<?php
/**
 * EGroupware: iSchedule client
 *
 * @link http://www.egroupware.org
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @package api
 * @subpackage groupdav
 * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @copyright (c) 2012 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @version $Id$
 */

/**
 * iSchedule client: clientside of iSchedule
 *
 * @link https://tools.ietf.org/html/draft-desruisseaux-ischedule-01 iSchedule draft from 2010
 */
class ischedule_client
{
	/**
	 * Own iSchedule version
	 */
	const VERSION = '1.0';

	/**
	 * Required headers in DKIM signature (DKIM-Signature is always a required header!)
	 */
	const REQUIRED_DKIM_HEADERS = 'Host:iSchedule-Version:iSchedule-Message-ID:Content-Type:Originator:Recipient';

	/**
	 * URL to use to contact iSchedule receiver
	 *
	 * @var string
	 */
	private $url;

	/**
	 * Recipient email addresses
	 *
	 * @param array
	 */
	private $recipients;

	/**
	 * Originator email address
	 *
	 * @var string
	 */
	private $originator;

	/**
	 * Private key of originators domain
	 *
	 * @var string
	 */
	private $dkim_private_key;

	/**
	 * Constructor
	 *
	 * @param string|array $recipients=null recipient email-address(es)
	 * @param string $url=null ischedule url, if it should NOT be discovered
	 * @throws Exception in case of an error or discovery failure
	 */
	public function __construct($recipients, $url=null)
	{
		$this->recipients = (array)$recipients;
		$this->originator = $GLOBALS['egw_info']['user']['account_email'];

		if (is_null($url))
		{
			list(,$domain) = explode('@', $recipient);
			$this->url = self::discover($domain);
		}
		else
		{
			$this->url = $url;
		}

		$this->dkim_private_key = $GLOBALS['egw_info']['server']['dkim_private_key'];
	}

	/**
	 * Generate private/public key pair
	 *
	 * Private and public key are stored in api config as dkim_private_key / dkim_public_key and loaded automatic by constructor.
	 *
	 * @return string public key
	 */
	public static function generateKeyPair()
	{
		// Create the keypair
		$res = openssl_pkey_new();

		// Get private key
		openssl_pkey_export($res, $dkim_private_key);

		// Get public key
		$details = openssl_pkey_get_details($res);
		$dkim_public_key = $details['key'];

		// store both in config
		config::save_value('dkim_private_key', $dkim_private_key, 'phpgwapi');
		config::save_value('dkim_public_key', $dkim_public_key, 'phpgwapi');

		return $dkim_public_key;
	}

	const EMAIL_PREG = '/^([a-z0-9][a-z0-9._-]*)?[a-z0-9]@([a-z0-9](|[a-z0-9_-]*[a-z0-9])\.)+[a-z]{2,6}$/i';

	/**
	 * Set originator and (optional) DKIM private key
	 *
	 * @param string $originator
	 * @param string $dkim_private_key=null
	 * @throws Exception for invalid / not an email originator
	 */
	public function setOriginator($originator, $dkim_private_key=null)
	{
		if (!preg_match(self::EMAIL_PREG, $originator))
		{
			throw new Exception("Invalid orginator '$originator'!");
		}
		$this->originator = $originator;

		if (!is_null($dkim_private_key))
		{
			$this->dkim_private_key = $dkim_private_key;
		}
	}

	/**
	 * Discover iSchedule url of a given domain
	 *
	 * @param string $domain
	 * @return string discovered ischedule url
	 * @throws Exception in case of an error or discovery failure
	 */
	public static function discover($domain)
	{
		static $scheme2port = array(
			'https' => 443,
			'http' => 80,
		);

		$d = $domain;
		for($n = 0; $n < 3; ++$n)
		{
			if (!($records = dns_get_record($host='_ischedules._tcp.'.$d, DNS_SRV)) &&
				!($records = dns_get_record($host='_ischedule._tcp.'.$d, DNS_SRV)))
			{
				// try without subdomain(s)
				$parts = explode('.', $d);
				if (count($parts) < 3) break;
				array_shift($parts);
				$d = implode('.', $parts);
			}
		}
		if (!$records) throw new Exception("Could not discover iSchedule service for domain '$domain'!");

