#!/usr/bin/bash

#***************************************************************************
# This file is part of the CRYPTO BONE
# File     : safewebdropcontact (client) 
# Version  : 1.6 (ALL-IN-ONE)
# License  : BSD
# Date     : 12 May 2023
# Contact  : Please send enquiries and bug-reports to innovation@senderek.ie
#
#
# Copyright (c) 2015-2023
#	Ralf Senderek, Ireland.  All rights reserved. (https://senderek.ie)
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
# 3. All advertising materials mentioning features or use of this software
#    must display the following acknowledgement:
#	   This product includes software developed by Ralf Senderek.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND  ANY EXPRESS OR 
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE  IMPLIED WARRANTIES 
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  
# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
# POSSIBILITY OF SUCH DAMAGE.
#
#****************************************************************************

# Parameter: 
# $1 is the recipient (joe%otherserver.com)   
# $2 is the shared secret

#----------------------------------------------------#
# load functions and global variables
. /usr/lib/cryptobone/safewebdrop/bin/client-functions

REQ=$RAM/contactrequest
MSG=$RAM/message
SOCK="/usr/lib/cryptobone/secrets.sock"

# in production use webdropsecret, webdropserver and webdropuser

PASS=$(/usr/bin/echo "get-element webdropsecret" | /usr/bin/socat -t15 - UNIX-connect:$SOCK 2> /dev/null)
HOST=$(/usr/bin/echo "get-element webdropserver" | /usr/bin/socat -t15 - UNIX-connect:$SOCK 2> /dev/null)
ID=$(/usr/bin/echo "get-element webdropuser" | /usr/bin/socat -t15 - UNIX-connect:$SOCK 2> /dev/null)

function clean2 {
     rm -f ${MSG}  2>/dev/null
}
 
log "---contact---"
if (( $# ==  2 )) ; then
     OLDIFS="${IFS}"
     CONTACT=$1
     SECRET=$2
     # split $1 into CONTACTID and CONTACTHOST
     IFS=\%
     set -- $1
     CONTACTID=$1
     CONTACTHOST=$2
     IFS=${OLDIFS}

### log "got ${SECRET} ${CONTACTID} and ${CONTACTHOST}"

     # skip, if CONTACTHOST equals HOST
     if [[ "${CONTACTHOST}" = "${HOST}" ]] ; then
          # do nothing
          exit 0
     fi

     if [[ ${PASS} ]] && [[ ${HOST} ]] && [[ ${ID} ]] ; then
          # phase 1: send ALLOW request
          CHALLENGE=$(/usr/bin/curl https://${HOST}/cgi-bin/safewebdroppermission?${ID}\&ALLOW 2>/dev/null)

          if (( ${#CHALLENGE} != 64 )) ; then
               log "I: no challenge EXIT "
     	       exit 2
          fi
          log "I:  ${ID} CHL=${CHALLENGE}"

          # phase 2: create one valid permission request
          
	  /usr/bin/rm -f ${REQ}.hash.sig  ${MSG} 2> /dev/null
          # user:request:hashsig
          /usr/bin/echo -n "${CHALLENGE}:" > ${REQ}
          /usr/bin/echo -n "${CONTACT}:" >> ${REQ}

	  # generate the hash ([[A%S, B%S2, secret]])
          /usr/bin/echo -n "${ID}%${HOST}:" > ${MSG}
          /usr/bin/echo -n "${CONTACT}:" >> ${MSG}
          /usr/bin/echo -n "${SECRET}" >> ${MSG}
	  HASHVALUE=$(/usr/bin/cat ${MSG} | /usr/bin/sha256sum | /usr/bin/cut -c-64 )
          /usr/bin/echo -n "${HASHVALUE}" >> ${REQ}
 
          # generate a hash of the request 
          generate_requesthash

          # and send it 
          if (( ${#SIG} > 10 )) ; then
               /usr/bin/sleep 1
               REQUEST=$(/usr/bin/cat ${REQ})
               OK=$(/usr/bin/curl https://${HOST}/cgi-bin/safewebdroppermission?${ID}\&${REQUEST}\&${SIG} 2> /dev/null)
     	       log "II: $ID ${OK} ${#OK} bytes received" 
               if [[ "${OK}" = "OK" ]]  ; then
     	            log "III: OK valid permission sent for $1"
     	       fi
          else
               log "II: no file ${MSG}"
          fi
     fi
else
     log "not enough parameter"
     exit 1
fi
log "-------------"

# send a cross contact request
if [[ ${ID} ]] && [[ ${HOST} ]] & [[ ${CONTACTID} ]] && [[ ${CONTACTHOST} ]] &&  [[ ${SECRET} ]]; then
     /usr/lib/cryptobone/safewebdrop/bin/safewebdropcrosscontact "${ID}%${HOST}" "${CONTACTID}" "${CONTACTHOST}" "${SECRET}"
else
     log "cannot send cross contact request because some parameter is missing"
fi

exit 0