#!/usr/bin/bash

if [ $(/usr/bin/id -u) != 0 ]; then /usr/bin/echo "only root can do that"; exit 2; fi

#***************************************************************************
# This file is part of the CRYPTO BONE
# File     : sendsafewebdrop 
# Version  : 1.6 (ALL-IN-ONE)
# License  : BSD
# Date     : 12 May 2023
# Contact  : Please send enquiries and bug-reports to innovation@senderek.ie
#
#
# Copyright (c) 2015-2023
#	Ralf Senderek, Ireland.  All rights reserved. (https://senderek.ie)
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
# 3. All advertising materials mentioning features or use of this software
#    must display the following acknowledgement:
#	   This product includes software developed by Ralf Senderek.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND  ANY EXPRESS OR 
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE  IMPLIED WARRANTIES 
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  
# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
# POSSIBILITY OF SUCH DAMAGE.
#
#****************************************************************************

# sends a message out, if it is encrypted
# Parameter
# $1 : sender
# $2 : recipient
# $3 : absolute filename of an optional attachment

SOCK=/usr/lib/cryptobone/secrets.sock
PASS=$(/usr/bin/echo "get-element webdropsecret" | /usr/bin/socat -t15 - UNIX-connect:$SOCK 2> /dev/null)
if [[ ! ${PASS} ]]; then
    # webdropsecret is not available
    exit 1
fi

#----------------------------------------------------#
# load functions and global variables
. /usr/lib/cryptobone/safewebdrop/bin/client-functions

function looks_like_safewebdrop {
     if [[ $1 = *%* ]] && [[ $1 != *@* ]]; then
          return 0
     else
          return 1
     fi	  
}

#----------------------------------------------------#

if (( $# == 3 )); then
     log "sendsafewebdrop $1 : $2 : $3"
     SENDER="none"
     RECIPIENT="none"
     RES=$(/usr/bin/echo check /usr/lib/cryptobone/cryptobone/encryptedmessage.asc | /usr/bin/socat -t15 - UNIX-connect:$SOCK 2> /dev/null)
     if [[ "${RES}" = "AES encrypted data" ]] || [[ "${RES}" = "AES256 encrypted data" ]] ; then
          if looks_like_safewebdrop $1
	  then
               SENDER=$1
	       if looks_like_safewebdrop $2
	       then
	             if [[ $3 != "none" ]] ; then
	                  FILE="$3"
                     else
		          FILE="none"
		     fi
		     log "Attachmnt: $FILE"
                     RECIPIENT="$2"
		     # create a safe webdrop request
		     # get SERVER from RECIPIENT
		     OLDIFS="${IFS}"
		     IFS=\%
                     set -- ${RECIPIENT}
		     ID=$1
                     SERVER=$2
                     set -- ${SENDER}
		     SENDERID=$1
		     SENDERHOST=$2
                     IFS=${OLDIFS}

		     if [[ "${SERVER}" = "${SENDERHOST}" ]]; then
                         SENDADDR=${SENDERID}
                     else
                         SENDADDR=${SENDER}
		     fi

                     # generate message
		     /usr/bin/echo  "From: ${SENDER}" > /usr/lib/cryptobone/cryptobone/message
		     /usr/bin/echo >> /usr/lib/cryptobone/cryptobone/message
		     /usr/bin/cat /usr/lib/cryptobone/cryptobone/encryptedmessage.asc >> /usr/lib/cryptobone/cryptobone/message
		     if [[ "${FILE}" != "none" ]] ; then
		          # add the filename of the attachment
                          /usr/bin/echo "Attachment: ${FILE##*/}" >> /usr/lib/cryptobone/cryptobone/message

