package main

import (
	"encoding/hex"
	"flag"
	"fmt"
	"io"
	"os"
	"runtime"

	"github.com/rfjakob/gocryptfs/v2/internal/configfile"
	"github.com/rfjakob/gocryptfs/v2/internal/contentenc"
	"github.com/rfjakob/gocryptfs/v2/internal/cryptocore"
	"github.com/rfjakob/gocryptfs/v2/internal/exitcodes"
	"github.com/rfjakob/gocryptfs/v2/internal/fido2"
	"github.com/rfjakob/gocryptfs/v2/internal/readpassword"
	"github.com/rfjakob/gocryptfs/v2/internal/tlog"
)

// GitVersion is the gocryptfs version according to git, set by build.bash
var GitVersion = "[GitVersion not set - please compile using ./build.bash]"

// BuildDate is a date string like "2017-09-06", set by build.bash
var BuildDate = "0000-00-00"

const (
	myName = "gocryptfs-xray"
)

// blockSize is the ciphertext block size including overheads
func blockSize(alg cryptocore.AEADTypeEnum) int {
	return alg.NonceSize + contentenc.DefaultBS + cryptocore.AuthTagLen
}

func errExit(err error) {
	fmt.Println(err)
	os.Exit(1)
}

func prettyPrintHeader(h *contentenc.FileHeader, algo cryptocore.AEADTypeEnum) {
	id := hex.EncodeToString(h.ID)
	fmt.Printf("Header: Version: %d, Id: %s, assuming %s mode\n", h.Version, id, algo.Algo)
}

// printVersion prints a version string like this:
// gocryptfs v1.7-32-gcf99cfd; go-fuse v1.0.0-174-g22a9cb9; 2019-05-12 go1.12 linux/amd64
func printVersion() {
	built := fmt.Sprintf("%s %s", BuildDate, runtime.Version())
	fmt.Printf("%s %s; %s %s/%s\n",
		myName, GitVersion, built,
		runtime.GOOS, runtime.GOARCH)
}

func usage() {
	printVersion()
	fmt.Printf("\n")
	fmt.Fprintf(os.Stderr, "Usage: %s [OPTIONS] FILE\n"+
		"\n"+
		"Options:\n", myName)
	flag.PrintDefaults()
	fmt.Fprintf(os.Stderr, "\n"+
		"Examples:\n"+
		"  gocryptfs-xray myfs/mCXnISiv7nEmyc0glGuhTQ\n"+
		"  gocryptfs-xray -dumpmasterkey myfs/gocryptfs.conf\n"+
		"  gocryptfs-xray -encrypt-paths myfs.sock\n")
}

// sum counts the number of true values
func sum(x ...*bool) (s int) {
	for _, v := range x {
		if *v {
			s++
		}
	}
	return s
}

type argContainer struct {
	dumpmasterkey *bool
	decryptPaths  *bool
	encryptPaths  *bool
	aessiv        *bool
	xchacha       *bool
	sep0          *bool
	fido2         *string
	version       *bool
}

func main() {
	var args argContainer
	args.dumpmasterkey = flag.Bool("dumpmasterkey", false, "Decrypt and dump the master key")
	args.decryptPaths = flag.Bool("decrypt-paths", false, "Decrypt file paths using gocryptfs control socket")
	args.encryptPaths = flag.Bool("encrypt-paths", false, "Encrypt file paths using gocryptfs control socket")
	args.sep0 = flag.Bool("0", false, "Use \\0 instead of \\n as separator")
	args.aessiv = flag.Bool("aessiv", false, "Assume AES-SIV mode instead of AES-GCM")
	args.xchacha = flag.Bool("xchacha", false, "Assume XChaCha20-Poly1305 mode instead of AES-GCM")
	args.fido2 = flag.String("fido2", "", "Protect the masterkey using a FIDO2 token instead of a password")
	args.version = flag.Bool("version", false, "Print version information")

	flag.Usage = usage
	flag.Parse()

