<?php
// This file is part of the Studyplan plugin for Moodle
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <https://www.gnu.org/licenses/>.
/**
 * Determine premium status
 * @package    local_treestudyplan
 * @copyright  2023 P.M. Kuipers
 * @license    https://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */

namespace local_treestudyplan;
defined('MOODLE_INTERNAL') || die();

require_once($CFG->libdir.'/externallib.php');

/**
 * Handle badge information in the same style as the other classes
 */
class premium extends \external_api {

    /**
     * Toggle the variable below to enable support for premium stuff.
     * If set to false, all premium features will be enabled and no premium settings panel will be visible.
     * @var bool
     */
    private static $premiumsupported = false;

    /**
     * Certficate code
     * @var string
     */
    private static $premiumcrt = "-----BEGIN CERTIFICATE-----
MIIDSzCCAjMCFFlyhmKf1fN7U5lQL/dtlsyP24AQMA0GCSqGSIb3DQEBCwUAMGEx
CzAJBgNVBAYTAk5MMRYwFAYDVQQIDA1Ob29yZC1Ib2xsYW5kMRowGAYDVQQKDBFN
aXFyYSBFbmdpbmVlcmluZzEeMBwGA1UEAwwVVHJlZVN0dWR5cGxhbiBQcmVtaXVt
MCAXDTI0MDIxMDE2MDQwM1oYDzIxMjQwMTE3MTYwNDAzWjBhMQswCQYDVQQGEwJO
TDEWMBQGA1UECAwNTm9vcmQtSG9sbGFuZDEaMBgGA1UECgwRTWlxcmEgRW5naW5l
ZXJpbmcxHjAcBgNVBAMMFVRyZWVTdHVkeXBsYW4gUHJlbWl1bTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAOD7+Nf5UBYGmIadI+kRM7vSPGA12F6cyZuZ
O/JsdCWzZx3cCgVYt29DxHRvFVGrhGGLsoaMY9iXc9LdeO02jKqL3RoPo2kc5moT
SNarsKZcGZXgqo5NATmdMLqQpKAy41H0ybgXZDLq5XKs9YIRlkwSpzQTNeP49mOl
48giVX3icbpMw1TdQotalKXAtcs62o+guQJNANpjBRxPXssrmDoNXrJcAtUjNOjx
8M+8tCmwkKwBoK8F3wWxIo04kZ9KILtybMmn4VJJ6SwLEf4StphTIoru8zS7XUt8
3HbV3PsiyYErPlwIcobfcjwZJpub23bzetvxRvhpeIpLhrTGrPMCAwEAATANBgkq
hkiG9w0BAQsFAAOCAQEAQwkbP6m3sdQgXEK3mYYZvvs6R/FI9QPu/9ICA+dgfj4y
7wvL0toYYR5oXdhO9At3MYmS+0bFUmqoTS+cxsC4COpEKFbRBWwbJ3NXAw14Hx2U
ELLqMZGJNOwNV+3ZdhADrwA++AjUqu144ObrcNUqo4+A4h9R8qj+o0J50Gvwja9R
Uh67LsF4Ls8fUtqzpqct94bUl6MPMHlH4qpZlgndmQdgOwLWeQEmM8X3WtSJH90S
n8FqBInMBhGu1uz0Qeo09ke0RHRnghP9EXfig/veMegASZeEhFqmS2Bdiy6gqeZ5
Klc5I28bGbvxIV5pnL6ZSjHEDp2WreM8HB0XFJwU+Q==
-----END CERTIFICATE-----";

    /**
     * Cached status
     * @var object
     */
    private static $cachedpremiumstatus = null;

    /**
     * Check if premium is supported
     * @return bool
     */
    public static function supported() {
        return self::$premiumsupported;
    }

    /**
     * Decrypt encrypted data
     * @param string $encrypted Encrypted data
     */
    private static function decrypt($encrypted) {
        // Get the public key.
        $key = \openssl_get_publickey(self::$premiumcrt);
        if ($key === false) {
            throw new \ParseError("Error parsing public key data)");
        }
        // Determine the key size.
        $keysize = \openssl_pkey_get_details($key)["bits"];
        $blocksize = ($keysize / 8); // Bits / 8. Whether padded or not.