		// ToDo: do we need to use priority and weight
		$record = $records[0];

		$url = strpos($host, '_ischedules') === 0 ? 'https' : 'http';
		if ($scheme2port[$url] == $record['port'])
		{
			$url .= '://'.$record['target'];
		}
		else
		{
			$url .= '://'.$record['target'].':'.$record['port'];
		}
		$url .= '/.well-known/ischedule';

		return $url;
	}

	/**
	 * Post dkim signed message to recipients iSchedule server
	 *
	 * @param string $content
	 * @param string $content_type
	 * @param boolean $debug=false true echo request before posting
	 * @param int $max_redirect=3 maximum number of redirect before failing
	 * @return string
	 * @throws Exception with http status code and message, if server responds other then 2xx
	 */
	public function post_msg($content, $content_type, $debug=false, $max_redirect=3)
	{
		if (empty($this->dkim_private_key))
		{
			throw new Exception('You need to generate a key pair first!');
		}
		$url_parts = parse_url($this->url);
		$headers = array(
			'Host' => $url_parts['host'].($url_parts['port'] ? ':'.$url_parts['port'] : ''),
			'iSchedule-Version' => self::VERSION,
			'iSchedule-Message-ID' => uniqid(),
			'Content-Type' => $content_type,
			'Originator' => $this->originator,
			'Recipient' => $this->recipients,
			'Cache-Control' => 'no-cache, no-transform',	// required by iSchedule spec
			'Content-Length' => bytes($content),
		);
		$header_string = '';
		foreach($headers as $name => $value)
		{
			foreach((array)$value as $val)
			{
				$header_string .= $name.': '.$val."\r\n";
			}
		}
		$header_string .= $this->dkim_sign($headers, $content)."\r\n";

		$opts = array('http' =>
		    array(
		        'method'  => 'POST',
		        'header'  => $header_string,
		    	'user_agent' => 'EGroupware iSchedule client '.$GLOBALS['egw_info']['server']['versions']['phpgwapi'].' $Id$',
		    	//'follow_location' => 1,	// default 1=follow, but only for GET, not POST!
		        //'timeout' => $timeout,	// max timeout in seconds (float)
		        'content' => $content,
		    )
		);

		if ($debug) echo "POST $this->url HTTP/1.1\n$header_string\n$content\n";

		// need to suppress warning, if http-status not 2xx
		if (($response = @file_get_contents($this->url, false, stream_context_create($opts))) === false)
		{
			list(, $code, $message) = explode(' ', $http_response_header[0], 3);
			if ($max_redirect && $code[0] === '3')
			{
				foreach($http_response_header as $header)
				{
					if (stripos($header, 'location:') === 0)
					{
						list(,$location) = preg_split('/: ?/', $header, 2);
						if ($location[0] == '/')
						{
							$parts = parse_url($this->url);
							$location = $parts['scheme'].'://'.$parts['host'].($parts['port'] ? ':'.$parts['port'] : '').$location;
						}
						$this->url = $location;
						// follow redirect
						return $this->post_msg($content, $content_type, $debug, $max_redirect-1);
					}
				}
			}
			throw new Exception($message, $code);
		}
		return $response;
	}

