<?php

namespace Badcow\DNS\Rdata;

use Badcow\DNS\Parser\Tokens;
use Badcow\DNS\Validator;

/**
 * {@link https://tools.ietf.org/html/rfc4025}.
 */
class IPSECKEY implements RdataInterface
{
	use RdataTrait;

	const TYPE = 'IPSECKEY';
	const TYPE_CODE = 45;
	const ALGORITHM_NONE = 0;
	const ALGORITHM_DSA = 1;
	const ALGORITHM_RSA = 2;
	const ALGORITHM_ECDSA = 3;

	/**
	 * This is an 8-bit precedence for this record.  It is interpreted in
	 * the same way as the PREFERENCE field described in section 3.3.9 of
	 * RFC 1035.
	 *
	 * Gateways listed in IPSECKEY records with lower precedence are to be
	 * attempted first.  Where there is a tie in precedence, the order
	 * should be non-deterministic.
	 *
	 * @var int
	 */
	private $precedence;

	/**
	 * The gateway type field indicates the format of the information that
	 * is stored in the gateway field.
	 *
	 * The following values are defined:
	 * - 0: No gateway is present.
	 * - 1: A 4-byte IPv4 address is present.
	 * - 2: A 16-byte IPv6 address is present.
	 * - 3: A wire-encoded domain name is present.  The wire-encoded format is
	 *      self-describing, so the length is implicit.  The domain name MUST
	 *      NOT be compressed.  (See Section 3.3 of RFC 1035.)
	 *
	 * @var int
	 */
	private $gatewayType;

	/**
	 * 7-bit The algorithm type field identifies the public key's crypto-
	 * graphic algorithm and determines the format of the public key field.
	 * A value of 0 indicates that no key is present.
	 *
	 * The following values are defined:
	 * - 1: A DSA key is present, in the format defined in RFC 2536.
	 * - 2: A RSA key is present, in the format defined in RFC 3110.
	 * - 3: An ECDSA key is present, in the format defined in RFC 6605.
	 *
	 * @var int
	 */
	private $algorithm = 0;

	/**
	 * The gateway field indicates a gateway to which an IPsec tunnel may be.
	 * created in order to reach the entity named by this resource record.
	 *
	 * There are three formats:
	 *
	 * A 32-bit IPv4 address is present in the gateway field.  The data
	 * portion is an IPv4 address as described in section 3.4.1 of RFC 1035.
	 * This is a 32-bit number in network byte order.
	 *
	 * A 128-bit IPv6 address is present in the gateway field.  The data
	 * portion is an IPv6 address as described in section 2.2 of RFC 3596
	 * This is a 128-bit number in network byte order.
	 *
	 * The gateway field is a normal wire-encoded domain name, as described
	 * in section 3.3 of RFC 1035. Compression MUST NOT be used.
	 *
	 * @var string|null
	 */
	private $gateway;

	/**
	 * Both the public key types defined in this document (RSA and DSA)
	 * inherit their public key formats from the corresponding KEY RR
	 * formats. Specifically, the public key field contains the
	 * algorithm-specific portion of the KEY RR RDATA, which is all the KEY
	 * RR DATA after the first four octets.  This is the same portion of the
	 * KEY RR that must be specified by documents that define a DNSSEC
	 * algorithm. Those documents also specify a message digest to be used
	 * for generation of SIG RRs; that specification is not relevant for
	 * IPSECKEY RRs.
	 *
	 * @var string|null
	 */
	private $publicKey = null;


	/**
	 * @return int
	 */
	public function getPrecedence(): int
	{
		return $this->precedence;
	}


	/**
	 * @param int $precedence
	 *
	 * @throws \InvalidArgumentException
	 */
	public function setPrecedence(int $precedence): void
	{
		if (!Validator::isUnsignedInteger($precedence, 8)) {
		    throw new \InvalidArgumentException('IPSECKEY precedence must be an 8-bit integer.');
		}
		$this->precedence = $precedence;
	}