        // Decode data in.
        $b64 = \base64_decode($encrypted);
        if ($b64 === false) {
            throw new \ParseError("Error in base64 decoding");
        }

        $data = \str_split($b64, $blocksize);
        $decrypted = "";
        $i = 0;
        foreach ($data as $chunk) {
            if (\openssl_public_decrypt($chunk, $dchunk, $key, \OPENSSL_PKCS1_PADDING)) {
                $decrypted .= $dchunk;
            } else {
                throw new \ParseError("Error decrypting chunk $i ({$blocksize} bytes)");
            }
            $i++;
        }

        // Deprecated in PHP 8.0 and up, but included to be compatible with 7.4.
        if (\PHP_MAJOR_VERSION < 8) {
            \openssl_pkey_free($key);
        }

        return $decrypted;
    }

    /**
     * Trim headers from key data
     * @param string $data the key dat with headers
     * @return string Key without headers
     */
    private static function trim_headers($data) {
        // Headers are repeated in this function for easier testing and copy-pasting into other projects.
        $startheader   = "----- BEGIN ACTIVATION KEY -----";
        $endheader     = "----- END ACTIVATION KEY -----";

        $parts = preg_split("/\r?\n/", \trim($data));
        if (count($parts) > 2) {
            $start = -1;
            $end = -1;
            for ($i = 0; $i < count($parts); $i++) {
                // Make sure all unicode spaces are converted to normal spaces before comparing.
                $p = trim(preg_replace('/\s+/u', ' ', $parts[$i]));

                if ($p == $startheader) {
                    $start = $i + 1;
                }
                if ($start > 0 && $p == $endheader) {
                    $end = $i;
                }
            }

            if ($start < 0 || $end < 0 || $end - $start <= 0) {
                throw new \ParseError("Invalid activation key wrappers");
            } else {
                $keyslice = array_slice($parts, $start, $end - $start);
                return implode("\n", $keyslice);
            }
        } else {
            throw new \ParseError("Invalid activation key");
        }
    }

    /**
     * Check if premium status is enabled
     * @return bool
     */
    public static function enabled() {
        if (self::$premiumsupported) {
            $status = self::premiumstatus();
            return $status->enabled;
        } else {
            return true;
        }
    }

    /**
     * Check if the premium key includes a specific intent in addition to the treestudyplan.
     * @param string $intent The intent to search for
     * @return bool
     */
    public static function has_intent($intent) {
        $status = self::premiumstatus();
        if ($status->enabled) {
            return \in_array(\strtolower($intent), $status->intents);
        } else {
            return false;
        }
    }

    /**
     * Generate debug info.
     */
    public static function debuginfo() {
        $s = "<pre>";
        try {
            $activationkey = \get_config("local_treestudyplan", "premium_key");
            if (strlen($activationkey) > 0) {
                $keydata = self::trim_headers($activationkey);
                $json = self::decrypt($keydata);
                $s .= "Decoded key data:\n----\n";
                $s .= $json . "\n----\n";
                $decoded = \json_decode($json, false);
                $s .= "Read as object:\n----\n";
                $s .= \json_encode($decoded, \JSON_PRETTY_PRINT) ."\n----\n";
                $status = self::premiumstatus();
                $s .= "Parsed premium status block:\n----\n";
                $s .= \json_encode($status, \JSON_PRETTY_PRINT) ."\n----\n";
                $s .= "Message: " . self::statusdescription() . "\n";
            } else {
                $s .= "Premium key empty";
            }
        } catch (\Throwable $x) {
            $s .= "!!! " . get_class($x) . ": " . $x->getCode() . " | " . $x->getMessage(). "\n";
            $stack = explode("\n", $x->getTraceAsString());
            foreach ($stack as $l) {
                $s .= "    " . trim($l) ."\n";
            }
        }

        $s .= "</pre>";
        return $s;
    }

    /**
     * Determine, cache and retrieve premium status
     * @return object
     */
    protected static function premiumstatus() {
        if (!isset(self::$cachedpremiumstatus)) {