	/**
	 * Calculate DKIM signature for headers and body using originators domains private key
	 *
	 * @param array $headers name => value pairs, names as in $sign_headers
	 * @param string $body
	 * @param string $selector='calendar'
	 * @param string $sign_headers='iSchedule-Version:Content-Type:Originator:Recipient'
	 * @return string DKIM-Signature: ...
	 */
	public function dkim_sign(array $headers, $body, $selector='calendar',$sign_headers=self::REQUIRED_DKIM_HEADERS)
	{
		$header_values = $header_names = array();
		foreach(explode(':', $sign_headers) as $header)
		{
			foreach((array)$headers[$header] as $value)
			{
				$header_values[] = $header.': '.$value;
				$header_names[] = $header;
			}
			// oversign multiple value header Recipient
			if ($header == 'Recipient')
			{
				$header_names[] = $header;
			}
		}
		include_once EGW_API_INC.'/php-mail-domain-signer/lib/class.mailDomainSigner.php';
		list(,$domain) = explode('@', $this->originator);
		$mds = new mailDomainSigner($this->dkim_private_key, $domain, $selector);
		// generate DKIM signature according to iSchedule spec
		$dkim = $mds->getDKIM(implode(':', $header_names), $header_values, $body, 'relaxed/simple', 'rsa-sha256',
			"DKIM-Signature: ".
	                "v=1; ".          // DKIM Version
	                "a=\$a; ".        // The algorithm used to generate the signature "rsa-sha1"
					"q=dns/txt:http/well-known; ".	// how to fetch public key: dns/txt, http/well-known or private-exchange
					"x=300; ".        // how long request will be valid in sec
					// end iSchedule specific
	                "s=\$s; ".        // The selector subdividing the namespace for the "d=" (domain) tag
	                "d=\$d; ".        // The domain of the signing entity
	                "l=\$l; ".        // Canonicalizated Body length count
	                "t=\$t; ".        // Signature Timestamp
	                "c=\$c; ".        // Message (Headers/Body) Canonicalization "relaxed/relaxed"
	                "h=\$h; ".        // Signed header fields
	                "bh=\$bh;\r\n\t". // The hash of the canonicalized body part of the message
	                "b=");             // The signature data (Empty because we will calculate it later));

		// as we do http, no need to fold dkim, in fact recommendation is not to
		$dkim = str_replace(array(";\r\n\t", "\r\n\t"), array('; ', ''), $dkim);

		return $dkim;
	}

	/**
	 * Capabilities
	 *
	 * @var array
	 */
	private $capabilities;

	/**
	 * Query capabilities of iSchedule server
	 *
	 * @param string $name=null name of capability to return, default null to return internal array with all capabilities
	 * @return mixed
	 * @throws Exception in case of an error or discovery failure
	 */
	public function capabilities($name=null)
	{
		if (!isset($this->capabilities))
		{
			$reader = new XMLReader();
			if (!$reader->open($this->url.'?action=capabilities'))
			{
				throw new Exception("Could not read iSchedule server capabilities $this->url!");
			}

			$this->capabilities = self::xml2assoc($reader);
			$reader->close();

			if (!isset($this->capabilities['query-result']) || !isset($this->capabilities['query-result']['capability-set']))
			{
				throw new Exception("Server returned invalid capabilities!");
			}
			$this->capabilities = $this->capabilities['query-result']['capability-set'];
			print_r($this->capabilities);
		}
		return $name ? $this->capabilities[$name] : $this->capabilities;
	}

	/**
	 * Parse capabilities xml into an associativ array
	 *
	 * @param XMLReader $xml
	 * @param &$target=array()
	 * @return mixed
	 */
	private static function xml2assoc(XMLReader $xml, &$target = array())
	{
		while ($xml->read())
		{
			switch ($xml->nodeType) {
				case XMLReader::END_ELEMENT:
					return $target;
				case XMLReader::ELEMENT:
					$name = $xml->name;
					$empty = $xml->isEmptyElement;
					$attr_name = $xml->getAttribute('name');
					if (($name_attr = $xml->getAttribute('name')))
					{
						$name = $attr_name;
					}
					if (isset($target[$name]))
					{
						if (!is_array($target[$name]))
						{
							$target[$name] = array($target[$name]);
						}
						$t = &$target[$name][count($target[$name])];
					}
					else
					{
						$t = &$target[$name];
					}
					if ($xml->isEmptyElement)
					{
						$t = '';
					}
					else
					{
						self::xml2assoc($xml, $t);
					}
					if ($xml->hasAttributes)
					{
						while($xml->moveToNextAttribute())
						{
							if ($xml->name != 'name')
					   	{
						   		$t['@'.$xml->name] = $xml->value;
							}
						}
					}
					break;
				case XMLReader::TEXT:
				case XMLReader::CDATA:
					$target = $xml->value;
			}
		}
		return $target;
	}

	/**
	 * Make private vars readable
	 *
	 * @param string $name
	 * @return mixed
	 */
	public function __get($name)
	{
		return $this->$name;
	}
}