//! Implement parsing for the outer document of an onion service descriptor.

use itertools::Itertools as _;

use std::sync::LazyLock;

use tor_cert::Ed25519Cert;

use tor_checkable::Timebound;

use tor_checkable::signed::SignatureGated;

use tor_checkable::timed::TimerangeBound;

use tor_error::internal;

use tor_hscrypto::pk::HsBlindId;

use tor_hscrypto::{RevisionCounter, Subcredential};

use tor_llcrypto::pk::ed25519::{self, Ed25519Identity, ValidatableEd25519Signature};

use tor_units::IntegerMinutes;

use crate::parse::tokenize::Item;

use crate::parse::{keyword::Keyword, parser::SectionRules, tokenize::NetDocReader};

use crate::types::misc::{B64, UnvalidatedEdCert};

use crate::{NetdocErrorKind as EK, Pos, Result};

use super::desc_enc;

/// The current version-number.

pub(super) const HS_DESC_VERSION_CURRENT: &str = "3";

/// The text the outer document signature is prefixed with.

pub(super) const HS_DESC_SIGNATURE_PREFIX: &[u8] = b"Tor onion service descriptor sig v3";

/// A more-or-less verbatim representation of the outermost plaintext document

/// of an onion service descriptor.

#[derive(Clone, Debug)]

pub struct HsDescOuter {

    /// The lifetime of this descriptor, in minutes.

    ///

    /// This doesn't actually list the starting time or the end time for the

    /// descriptor: presumably, because we didn't want to leak the onion

    /// service's view of the wallclock.

    pub(super) lifetime: IntegerMinutes<u16>,

    /// A certificate containing the descriptor-signing-key for this onion

    /// service (`KP_hs_desc_sign`) signed by the blinded ed25519 identity

    /// (`HS_blind_id`) for this onion service.

    pub(super) desc_signing_key_cert: Ed25519Cert,

    /// A revision counter to tell whether this descriptor is more or less recent

    /// than another one for the same blinded ID.

    pub(super) revision_counter: RevisionCounter,

    /// The encrypted contents of this onion service descriptor.

    ///

    /// Clients will decrypt this; onion service directories cannot.

    //

    // TODO: it might be a good idea to just discard this immediately (after checking it)

    // for the directory case.

    pub(super) superencrypted: Vec<u8>,

}

impl HsDescOuter {

    /// Return the blinded Id for this onion service descriptor.

    /// Return the Id of the descriptor-signing key (`KP_desc_sign`) from this onion service descriptor.

    /// Return the revision counter for this descriptor.

    /// Decrypt and return the encrypted (middle document) body of this onion

    /// service descriptor.

        // Work around a bug in the C tor implementation: it doesn't

        // NL-terminate the final line of the middle document.

}

/// An `HsDescOuter` whose signatures have not yet been verified, and whose

/// timeliness has not been checked.

pub(super) type UncheckedHsDescOuter = SignatureGated<TimerangeBound<HsDescOuter>>;

decl_keyword! {

    pub(crate) HsOuterKwd {

        "hs-descriptor" => HS_DESCRIPTOR,

        "descriptor-lifetime" => DESCRIPTOR_LIFETIME,

        "descriptor-signing-key-cert" => DESCRIPTOR_SIGNING_KEY_CERT,

        "revision-counter" => REVISION_COUNTER,

        "superencrypted" => SUPERENCRYPTED,

        "signature" => SIGNATURE

    }

}

/// Check whether there are any extraneous spaces used for the encoding of `sig` within `within_string`.

/// Return an error if there are.

///

/// This check helps to prevent some length extension attacks.

    }

/// Rules about how keywords appear in the outer document of an onion service

/// descriptor.

    use HsOuterKwd::*;

impl HsDescOuter {

    /// Try to parse an outer document of an onion service descriptor from a string.

        // TOSO HS needs to be unchecked.

    /// Extract an HsDescOuter from a reader.

    ///

    /// The reader must contain a single HsDescOuter; we return an error if not.

        use crate::err::NetdocErrorKind as EK;

        use HsOuterKwd::*;

        // Enforce that the object starts and ends with the right keywords, and

        // find the start and end of the signed material.

            // TODO: This way of handling prefixes does a needless

            // allocation. Someday we could make our signature-checking

            // logic even smarter.

            );

        };

        // Check that the hs-descriptor version is 3.

        {

        }

        // Parse `descryptor-lifetime`.

        };

        // Parse `descriptor-signing-key-cert`.  This certificate is signed with

        // the blinded Id (`KP_blinded_id`), and used to authenticate the

        // descriptor signing key (`KP_hs_desc_sign`).

        };

        // Parse remaining fields, which are nice and simple.

        // Split apart the unchecked `descriptor-signing-key-cert`:

        // its constraints will become our own.

            // we already checked that there is a public key, so an error should be impossible.

        // NOTE: the C tor implementation checks this expiration time, so we must too.

        // Build our return value.

        // You can't have that until you check that it's timely.

        // And you can't have _that_ until you check the signatures.

        ];

}

#[cfg(test)]

mod test {

    // @@ begin test lint list maintained by maint/add_warning @@

    #![allow(clippy::bool_assert_comparison)]

    #![allow(clippy::clone_on_copy)]

    #![allow(clippy::dbg_macro)]

    #![allow(clippy::mixed_attributes_style)]

    #![allow(clippy::print_stderr)]

    #![allow(clippy::print_stdout)]

    #![allow(clippy::single_char_pattern)]

    #![allow(clippy::unwrap_used)]

    #![allow(clippy::unchecked_time_subtraction)]

    #![allow(clippy::useless_vec)]

    #![allow(clippy::needless_pass_by_value)]

    #![allow(clippy::string_slice)] // See arti#2571

    //! <!-- @@ end test lint list maintained by maint/add_warning @@ -->

    use super::*;

    use crate::doc::hsdesc::test_data::{TEST_DATA, TEST_SUBCREDENTIAL};

    use tor_checkable::SelfSigned;

    #[test]

    fn parse_good() -> Result<()> {

        let desc = HsDescOuter::parse(TEST_DATA)?;

        let desc = desc

            .check_signature()?

            .check_valid_at(&humantime::parse_rfc3339("2023-01-23T15:00:00Z").unwrap())

            .unwrap();

        assert_eq!(desc.lifetime.as_minutes(), 180);

        assert_eq!(desc.revision_counter(), 19655750.into());

        assert_eq!(

            desc.desc_sign_key_id().to_string(),

            "CtiubqLBP1MCviR9SxAW9brjMKSguQFE/vHku3kE4Xo"

        );

        let subcred: tor_hscrypto::Subcredential = TEST_SUBCREDENTIAL.into();

        let inner = desc.decrypt_body(&subcred).unwrap();

        assert!(

            std::str::from_utf8(&inner)

                .unwrap()

                .starts_with("desc-auth-type")

        );

        Ok(())

    }

    #[test]

    fn invalidate_signature_items() {

        for s in &[

            "signature  CtiubqLBP1MCviR9SxAW9brjMKSguQFE/vHku3kE4Xo\n",

            "signature CtiubqLBP1MCviR9SxAW9brjMKSguQFE/vHku3kE4Xo  \n",

        ] {

            let mut reader = NetDocReader::<HsOuterKwd>::new(s).unwrap();

            let item = reader.next().unwrap().unwrap();

            let res = validate_signature_item(&item, s);

            let err = res.unwrap_err();

            assert!(err.netdoc_error_kind() == EK::ExtraneousSpace);

        }

    }

}