	if *args.version {
		printVersion()
		os.Exit(0)
	}

	s := sum(args.dumpmasterkey, args.decryptPaths, args.encryptPaths)
	if s > 1 {
		fmt.Printf("fatal: %d operations were requested\n", s)
		os.Exit(1)
	}
	if flag.NArg() != 1 {
		usage()
		os.Exit(1)
	}
	fn := flag.Arg(0)
	if *args.decryptPaths {
		decryptPaths(fn, *args.sep0)
	}
	if *args.encryptPaths {
		encryptPaths(fn, *args.sep0)
	}
	f, err := os.Open(fn)
	if err != nil {
		errExit(err)
	}
	defer f.Close()
	if *args.dumpmasterkey {
		dumpMasterKey(fn, *args.fido2)
	} else {
		inspectCiphertext(&args, f)
	}
}

func dumpMasterKey(fn string, fido2Path string) {
	tlog.Info.Enabled = false
	cf, err := configfile.Load(fn)
	if err != nil {
		fmt.Fprintln(os.Stderr, err)
		exitcodes.Exit(err)
	}
	var pw []byte
	if cf.IsFeatureFlagSet(configfile.FlagFIDO2) {
		if fido2Path == "" {
			tlog.Fatal.Printf("Masterkey encrypted using FIDO2 token; need to use the --fido2 option.")
			os.Exit(exitcodes.Usage)
		}
		pw = fido2.Secret(fido2Path, cf.FIDO2.CredentialID, cf.FIDO2.HMACSalt)
	} else {
		pw = readpassword.Once(nil, nil, "")
	}
	masterkey, err := cf.DecryptMasterKey(pw)
	// Purge password from memory
	for i := range pw {
		pw[i] = 0
	}
	if err != nil {
		tlog.Fatal.Println(err)
		os.Exit(exitcodes.LoadConf)
	}
	fmt.Println(hex.EncodeToString(masterkey))
	// Purge masterkey from memory
	for i := range masterkey {
		masterkey[i] = 0
	}
}

func inspectCiphertext(args *argContainer, fd *os.File) {
	algo := cryptocore.BackendGoGCM
	if *args.aessiv {
		algo = cryptocore.BackendAESSIV
	} else if *args.xchacha {
		algo = cryptocore.BackendXChaCha20Poly1305
	}
	headerBytes := make([]byte, contentenc.HeaderLen)
	n, err := fd.ReadAt(headerBytes, 0)
	if err == io.EOF && n == 0 {
		fmt.Println("empty file")
		os.Exit(0)
	} else if err == io.EOF {
		fmt.Printf("incomplete file header: read %d bytes, want %d\n", n, contentenc.HeaderLen)
		os.Exit(1)
	} else if err != nil {
		errExit(err)
	}
	header, err := contentenc.ParseHeader(headerBytes)
	if err != nil {
		errExit(err)
	}
	prettyPrintHeader(header, algo)
	var i int64
	buf := make([]byte, blockSize(algo))
	for i = 0; ; i++ {
		off := contentenc.HeaderLen + i*int64(blockSize(algo))
		n, err := fd.ReadAt(buf, off)
		if err != nil && err != io.EOF {
			errExit(err)
		}
		if n == 0 && err == io.EOF {
			break
		}
		// A block contains at least the IV, the Auth Tag and 1 data byte
		if n < algo.NonceSize+cryptocore.AuthTagLen+1 {
			errExit(fmt.Errorf("corrupt block: truncated data, len=%d", n))
		}
		data := buf[:n]
		// Parse block data
		iv := data[:algo.NonceSize]
		tag := data[len(data)-cryptocore.AuthTagLen:]
		if *args.aessiv {
			tag = data[algo.NonceSize : algo.NonceSize+cryptocore.AuthTagLen]
		}
		fmt.Printf("Block %2d: IV: %s, Tag: %s, Offset: %5d Len: %d\n",
			i, hex.EncodeToString(iv), hex.EncodeToString(tag), off, len(data))
	}
}