// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "net/base/sdch_dictionary.h"

#include "base/time/clock.h"
#include "base/time/default_clock.h"
#include "base/values.h"
#include "net/base/registry_controlled_domains/registry_controlled_domain.h"

namespace {

bool DomainMatch(const GURL& gurl, const std::string& restriction) {
  // TODO(jar): This is not precisely a domain match definition.
  return gurl.DomainIs(restriction);
}

}  // namespace

namespace net {

SdchDictionary::SdchDictionary(const std::string& dictionary_text,
                               size_t offset,
                               const std::string& client_hash,
                               const std::string& server_hash,
                               const GURL& gurl,
                               const std::string& domain,
                               const std::string& path,
                               const base::Time& expiration,
                               const std::set<int>& ports)
    : text_(dictionary_text, offset),
      client_hash_(client_hash),
      server_hash_(server_hash),
      url_(gurl),
      domain_(domain),
      path_(path),
      expiration_(expiration),
      ports_(ports) {
}

SdchDictionary::SdchDictionary(const SdchDictionary& rhs)
    : text_(rhs.text_),
      client_hash_(rhs.client_hash_),
      server_hash_(rhs.server_hash_),
      url_(rhs.url_),
      domain_(rhs.domain_),
      path_(rhs.path_),
      expiration_(rhs.expiration_),
      ports_(rhs.ports_) {
}

SdchDictionary::~SdchDictionary() {
}

// Security functions restricting loads and use of dictionaries.

// static
SdchProblemCode SdchDictionary::CanSet(const std::string& domain,
                                       const std::string& path,
                                       const std::set<int>& ports,
                                       const GURL& dictionary_url) {
  /*
   * A dictionary is invalid and must not be stored if any of the following are
   * true:
   * 1. The dictionary has no Domain attribute.
   * 2. The effective host name that derives from the referer URL host name does
   *    not domain-match the Domain attribute.
   * 3. The Domain attribute is a top level domain.
   * 4. The referer URL host is a host domain name (not IP address) and has the
   *    form HD, where D is the value of the Domain attribute, and H is a string
   *    that contains one or more dots.
   * 5. If the dictionary has a Port attribute and the referer URL's port
   *    was not in the list.
   */

  // TODO(jar): Redirects in dictionary fetches might plausibly be problematic,
  // and hence the conservative approach is to not allow any redirects (if there
  // were any... then don't allow the dictionary to be set).

  if (domain.empty())
    return SDCH_DICTIONARY_MISSING_DOMAIN_SPECIFIER;  // Domain is required.

  if (registry_controlled_domains::GetDomainAndRegistry(
          domain, registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)
          .empty()) {
    return SDCH_DICTIONARY_SPECIFIES_TOP_LEVEL_DOMAIN;  // domain was a TLD.
  }

  if (!DomainMatch(dictionary_url, domain))
    return SDCH_DICTIONARY_DOMAIN_NOT_MATCHING_SOURCE_URL;

  std::string referrer_url_host = dictionary_url.host();
  size_t postfix_domain_index = referrer_url_host.rfind(domain);
  // See if it is indeed a postfix, or just an internal string.
  if (referrer_url_host.size() == postfix_domain_index + domain.size()) {
    // It is a postfix... so check to see if there's a dot in the prefix.
    size_t end_of_host_index = referrer_url_host.find_first_of('.');
    if (referrer_url_host.npos != end_of_host_index &&
        end_of_host_index < postfix_domain_index) {
      return SDCH_DICTIONARY_REFERER_URL_HAS_DOT_IN_PREFIX;
    }
  }

  if (!ports.empty() && 0 == ports.count(dictionary_url.EffectiveIntPort()))
    return SDCH_DICTIONARY_PORT_NOT_MATCHING_SOURCE_URL;

  return SDCH_OK;
}

SdchProblemCode SdchDictionary::CanUse(const GURL& target_url) const {
  /*
   * 1. The request URL's host name domain-matches the Domain attribute of the
   *    dictionary.
   * 2. If the dictionary has a Port attribute, the request port is one of the
   *     ports listed in the Port attribute.
   * 3. The request URL path-matches the path attribute of the dictionary.
   *    We can override (ignore) item (4) only when we have explicitly enabled
   *    HTTPS support AND the dictionary acquisition scheme matches the target
   *   url scheme.
   */
  if (!DomainMatch(target_url, domain_))
    return SDCH_DICTIONARY_FOUND_HAS_WRONG_DOMAIN;

  if (!ports_.empty() && 0 == ports_.count(target_url.EffectiveIntPort()))
    return SDCH_DICTIONARY_FOUND_HAS_WRONG_PORT_LIST;

  if (path_.size() && !PathMatch(target_url.path(), path_))
    return SDCH_DICTIONARY_FOUND_HAS_WRONG_PATH;

  if (target_url.SchemeIsCryptographic() != url_.SchemeIsCryptographic())
    return SDCH_DICTIONARY_FOUND_HAS_WRONG_SCHEME;

  // TODO(jar): Remove overly restrictive failsafe test (added per security
  // review) when we have a need to be more general.
  if (!target_url.SchemeIsHTTPOrHTTPS())
    return SDCH_ATTEMPT_TO_DECODE_NON_HTTP_DATA;

  return SDCH_OK;
}

// static
bool SdchDictionary::PathMatch(const std::string& path,
                               const std::string& restriction) {
  /*  Must be either:
   *  1. P2 is equal to P1
   *  2. P2 is a prefix of P1 and either the final character in P2 is "/"
   *     or the character following P2 in P1 is "/".
   */
  if (path == restriction)
    return true;
  size_t prefix_length = restriction.size();
  if (prefix_length > path.size())
    return false;  // Can't be a prefix.
  if (0 != path.compare(0, prefix_length, restriction))
    return false;
  return restriction[prefix_length - 1] == '/' || path[prefix_length] == '/';
}

bool SdchDictionary::Expired() const {
  return base::Time::Now() > expiration_;
}

}  // namespace net