// Go FIDO U2F Library
// Copyright 2015 The Go FIDO U2F Library Authors. All rights reserved.
// Use of this source code is governed by the MIT
// license that can be found in the LICENSE file.

/*
Package u2f implements the server-side parts of the
FIDO Universal 2nd Factor (U2F) specification.

Applications will usually persist Challenge and Registration objects in a
database.

To enrol a new token:

    app_id := "http://localhost"
    c, _ := NewChallenge(app_id, []string{app_id})
    req, _ := u2f.NewWebRegisterRequest(c, existingTokens)
    // Send the request to the browser.
    var resp RegisterResponse
    // Read resp from the browser.
    reg, err := Register(resp, c)
    if err != nil {
         // Registration failed.
    }
    // Store reg in the database.

To perform an authentication:

    var regs []Registration
    // Fetch regs from the database.
    c, _ := NewChallenge(app_id, []string{app_id})
    req, _ := c.SignRequest(regs)
    // Send the request to the browser.
    var resp SignResponse
    // Read resp from the browser.
    new_counter, err := reg.Authenticate(resp, c)
    if err != nil {
        // Authentication failed.
    }
    reg.Counter = new_counter
    // Store updated Registration in the database.

The FIDO U2F specification can be found here:
https://fidoalliance.org/specifications/download
*/
package u2f

import (
	"crypto/rand"
	"crypto/subtle"
	"encoding/base64"
	"encoding/json"
	"errors"
	"strings"
	"time"
)

const u2fVersion = "U2F_V2"
const timeout = 5 * time.Minute

func decodeBase64(s string) ([]byte, error) {
	for i := 0; i < len(s)%4; i++ {
		s += "="
	}
	return base64.URLEncoding.DecodeString(s)
}

func encodeBase64(buf []byte) string {
	s := base64.URLEncoding.EncodeToString(buf)
	return strings.TrimRight(s, "=")
}

// Challenge represents a single transaction between the server and
// authenticator. This data will typically be stored in a database.
type Challenge struct {
	Challenge     []byte
	Timestamp     time.Time
	AppID         string
	TrustedFacets []string
}

// NewChallenge generates a challenge for the given application.
func NewChallenge(appID string, trustedFacets []string) (*Challenge, error) {
	challenge := make([]byte, 32)
	n, err := rand.Read(challenge)
	if err != nil {
		return nil, err
	}
	if n != 32 {
		return nil, errors.New("u2f: unable to generate random bytes")
	}

	var c Challenge
	c.Challenge = challenge
	c.Timestamp = time.Now()
	c.AppID = appID
	c.TrustedFacets = trustedFacets
	return &c, nil
}

func verifyClientData(clientData []byte, challenge Challenge) error {
	var cd ClientData
	if err := json.Unmarshal(clientData, &cd); err != nil {
		return err
	}

	foundFacetID := false
	for _, facetID := range challenge.TrustedFacets {
		if facetID == cd.Origin {
			foundFacetID = true
			break
		}
	}
	if !foundFacetID {
		return errors.New("u2f: untrusted facet id")
	}

	c := encodeBase64(challenge.Challenge)
	if len(c) != len(cd.Challenge) ||
		subtle.ConstantTimeCompare([]byte(c), []byte(cd.Challenge)) != 1 {
		return errors.New("u2f: challenge does not match")
	}

	return nil
}