if (GNUNET_SYSERR == res)
  {
    // FIXME: return 'internal error'
    GNUNET_break (0);
    return MHD_NO;
  }
  if (GNUNET_OK != res)
    return MHD_YES;
  if (NULL == (db_conn = TALER_MINT_DB_get_connection ()))
  {
    GNUNET_break (0);
    // FIXME: return error code!
    return MHD_NO;
  }
  list = json_array ();
  root = json_object ();
  json_object_set_new (root, "new_coins", list);
  res = TALER_db_get_transfer (db_conn,
                               &coin_pub,
                               &transfer_pub,
                               &shared_secret_enc);
  if (GNUNET_SYSERR == res)
  {
    GNUNET_break (0);
        // FIXME: return error code!
    return MHD_NO;
  }
  if (GNUNET_NO == res)
  {
    return TALER_MINT_reply_json_pack (connection,
                                       MHD_HTTP_NOT_FOUND,
                                       "{s:s}",
                                       "error",
                                       "link data not found (transfer)");
  }
  GNUNET_assert (GNUNET_OK == res);
  res = TALER_db_get_link (db_conn, &coin_pub, link_iter, list);
  if (GNUNET_SYSERR == res)
  {
    GNUNET_break (0);
        // FIXME: return error code!
    return MHD_NO;
  }
  if (GNUNET_NO == res)
  {
    return TALER_MINT_reply_json_pack (connection,
                                       MHD_HTTP_NOT_FOUND,
                                       "{s:s}",
                                       "error",
                                       "link data not found (link)");
  }
  GNUNET_assert (GNUNET_OK == res);
  json_object_set_new (root, "transfer_pub",
                       TALER_JSON_from_data (&transfer_pub,
                                             sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)));
  json_object_set_new (root, "secret_enc",
                       TALER_JSON_from_data (&shared_secret_enc,
                                             sizeof (struct SharedSecretEnc)));
  return TALER_MINT_reply_json (connection,
                                root,
                                MHD_HTTP_OK);
}
/* end of taler-mint-httpd_refresh.c */