// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#import <Foundation/Foundation.h>
#import <OpenDirectory/OpenDirectory.h>

#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/mac/foundation_util.h"
#include "base/mac/scoped_nsautorelease_pool.h"
#include "base/mac/scoped_nsobject.h"
#include "base/strings/sys_string_conversions.h"
#include "base/version.h"
#include "components/update_client/updater_state.h"

namespace update_client {

namespace {

const base::FilePath::CharType kKeystonePlist[] = FILE_PATH_LITERAL(
    "Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/"
    "Contents/Info.plist");

// Gets a value from the updater settings. Returns a retained object.
// T should be a toll-free Foundation framework type. See Apple's
// documentation for toll-free bridging.
template<class T>
base::scoped_nsobject<T> GetUpdaterSettingsValue(NSString* value_name) {
  CFStringRef app_id = CFSTR("com.google.Keystone.Agent");
  base::ScopedCFTypeRef<CFPropertyListRef> plist(
      CFPreferencesCopyAppValue(base::mac::NSToCFCast(value_name), app_id));
  return base::scoped_nsobject<T>(
      base::mac::ObjCCastStrict<T>(static_cast<id>(plist.get())),
      base::scoped_policy::RETAIN);
}

base::Time GetUpdaterSettingsTime(NSString* value_name) {
  base::scoped_nsobject<NSDate> date =
      GetUpdaterSettingsValue<NSDate>(value_name);
  base::Time result =
      base::Time::FromCFAbsoluteTime([date timeIntervalSinceReferenceDate]);

  return result;
}

base::Version GetVersionFromPlist(const base::FilePath& info_plist) {
  base::mac::ScopedNSAutoreleasePool scoped_pool;
  NSData* data =
      [NSData dataWithContentsOfFile:
          base::mac::FilePathToNSString(info_plist)];
  if ([data length] == 0) {
    return base::Version();
  }
  NSDictionary* all_keys = base::mac::ObjCCastStrict<NSDictionary>(
      [NSPropertyListSerialization propertyListWithData:data
          options:NSPropertyListImmutable
           format:nil
            error:nil]);
  if (all_keys == nil) {
    return base::Version();
  }
  CFStringRef version =
      base::mac::GetValueFromDictionary<CFStringRef>(
          base::mac::NSToCFCast(all_keys),
          kCFBundleVersionKey);
  if (version == NULL) {
    return base::Version();
  }
  return base::Version(base::SysCFStringRefToUTF8(version));
}

}  // namespace

std::string UpdaterState::GetUpdaterName() {
  return std::string("Keystone");
}

base::Version UpdaterState::GetUpdaterVersion(bool /*is_machine*/) {
  // System Keystone trumps user one, so check this one first
  base::FilePath local_library;
  bool success = base::mac::GetLocalDirectory(NSLibraryDirectory,
                                              &local_library);
  DCHECK(success);
  base::FilePath system_bundle_plist = local_library.Append(kKeystonePlist);
  base::Version system_keystone = GetVersionFromPlist(system_bundle_plist);
  if (system_keystone.IsValid()) {
    return system_keystone;
  }

  base::FilePath user_bundle_plist =
      base::mac::GetUserLibraryPath().Append(kKeystonePlist);
  return GetVersionFromPlist(user_bundle_plist);
}

base::Time UpdaterState::GetUpdaterLastStartedAU(bool /*is_machine*/) {
  return GetUpdaterSettingsTime(@"lastCheckStartDate");
}

base::Time UpdaterState::GetUpdaterLastChecked(bool /*is_machine*/) {
  return GetUpdaterSettingsTime(@"lastServerCheckDate");
}

bool UpdaterState::IsAutoupdateCheckEnabled() {
  // Auto-update check period override (in seconds).
  // Applies only to older versions of Keystone.
  base::scoped_nsobject<NSNumber> timeInterval =
      GetUpdaterSettingsValue<NSNumber>(@"checkInterval");
  if (!timeInterval.get()) return true;
  int value = [timeInterval intValue];

  return 0 < value && value < (24 * 60 * 60);
}

int UpdaterState::GetUpdatePolicy() {
  return -1;  // Keystone does not support update policies.
}

bool UpdaterState::IsEnterpriseManaged() {
  base::mac::ScopedNSAutoreleasePool scoped_pool;

  ODSession* session = [ODSession defaultSession];
  if (session == nil) {
    DLOG(WARNING) << "ODSession defult session is nil.";
    return false;
  }

  NSError* error = nil;

  NSArray<NSString*>* all_node_names = [session nodeNamesAndReturnError:&error];
  if (!all_node_names) {
    DLOG(WARNING) << "ODSession failed to give node names: "
                  << error.localizedDescription.UTF8String;
    return false;
  }

  NSUInteger num_nodes = all_node_names.count;
  if (num_nodes < 3) {
    DLOG(WARNING) << "ODSession returned too few node names: "
                  << all_node_names.description.UTF8String;
    return false;
  }

  if (num_nodes > 3) {
    // Non-enterprise machines have:"/Search", "/Search/Contacts",
    // "/Local/Default". Everything else would be enterprise management.
    return true;
  }

  ODNode* node = [ODNode nodeWithSession:session
                                    type:kODNodeTypeAuthentication
                                   error:&error];
  if (node == nil) {
    DLOG(WARNING) << "ODSession cannot obtain the authentication node: "
                  << error.localizedDescription.UTF8String;
    return false;
  }

  // Now check the currently logged on user.
  ODQuery* query = [ODQuery queryWithNode:node
                           forRecordTypes:kODRecordTypeUsers
                                attribute:kODAttributeTypeRecordName
                                matchType:kODMatchEqualTo
                              queryValues:NSUserName()
                         returnAttributes:kODAttributeTypeAllAttributes
                           maximumResults:0
                                    error:&error];
  if (query == nil) {
    DLOG(WARNING) << "ODSession cannot create user query: "
        << base::mac::NSToCFCast(error);
    return false;
  }

  NSArray* results = [query resultsAllowingPartial:NO error:&error];
  if (!results) {
    DLOG(WARNING) << "ODSession cannot obtain current user node: "
                  << error.localizedDescription.UTF8String;
    return false;
  }
  if (results.count != 1) {
    DLOG(WARNING) << @"ODSession unexpected number of user nodes: "
                  << results.count;
  }
  for (id element in results) {
    ODRecord* record = base::mac::ObjCCastStrict<ODRecord>(element);
    NSArray* attributes =
        [record valuesForAttribute:kODAttributeTypeMetaRecordName
                             error:NULL];
    for (id attribute in attributes) {
      NSString* attribute_value =
          base::mac::ObjCCastStrict<NSString>(attribute);
      // Example: "uid=johnsmith,ou=People,dc=chromium,dc=org
      NSRange domain_controller =
          [attribute_value rangeOfString:@"(^|,)\\s*dc="
                                 options:NSRegularExpressionSearch];
      if (domain_controller.length > 0) {
        return true;
      }
    }

    // Scan alternative identities.
    attributes =
        [record valuesForAttribute:kODAttributeTypeAltSecurityIdentities
                             error:NULL];
    for (id attribute in attributes) {
      NSString* attribute_value =
          base::mac::ObjCCastStrict<NSString>(attribute);
      NSRange iCloud =
          [attribute_value rangeOfString:@"CN=com.apple.idms.appleid.prd"
                                 options:NSCaseInsensitiveSearch];
      if (!iCloud.length) {
        // Any alternative identity that is not iCloud is likely enterprise
        // management.
        return true;
      }
    }
  }
  return false;
}

}  // namespace update_client