            // Initialize default object.
            $o = new \stdClass;
            $o->enabled = false;
            $o->intents = [];
            $o->name = "";
            $o->website = "";
            $o->expires = "";
            $o->expired = false;
            $o->issued = "";
            try {
                $activationkey = \get_config("local_treestudyplan", "premium_key");
                if (strlen($activationkey) > 0) {

                    $keydata = self::trim_headers($activationkey);
                    $json = self::decrypt($keydata);
                    $decoded = \json_decode($json, false);

                    if (is_object($decoded)) {

                        // Copy basic data/.
                        $keys = ["name", "website", "expires", "issued"];
                        foreach ($keys as $k) {
                            if (isset($decoded->$k)) {
                                $o->$k = $decoded->$k;
                            }
                        }

                        if (!empty($decoded->intent)) {
                            $o->intents = explode(",", $decoded->intent);
                        }

                        // Convert dates to DateTime for.
                        $now = new \DateTime();
                        $issuedate = new \DateTime($o->issued);
                        if ($o->expires == 'never') {
                            // If expiry date == never.
                            $expirydate = new \DateTime(); // Default to now and add a year.
                            $expirydate->add(new \DateInterval("P1Y"));
                        } else {
                            try {
                                $expirydate = new \DateTime($o->expires);
                            } catch (\Exception $x) {
                                $expirydate = new \DateTime(); // Default to now.
                            }
                        }

                        if (\in_array('treestudyplan', $o->intents)
                            && !empty($o->issued)
                            && self::website_match($o->website)
                            ) {
                            if ($expirydate > $now) {
                                $o->enabled = true;
                                $o->expired = false;
                            } else {
                                $o->expired = true;
                                $o->enabled = false;
                            }
                            // Format dates localized.
                            $o->issued = \userdate($issuedate->getTimestamp(), \get_string('strftimedate', 'langconfig'));
                            if ($o->expires == "never") {
                                $o->expires = \get_string("premium:never", 'local_treestudyplan');
                            } else {
                                $o->expires = \userdate($expirydate->getTimestamp(), \get_string('strftimedate', 'langconfig'));
                            }
                        }
                    }
                }
            } catch (\ParseError $x) {
                $o->status = \get_string("premium:invalidactivationcontent", "local_treestudyplan");
            }
            self::$cachedpremiumstatus = $o;

        }
        return self::$cachedpremiumstatus;
    }

    /**
     * Check if the current site matches the provided key
     * @param string $key Website pattern to match against
     */
    private static function website_match($key) {
        global $CFG;
        $site = $CFG->wwwroot;

         // Add double slashes to key and site if no scheme is set.
        // Basically: if no double slashes present before any dots, slashes or @s.
        if (!\preg_match_all('#^[^./@]*?//#', $key)) {
            $key = "//".$key;
        }
        if (!\preg_match_all('#^[^./@]*?//#', $site)) {
            $site = "//".$site;
        }
        // Use parse_url() to split path and host.
        $keyurl = (object)\parse_url($key);
        $siteurl = (object)\parse_url($site);

        // No match if host is empty on key or site.
        if (empty($keyurl->host) || empty($siteurl->host)) {
            return false;
        }

        if ($keyurl->host == "*") {
            // Value * matches all.
            return true;
        }

        // First match the host part.
        $keyparts = \array_reverse(\explode(".", $keyurl->host));
        $siteparts = \array_reverse(\explode(".", $siteurl->host));

        // Trim starting www from both parts, since site.domain and www.site.domain should be treated as the same.
        if (($x = \array_pop($keyparts)) != "www") {
            \array_push($keyparts, $x);
        }
        if (($x = \array_pop($siteparts)) != "www") {
            \array_push($siteparts, $x);
        }

        for ($i = 0; $i < count($keyparts); $i++) {
            // No match if the site does not have a part, but the key does. Unless the key part is .
            if (!isset($siteparts[$i])) {
                if ($keyparts[$i] != "*") {
                    return false;
                } else {
                    $i++; // Increment $i by one before break, to make sure the comparison following this loop holds.
                    break; // Stop comparison. Host part matches.
                }
            }

