// checkpw - Check passwords against pwnedpasswords.com
// Copyright (C) 2018  Harald Eilertsen <haraldei@anduin.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program.  If not, see <https://www.gnu.org/licenses/>.

extern crate futures;
extern crate hyper;
extern crate hyper_tls;
extern crate ring;
extern crate tokio_core;

use futures::{Future, Stream};
use hyper::Client;
use hyper_tls::HttpsConnector;
use ring::digest;
use std::env;
use tokio_core::reactor::Core;

//
// Convert a slice of bytes into a string of hex values
//
fn to_hex(data: &[u8]) -> String {
    data.into_iter()
        .map(|b| format!("{:02X}", b))
        .collect()
}

#[test]
fn test_to_hex() {
    let input = [0x01, 0x00, 0xff, 0xaa, 0x10, 0x07];
    assert_eq!(to_hex(&input), "0100FFAA1007");
}

///
/// Split the digest into the range and rest parts for k-anonymity
///
fn to_k_anon(d: digest::Digest) -> (String, String) {
    let mut hash = to_hex(d.as_ref());
    let rest = hash.split_off(5);
    (hash, rest)
}

#[test]
fn test_k_anon() {
    let input = digest::digest(&digest::SHA1, "Passw0rd".as_bytes());
    let res = to_k_anon(input);
    assert_eq!(res, (String::from("EBFC7"), String::from("910077770C8340F63CD2DCA2AC1F120444F")));
}

struct Password {
    pw: String,
    pub range: String,
    pub rest: String,
}

impl Password {
    pub fn new(pw: &str) -> Password {
        let (range, rest) = to_k_anon(digest::digest(&digest::SHA1, &pw.as_bytes()));

        Password {
            pw: String::from(pw),
            range: range,
            rest: rest,
        }
    }
}

#[test]
fn test_creating_new_password() {
    let pw = Password::new("Passw0rd");
    assert_eq!(&pw.range, "EBFC7");
    assert_eq!(&pw.rest, "910077770C8340F63CD2DCA2AC1F120444F");
}

fn check(pw: Password) -> Result<(), Box<::std::error::Error>> {
    let mut core = Core::new()?;
    let client = Client::configure()
        .connector(HttpsConnector::new(4, &core.handle())?)
        .build(&core.handle());

    let uri = format!("https://api.pwnedpasswords.com/range/{}", pw.range).parse()?;

    let req = client.get(uri).and_then(|res| {
        res.body().concat2().and_then(move |body| {
            let hashes = std::str::from_utf8(&body)?;
            if let Some(pos) = hashes.find(&pw.rest) {
                println!("Password is PWNED!");
                if let Some(res) = hashes[pos..].lines().take(1).collect::<Vec<_>>().pop() {
                    let count = res.split(':').skip(1).collect::<Vec<_>>().pop().unwrap();
                    println!("The password {} was found in {} breaches", pw.pw, count);
                }
            }
            Ok(())
        })
    });

    core.run(req)?;

    Ok(())
}

fn main() {
    let mut passwords = Vec::new();
    for arg in env::args().skip(1) {
        passwords.push(Password::new(&arg));
    };

    for pw in passwords {
        check(pw).unwrap();
    }
}