	/**
	 * @return int
	 */
	public function getGatewayType(): int
	{
		return $this->gatewayType;
	}


	/**
	 * @return int
	 */
	public function getAlgorithm(): int
	{
		return $this->algorithm;
	}


	/**
	 * @param int $algorithm
	 *
	 * @throws \InvalidArgumentException
	 */
	private function setAlgorithm(int $algorithm): void
	{
		if (!Validator::isUnsignedInteger($algorithm, 8)) {
		    throw new \InvalidArgumentException('IPSECKEY algorithm type must be an 8-bit integer.');
		}
		$this->algorithm = $algorithm;
	}


	/**
	 * @return string|null
	 */
	public function getGateway(): ?string
	{
		return $this->gateway;
	}


	/**
	 * @param string|null $gateway either &null for no gateway, a fully qualified domain name, or an IPv4 or IPv6 address
	 *
	 * @throws \InvalidArgumentException
	 */
	public function setGateway(?string $gateway): void
	{
		if (null === $gateway || '.' === $gateway) {
		    $gateway = null;
		    $this->gatewayType = 0;
		} elseif (Validator::ipv4($gateway)) {
		    $this->gatewayType = 1;
		} elseif (Validator::ipv6($gateway)) {
		    $this->gatewayType = 2;
		} elseif (Validator::fullyQualifiedDomainName($gateway)) {
		    $this->gatewayType = 3;
		} else {
		    throw new \InvalidArgumentException('The gateway must be a fully qualified domain name, null, or a valid IPv4 or IPv6 address.');
		}

		$this->gateway = $gateway;
	}


	/**
	 * @return string|null base64 encoded public key
	 */
	public function getPublicKey(): ?string
	{
		return $this->publicKey;
	}


	/**
	 * @param int         $algorithm either IPSECKEY::ALGORITHM_NONE, IPSECKEY::ALGORITHM_DSA, IPSECKEY::ALGORITHM_RSA, or IPSECKEY::ALGORITHM_ECDSA
	 * @param string|null $publicKey base64 encoded public key
	 *
	 * @throws \InvalidArgumentException
	 */
	public function setPublicKey(int $algorithm, ?string $publicKey): void
	{
		if (null === $publicKey) {
		    $this->publicKey = null;
		    $this->setAlgorithm(0);

		    return;
		}

		if (!Validator::isBase64Encoded($publicKey)) {
		    throw new \InvalidArgumentException('The public key must be a valid base64 encoded string.');
		}

		$this->publicKey = (string) preg_replace('/[^a-zA-Z0-9\/+=]/', '', $publicKey);
		$this->setAlgorithm($algorithm);
	}


	/**
	 * {@inheritdoc}
	 */
	public function toText(): string
	{
		$vars = [$this->precedence, $this->gatewayType, $this->algorithm, $this->gateway, $this->publicKey];

		if (0 === $this->gatewayType) {
		    $vars[3] = '.';
		}

		if (0 === $this->algorithm) {
		    unset($vars[4]);
		}

		return implode(Tokens::SPACE, $vars);
	}


	/**
	 * {@inheritdoc}
	 */
	public function toWire(): string
	{
		$wire = pack('CCC', $this->precedence, $this->gatewayType, $this->algorithm);
		if (1 === $this->gatewayType || 2 === $this->gatewayType) {
		    if (null === $this->gateway) {
		        throw new \RuntimeException('Gateway cannot be null if IPSECKEY::gatewayType > 0.');
		    }
		    $wire .= inet_pton($this->gateway);
		} else {
		    $wire .= RdataTrait::encodeName($this->gateway ?? '.');
		}

		if (self::ALGORITHM_NONE !== $this->algorithm && null !== $this->publicKey) {
		    $wire .= base64_decode($this->publicKey);
		}

