/*
 * Copyright (C) 2011, Google Inc. All rights reserved.
 * Copyright (C) 2014, Samsung Electronics. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
 * DAMAGE.
 */

#include "modules/navigatorcontentutils/NavigatorContentUtils.h"

#include "bindings/core/v8/ExceptionState.h"
#include "core/dom/Document.h"
#include "core/dom/ExceptionCode.h"
#include "core/frame/LocalFrame.h"
#include "core/frame/Navigator.h"
#include "core/frame/UseCounter.h"
#include "wtf/HashSet.h"
#include "wtf/text/StringBuilder.h"

namespace blink {

static HashSet<String>* schemeWhitelist;

static void initCustomSchemeHandlerWhitelist() {
  schemeWhitelist = new HashSet<String>;
  static const char* const schemes[] = {
      "bitcoin", "geo",  "im",   "irc",         "ircs", "magnet", "mailto",
      "mms",     "news", "nntp", "openpgp4fpr", "sip",  "sms",    "smsto",
      "ssh",     "tel",  "urn",  "webcal",      "wtai", "xmpp",
  };
  for (size_t i = 0; i < WTF_ARRAY_LENGTH(schemes); ++i)
    schemeWhitelist->add(schemes[i]);
}

static bool verifyCustomHandlerURL(const Document& document,
                                   const String& url,
                                   ExceptionState& exceptionState) {
  // The specification requires that it is a SyntaxError if the "%s" token is
  // not present.
  static const char token[] = "%s";
  int index = url.find(token);
  if (-1 == index) {
    exceptionState.throwDOMException(
        SyntaxError, "The url provided ('" + url + "') does not contain '%s'.");
    return false;
  }

  // It is also a SyntaxError if the custom handler URL, as created by removing
  // the "%s" token and prepending the base url, does not resolve.
  String newURL = url;
  newURL.remove(index, WTF_ARRAY_LENGTH(token) - 1);

  KURL kurl = document.completeURL(url);

  if (kurl.isEmpty() || !kurl.isValid()) {
    exceptionState.throwDOMException(
        SyntaxError,
        "The custom handler URL created by removing '%s' and prepending '" +
            document.baseURL().getString() + "' is invalid.");
    return false;
  }

  // The specification says that the API throws SecurityError exception if the
  // URL's origin differs from the document's origin.
  if (!document.getSecurityOrigin()->canRequest(kurl)) {
    exceptionState.throwSecurityError(
        "Can only register custom handler in the document's origin.");
    return false;
  }

  return true;
}

static bool isSchemeWhitelisted(const String& scheme) {
  if (!schemeWhitelist)
    initCustomSchemeHandlerWhitelist();

  StringBuilder builder;
  builder.append(scheme.lower().ascii().data());

  return schemeWhitelist->contains(builder.toString());
}

static bool verifyCustomHandlerScheme(const String& scheme,
                                      ExceptionState& exceptionState) {
  if (!isValidProtocol(scheme)) {
    exceptionState.throwSecurityError("The scheme '" + scheme +
                                      "' is not valid protocol");
    return false;
  }

  if (scheme.startsWith("web+")) {
    // The specification requires that the length of scheme is at least five
    // characteres (including 'web+' prefix).
    if (scheme.length() >= 5)
      return true;

    exceptionState.throwSecurityError("The scheme '" + scheme +
                                      "' is less than five characters long.");
    return false;
  }

  if (isSchemeWhitelisted(scheme))
    return true;

  exceptionState.throwSecurityError("The scheme '" + scheme +
                                    "' doesn't belong to the scheme whitelist. "
                                    "Please prefix non-whitelisted schemes "
                                    "with the string 'web+'.");
  return false;
}

NavigatorContentUtils* NavigatorContentUtils::from(LocalFrame& frame) {
  return static_cast<NavigatorContentUtils*>(
      Supplement<LocalFrame>::from(frame, supplementName()));
}

NavigatorContentUtils::~NavigatorContentUtils() {}

NavigatorContentUtils* NavigatorContentUtils::create(
    NavigatorContentUtilsClient* client) {
  return new NavigatorContentUtils(client);
}

void NavigatorContentUtils::registerProtocolHandler(
    Navigator& navigator,
    const String& scheme,
    const String& url,
    const String& title,
    ExceptionState& exceptionState) {
  if (!navigator.frame())
    return;

  Document* document = navigator.frame()->document();
  ASSERT(document);

  if (!verifyCustomHandlerURL(*document, url, exceptionState))
    return;

  if (!verifyCustomHandlerScheme(scheme, exceptionState))
    return;

  // Count usage; perhaps we can lock this to secure contexts.
  UseCounter::count(*document,
                    document->isSecureContext()
                        ? UseCounter::RegisterProtocolHandlerSecureOrigin
                        : UseCounter::RegisterProtocolHandlerInsecureOrigin);

  NavigatorContentUtils::from(*navigator.frame())
      ->client()
      ->registerProtocolHandler(scheme, document->completeURL(url), title);
}

static String customHandlersStateString(
    const NavigatorContentUtilsClient::CustomHandlersState state) {
  DEFINE_STATIC_LOCAL(const String, newHandler, ("new"));
  DEFINE_STATIC_LOCAL(const String, registeredHandler, ("registered"));
  DEFINE_STATIC_LOCAL(const String, declinedHandler, ("declined"));

  switch (state) {
    case NavigatorContentUtilsClient::CustomHandlersNew:
      return newHandler;
    case NavigatorContentUtilsClient::CustomHandlersRegistered:
      return registeredHandler;
    case NavigatorContentUtilsClient::CustomHandlersDeclined:
      return declinedHandler;
  }

  ASSERT_NOT_REACHED();
  return String();
}

String NavigatorContentUtils::isProtocolHandlerRegistered(
    Navigator& navigator,
    const String& scheme,
    const String& url,
    ExceptionState& exceptionState) {
  DEFINE_STATIC_LOCAL(const String, declined, ("declined"));

  if (!navigator.frame())
    return declined;

  Document* document = navigator.frame()->document();
  ASSERT(document);
  if (document->activeDOMObjectsAreStopped())
    return declined;

  if (!verifyCustomHandlerURL(*document, url, exceptionState))
    return declined;

  if (!verifyCustomHandlerScheme(scheme, exceptionState))
    return declined;

  return customHandlersStateString(
      NavigatorContentUtils::from(*navigator.frame())
          ->client()
          ->isProtocolHandlerRegistered(scheme, document->completeURL(url)));
}

void NavigatorContentUtils::unregisterProtocolHandler(
    Navigator& navigator,
    const String& scheme,
    const String& url,
    ExceptionState& exceptionState) {
  if (!navigator.frame())
    return;

  Document* document = navigator.frame()->document();
  ASSERT(document);

  if (!verifyCustomHandlerURL(*document, url, exceptionState))
    return;

  if (!verifyCustomHandlerScheme(scheme, exceptionState))
    return;

  NavigatorContentUtils::from(*navigator.frame())
      ->client()
      ->unregisterProtocolHandler(scheme, document->completeURL(url));
}

DEFINE_TRACE(NavigatorContentUtils) {
  visitor->trace(m_client);
  Supplement<LocalFrame>::trace(visitor);
}

const char* NavigatorContentUtils::supplementName() {
  return "NavigatorContentUtils";
}

void provideNavigatorContentUtilsTo(LocalFrame& frame,
                                    NavigatorContentUtilsClient* client) {
  NavigatorContentUtils::provideTo(frame,
                                   NavigatorContentUtils::supplementName(),
                                   NavigatorContentUtils::create(client));
}

}  // namespace blink