<?php

// Handle POST requests that are not targeted to a specific controller

setlocale( LC_ALL, 'de_DE' );
date_default_timezone_set('Europe/Berlin');

$db = new mysqli( $Config['dbHost'], $Config['dbUser'], $Config['dbPassword'], $Config['dbDatabase'] );
if ( ! $db ) {
	die( 'Could not connect to database.' );
}
$db->set_charset('utf8');

require_once 'controllers/inc/init_partcp.php';

$msg = new ParTCP_Incoming_Message( $PostMessage );

if ( ! empty( $msg->parseError ) ){
	$receipt->set_rejection( 10, _('Message could not be parsed') . ":\n"
		. $msg->parseError );
	die( $receipt->dump( TRUE ) );
}

$id = $msg->get('From');
$retrievePubKey = ! empty( $id ) && ! empty( $msg->get('Signature') );
$remoteId = new ParTCP_Public_Identity( $id ?: '<anonymous>', $retrievePubKey );
if ( empty( $remoteId->pubKey ) && $key = $msg->get('Public-Key') ){
	$remoteId->pubKey = $key;
}

$localId = new ParTCP_Private_Identity( $_SERVER['SERVER_NAME'], TRUE, TRUE );
$receipt = new ParTCP_Outgoing_Message( $remoteId, $localId );
$receipt->set_date();
$receipt->set( 'Original-Message', $PostMessage );

$msgType = $msg->get('Message-Type');

if ( ! $msgType ){
	$Receipt->set_rejection( 11, _('Message-Type header is missing') );
	die( $Receipt->dump( TRUE ) );
}

if ( $msg->get('Signature') && ! $msg->get_signature_status() ){
	$Receipt->set_rejection( 71, _('Signature could not be verified')
		. " - {$msg->signatureStatusMessage}" );
	die( $Receipt->dump( TRUE ) );
}

if ( ! empty( $msg->decryptionError ) ){
	$Receipt->set_rejection( 72, _('Elements could not be decrypted') . ":\n"
		. $msg->decryptionError );
	die( $Receipt->dump( TRUE ) );
}

// ping

if ( $msgType == 'ping' ){
	$receipt->set( 'Message-Type', 'echo' );
	$receipt->set_public_key();
	die( $receipt->dump() );
}

// server-details-request

if ( $msgType == 'server-details-request' ){
	$receipt->set( 'Message-Type', 'server-details' );
	$receipt->set( 'Server-Data', [ 'name' => $_SERVER['SERVER_NAME'] ] );
	$receipt->set_public_key();
	die( $receipt->dump() );
}

// auth-challenge-request

if ( $msgType == 'auth-challenge-request' ){
	$sender = trim( $msg->get('From') );
	$signature = $msg->get('Signature');
	$code = trim( $msg->get('Code') );
	if ( ! $sender || ! $signature || ! $code ){
		$receipt->set_rejection( 21, _('Invalid message structure') );
		die( $Receipt->dump( TRUE ) );
	}
	require_once 'lib/ptcp_auth.class.php';
	$PtcpAuth = new ParTCP_Authentications( $db );
	$data = $PtcpAuth->get( base_convert( $code, 36, 10 ) );
	if ( ! $data || strtotime( $data['created_on'] ) < time() - 300 ){
		$receipt->set_rejection( 41, _('Authentication challenge not found') );
		die( $receipt->dump( TRUE ) );
	}
	$receipt->set( 'Message-Type', 'auth-challenge' );
	$receipt->set( 'Code', $code );
	$receipt->set( 'Challenge', $data['challenge'] );
	$receipt->set( 'Expiration-Time', date( 'c', strtotime( $data['created_on'] ) + 180 ) );
	$receipt->set_public_key();
	die( $receipt->dump() );
}

// auth-challenge-solution

if ( $msgType == 'auth-challenge-solution' ){
	$sender = trim( $msg->get('From') );
	$date = $msg->get('Date');
	$signature = $msg->get('Signature');
	$challenge = trim( $msg->get('Challenge') );
	$code = trim( $msg->get('Code') );
	if ( ! $sender || ! $date || ! $signature || ! $challenge || ! $code ){
		$Receipt->set_rejection( 13, _('Invalid message structure') );
		die( $Receipt->dump( TRUE ) );
	}
	$oldTimezone = date_default_timezone_get();
	date_default_timezone_set('UTC');
	$diff = time() - strtotime( $msg->get('Date') );
	date_default_timezone_set( $oldTimezone );
	if ( abs( $diff ) > 120 ){
		$receipt->set_rejection( 22, _('Invalid date (must be now +/- 2 minutes)') );
		die( $receipt->dump( TRUE ) );
	}
	if ( empty( $msg->encryptedElements['Challenge~'] ) ){
		$receipt->set_rejection( 45, _('Challenge must be encrypted') );
		die( $receipt->dump( TRUE ) );
	}
	require_once 'lib/ptcp_auth.class.php';
	$PtcpAuth = new ParTCP_Authentications( $db );
	$authId = base_convert( $code, 36, 10 );
	$data = $PtcpAuth->get( $authId );
	if ( ! $data ){
		$receipt->set_rejection( 41, _('Authentication challenge not found') );
		die( $receipt->dump( TRUE ) );
	}
	if ( strtotime( $data['created_on'] ) < time() - 180 ){
		$receipt->set_rejection( 42, _('Challenge has expired') );
		die( $receipt->dump( TRUE ) );
	}
	if ( $data['challenge'] != $challenge ){
		$receipt->set_rejection( 43, _('Challenge verfication failed') );
		die( $receipt->dump( TRUE ) );
	}
	$PtcpAuth->mark_as_met( $authId, $sender );
	$receipt->set( 'Message-Type', 'authentication-confirmation' );
	die( $receipt->dump() );
}

// unsupported message type

$receipt->set( 'Message-Type', 'failure-notice' );
$receipt->set( 'Failure-Description', 'Unsupported message typ' );
echo receipt->dump();

// end of file partcp.php