		     fi
	  	     /usr/bin/echo "." >> /usr/lib/cryptobone/cryptobone/message
		     /usr/bin/echo   >> /usr/lib/cryptobone/cryptobone/message
		     /usr/bin/base64 --wrap=0 /usr/lib/cryptobone/cryptobone/message > /usr/lib/cryptobone/cryptobone/message.b64
		     /usr/bin/chmod 600 /usr/lib/cryptobone/cryptobone/message*
		     REQ=$(/usr/bin/cat /usr/lib/cryptobone/cryptobone/message.b64)
		     MESSAGE=$(/usr/bin/cat /usr/lib/cryptobone/cryptobone/message)
		     HASH=$(/usr/bin/cat /usr/lib/cryptobone/cryptobone/message | /usr/bin/sha256sum | /usr/bin/cut -c-64)
		     /usr/bin/echo -n ${HASH} > /usr/lib/cryptobone/cryptobone/message.hash
		     log "using messagehash: ${HASH}"
		     RES=$(/usr/lib/cryptobone/safewebdrop/bin/signRSA "${PASS}" /usr/lib/cryptobone/cryptobone/message.hash)
                     if [[ ${RES} ]]; then 
                          log "Error signing: ${RES}" 
			  exit 3
                     fi

		     SIG=$(/usr/bin/base64 --wrap=0 /usr/lib/cryptobone/cryptobone/message.hash.sig)
                     RES=$(/usr/bin/curl https://${SERVER}/cgi-bin/safewebdropsave?${ID}\&${SENDADDR}\&${REQ}\&${SIG}\&${FILE} 2> /dev/null)
		     log "RESULT 1: $RES"
		     if [[ ${RES} ]] ; then
		          if [[ ${FILE} != "none" ]] ; then
                               NUM=${RES}
			       # send the encrypted attachment
			       if [[ -r /usr/lib/cryptobone/cryptobone/attachment.asc ]] ;then
			            log "found /usr/lib/cryptobone/cryptobone/attachment.asc"
			            # generate a signature of {NUM, hash(encryptedfile)}
				    HASH=$(/usr/bin/cat /usr/lib/cryptobone/cryptobone/attachment.asc | /usr/bin/sha256sum | /usr/bin/cut -c-64)
                                    MESSAGE=$(/usr/bin/echo -n "${NUM}:${HASH}")
                                    /usr/bin/echo -n $(safewebdrophash ${MESSAGE}) > /usr/lib/cryptobone/cryptobone/message.hash
                                    RES=$(/usr/lib/cryptobone/safewebdrop/bin/signRSA "${PASS}" /usr/lib/cryptobone/cryptobone/message.hash)
                                    if [[ ${RES} ]]; then 
                                         log "Error signing: ${RES}" 
                                         exit 3
				    fi

                                    REQ=$(/usr/bin/cat ${MESSAGE})
                                    SIG=$(/usr/bin/base64 --wrap=0 /usr/lib/cryptobone/cryptobone/message.hash.sig)
			            RES=$(/usr/bin/curl https://${SERVER}/cgi-bin/safewebdropfile?${ID}\&${SENDADDR}\&${MESSAGE}\&${SIG}\&${NUM} --upload-file /usr/lib/cryptobone/cryptobone/attachment.asc)
		                    log "RESULT 2: $RES"
		                    if [[ ${RES} = "OK" ]] ; then
	                                 /usr/bin/echo "${RES}"
                                         log "--- End sendsafewebdrop ---"
                                         exit 0
				    else
				         /usr/bin/echo "$RES"
					 exit 1
			            fi
			       else
			            log "no encrypted attachment"
			       fi
			  else
			       # message without attachment
	                       /usr/bin/echo "${RES}"
                               exit 0
			  fi
	             else
		          /usr/bin/echo "failed transfer: no answer from server"
			  exit 2
		     fi 
	       fi
	       # false recipient ID
	       /usr/bin/echo "failed recipient"
	       exit 2
	  fi
	  # false sender ID
	  /usr/bin/echo "failed sender"
	  exit 2
     fi
     log "no AES encrypted data"
     exit 3
else
     log "not enough parameter"
     exit 1
fi
exit 0