            // Now do a proper case insensitive check for matching.
            // Uses fnmatch to easily handle shell type wildcards.
            if (! \fnmatch($keyparts[$i], $siteparts[$i], \FNM_CASEFOLD)) {
                return false;
            }
        }
        // Fail if the site has a deeper subdomain than the key, unless the deepest key subdomain is .
        if ($keyparts[$i - 1] != '*' && count($siteparts) > ($i)) {
            return false;
        }

        // If we made it here then the host part matches. Now check the path.
        // If path is /*, matches all subpaths including /.
        $keypath = empty($keyurl->path) ? "/" : $keyurl->path;
        $sitepath = empty($siteurl->path) ? "/" : $siteurl->path;

        // Trim trailing / from both paths before comparison.
        if (\strlen($sitepath) > 1) {
            $sitepath = \rtrim($sitepath, "/");
        }
        if (\strlen($keypath) > 1) {
            $keypath = \rtrim($keypath, "/");
        }

        // Do a case insensitive fnmatch on the site so wildcards are matched too.
        return \fnmatch($keypath, $sitepath, \FNM_CASEFOLD);
    }

    /**
     * Parameter description for webservice function get_premiumstatus
     */
    public static function get_premiumstatus_parameters(): \external_function_parameters {
        return new \external_function_parameters([]);
    }

    /**
     * Return value description for webservice function get_premiumstatus
     */
    public static function get_premiumstatus_returns(): \external_description {
        return new \external_single_structure([
            "enabled"   => new \external_value(PARAM_BOOL, 'premium status enabled'),
            "website"   => new \external_value(PARAM_TEXT, 'premium registration website'),
            "name"      => new \external_value(PARAM_TEXT, 'premium registration name'),
            "expires"   => new \external_value(PARAM_TEXT, 'premium registration expiry date'),
            "expired"   => new \external_value(PARAM_BOOL, 'premium status expired'),
            "intents"   => new \external_multiple_structure(
                                new \external_value(PARAM_TEXT), 'additional intents included in the license'
                            ),
        ]);
    }

    /**
     * Get premium status information for webservice
     * @return object
     */
    public static function get_premiumstatus() {
        if (self::$premiumsupported) {
            $status = self::premiumstatus();
            $keys = [
                "enabled",
                "website",
                "name",
                "expires",
                "expired",
                "intents",
            ];

            $result = [];
            foreach ($keys as $param) {
                $result[$param] = $status->$param;
            }
            return $result;
        } else {
            return [
                "enabled" => true,
                "website" => '*',
                "name" => '*',
                "expires" => '',
                "expired" => false,
                "intents" => [],
            ];
        }
    }

    /**
     * Get a descriptive text of the current premium status
     * @return string HTML description of premium status.
     */
    public static function statusdescription() {
        $status = self::premiumstatus();

        $msg = new \stdClass;
        $msg->name = $status->name;
        $msg->issued = $status->issued;
        $msg->expires = $status->expires;
        if ($status->website != "*") {
            $msg->sitestatus = \get_string("premium:onsite", 'local_treestudyplan', $status);
        } else {
            $msg->sitestatus = \get_string("premium:anywhere", 'local_treestudyplan');
        }

        if ($status->enabled) {
            return \get_string("premium:active", 'local_treestudyplan', $msg);
        } else if ($status->expired) {
            return \get_string("premium:expired", 'local_treestudyplan', $msg);
        } else if (!self::website_match($status->website)) {
            return \get_string("premium:siteinvalid", 'local_treestudyplan', $status->website);
        } else {
            return \get_string("premium:notregistered", 'local_treestudyplan', $msg);
        }
    }

    /**
     * Throw an error if premium status is not enabled
     * @param string $message Message translation key to use in exception
     */
    public static function require_premium($message="premiumfeature:warning") {
        if (! self::enabled()) {
            throw new \moodle_exception($message, "local_treestudyplan");
        }
    }

}