// Copyright 2020 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include <memory>
#include <utility>

#include <chromeos/dbus/service_constants.h>
#include <dbus/bus.h>
#include <dbus/exported_object.h>
#include <dbus/message.h>
#include <dbus/object_proxy.h>
#include <dbus/scoped_dbus_error.h>

#include <vm_permission_service/proto_bindings/vm_permission_service.pb.h>

#include "vm_tools/concierge/vm_permission_interface.h"

namespace vm_tools {
namespace concierge {
namespace vm_permission {

namespace {

bool QueryVmPermission(dbus::ObjectProxy* proxy,
                       const std::string& vm_token,
                       vm_permission_service::Permission::Kind permission) {
  // TODO(dtor): remove when we remove Camera/Mic Chrome flags and
  // always have non-empty token.
  if (vm_token.empty())
    return false;

  dbus::MethodCall method_call(
      chromeos::kVmPermissionServiceInterface,
      chromeos::kVmPermissionServiceGetPermissionsMethod);
  dbus::MessageWriter writer(&method_call);

  vm_permission_service::GetPermissionsRequest request;
  request.set_token(vm_token);

  if (!writer.AppendProtoAsArrayOfBytes(request)) {
    LOG(ERROR) << "Failed to encode GetPermissionsRequest protobuf";
    return false;
  }

  dbus::ScopedDBusError dbus_error;
  std::unique_ptr<dbus::Response> dbus_response =
      proxy->CallMethodAndBlockWithErrorDetails(
          &method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, &dbus_error);
  if (!dbus_response) {
    if (dbus_error.is_set()) {
      LOG(ERROR) << "Getpermissions call failed: " << dbus_error.name() << " ("
                 << dbus_error.message() << ")";
    } else {
      LOG(ERROR)
          << "Failed to send GetPermissions message to permission service";
    }
    return false;
  }

  dbus::MessageReader reader(dbus_response.get());
  vm_permission_service::GetPermissionsResponse response;
  if (!reader.PopArrayOfBytesAsProto(&response)) {
    LOG(ERROR) << "Failed to parse GetPermissionsResponse protobuf";
    return false;
  }

  for (const auto& p : response.permissions()) {
    if (p.kind() == permission)
      return p.allowed();
  }

  return false;
}

};  // namespace

dbus::ObjectProxy* GetServiceProxy(scoped_refptr<dbus::Bus> bus) {
  return bus->GetObjectProxy(
      chromeos::kVmPermissionServiceName,
      dbus::ObjectPath(chromeos::kVmPermissionServicePath));
}

bool RegisterVm(dbus::ObjectProxy* proxy,
                const VmId& vm_id,
                VmType type,
                std::string* token) {
  CHECK(token);

  LOG(INFO) << "Registering VM " << vm_id << " with permission service";

  dbus::MethodCall method_call(chromeos::kVmPermissionServiceInterface,
                               chromeos::kVmPermissionServiceRegisterVmMethod);
  dbus::MessageWriter writer(&method_call);

  vm_permission_service::RegisterVmRequest request;
  request.set_owner_id(vm_id.owner_id());
  request.set_name(vm_id.name());
  switch (type) {
    case VmType::CROSTINI_VM:
      request.set_type(vm_permission_service::RegisterVmRequest::CROSTINI_VM);
      break;
    case VmType::PLUGIN_VM:
      request.set_type(vm_permission_service::RegisterVmRequest::PLUGIN_VM);
      break;
  }

  if (!writer.AppendProtoAsArrayOfBytes(request)) {
    LOG(ERROR) << "Failed to encode RegisterVmRequest protobuf";
    return false;
  }

  dbus::ScopedDBusError dbus_error;
  std::unique_ptr<dbus::Response> dbus_response =
      proxy->CallMethodAndBlockWithErrorDetails(
          &method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, &dbus_error);
  if (!dbus_response) {
    if (!dbus_error.is_set()) {
      LOG(ERROR) << "Failed to send RegisterVm message to permission service";
    } else if (strcmp(dbus_error.name(), DBUS_ERROR_NOT_SUPPORTED) == 0) {
      // TODO(dtor): remove when we remove Camera/Mic Chrome flags stop
      // returning DBUS_ERROR_NOT_SUPPORTED.
      *token = std::string();
      return true;
    } else {
      LOG(ERROR) << "RegisterVm call failed: " << dbus_error.name() << " ("
                 << dbus_error.message() << ")";
    }
    return false;
  }

  dbus::MessageReader reader(dbus_response.get());
  vm_permission_service::RegisterVmResponse response;
  if (!reader.PopArrayOfBytesAsProto(&response)) {
    LOG(ERROR) << "Failed to parse RegisterVmResponse protobuf";
    return false;
  }

  if (response.token().empty()) {
    LOG(ERROR) << "Permission service returned invalid token";
    return false;
  }

  *token = response.token();
  return true;
}

bool UnregisterVm(dbus::ObjectProxy* proxy, const VmId& vm_id) {
  LOG(INFO) << "Unregistering VM " << vm_id << " from permission service";

  dbus::MethodCall method_call(
      chromeos::kVmPermissionServiceInterface,
      chromeos::kVmPermissionServiceUnregisterVmMethod);
  dbus::MessageWriter writer(&method_call);

  vm_permission_service::UnregisterVmRequest request;
  request.set_owner_id(vm_id.owner_id());
  request.set_name(vm_id.name());

  if (!writer.AppendProtoAsArrayOfBytes(request)) {
    LOG(ERROR) << "Failed to encode UnregisterVmRequest protobuf";
    return false;
  }

  dbus::ScopedDBusError dbus_error;
  std::unique_ptr<dbus::Response> dbus_response =
      proxy->CallMethodAndBlockWithErrorDetails(
          &method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, &dbus_error);
  if (!dbus_response) {
    if (dbus_error.is_set()) {
      LOG(ERROR) << "UnregisterVm call failed: " << dbus_error.name() << " ("
                 << dbus_error.message() << ")";
    } else {
      LOG(ERROR) << "Failed to send UnregisterVm message to permission service";
    }
    return false;
  }

  // There is no body in successful response to unregister request.
  return true;
}

bool IsMicrophoneEnabled(dbus::ObjectProxy* proxy,
                         const std::string& vm_token) {
  return QueryVmPermission(proxy, vm_token,
                           vm_permission_service::Permission::MICROPHONE);
}

bool IsCameraEnabled(dbus::ObjectProxy* proxy, const std::string& vm_token) {
  return QueryVmPermission(proxy, vm_token,
                           vm_permission_service::Permission::CAMERA);
}
}  // namespace vm_permission
}  // namespace concierge
}  // namespace vm_tools