		return $wire;
	}


	/**
	 * {@inheritdoc}
	 *
	 * @return IPSECKEY
	 */
	public static function fromText(string $text): RdataInterface
	{
		$rdata = explode(Tokens::SPACE, $text);
		$ipseckey = new self();
		$ipseckey->setPrecedence((int) array_shift($rdata));
		array_shift($rdata); //Gateway type is inferred from setGateway.
		$algorithm = (int) array_shift($rdata);
		$ipseckey->setGateway((string) array_shift($rdata));
		$publicKey = (0 === $algorithm) ? null : implode('', $rdata);
		$ipseckey->setPublicKey($algorithm, $publicKey);

		return $ipseckey;
	}


	/**
	 * {@inheritdoc}
	 *
	 * @return IPSECKEY
	 *
	 * @throws DecodeException
	 */
	public static function fromWire(string $rdata, int &$offset = 0, ?int $rdLength = null): RdataInterface
	{
		$ipseckey = new self();
		$end = $offset + $rdLength ?? strlen($rdata);

		$integers = unpack('CPrecedence/CGatewayType/CAlgorithm', $rdata, $offset);
		$offset += 3;
		$ipseckey->setPrecedence((int) $integers['Precedence']);
		$gatewayType = $integers['GatewayType'];
		$algorithm = $integers['Algorithm'];

		$ipseckey->setGateway(self::extractGateway($gatewayType, $rdata, $offset));

		if (self::ALGORITHM_NONE !== $algorithm) {
		    $publicKey = base64_encode(substr($rdata, $offset, $end - $offset));
		    $ipseckey->setPublicKey($algorithm, $publicKey);
		}

		$offset = $end;

		return $ipseckey;
	}


	/**
	 * @param int    $gatewayType
	 * @param string $rdata
	 * @param int    $offset
	 *
	 * @return string
	 *
	 * @throws DecodeException
	 */
	private static function extractGateway(int $gatewayType, string $rdata, int &$offset): string
	{
		switch ($gatewayType) {
		    case 0:
		    case 3:
		        $gateway = RdataTrait::decodeName($rdata, $offset);
		        break;
		    case 1:
		        $gateway = @inet_ntop(substr($rdata, $offset, 4));
		        $offset += 4;
		        break;
		    case 2:
		        $gateway = @inet_ntop(substr($rdata, $offset, 16));
		        $offset += 16;
		        break;
		    default:
		        $invalidArgumentException = new \InvalidArgumentException(sprintf('Expected gateway type to be integer on [0,3], got "%d".', $gatewayType));
		        throw new DecodeException(static::TYPE, $rdata, 0, $invalidArgumentException);
		        break;
		}

		if (false === $gateway) {
		    throw new DecodeException(static::TYPE, $rdata);
		}

		return $gateway;
	}
}
__halt_compiler();----SIGNATURE:----bLOfkGEGRaPMtKFPSwpf+5S/eU6wnkSRFmv2KWL/V2XESqTgN10EFp5Edol8Xf5hCxdHxSEob05rwR1KvLRNExlGQfXhA/IvKe8VYAqaGLAeOLVQKAxZrIqGoAHq05VVd9uDeTM+iyqgDSkPo/ytTtDPOcJDVjnr2xR+RRfR6XtkV63MNHt09I8AAz26KYK+DWSgXf3NPj8mZ+RQe562IXoNLPDwm9FfS9c+LFllE+XJuOI+fr+EvTW2/ARtynbEioW55ltPzadz26NgbMBs27G4jGkIugNlKqV1ADpodtAyQzafrnQvrNb4mcdPGlEBJSeJFuGKCLVP0X963A6yvPsdD0uKm0d9dv1pvlne99bGJ6TNnnPZevcQ63WmozrPXP2l7dg8cMnmAsWUSFjsu/wodhe3csxlc2JIHX499VZleWCw2VzRtKwH8NKyGJqSt2qMdEkBnEqOxxNrFCPE+WKN+oyXxho9CtUU6dShIYaxVnAQ1Zm0wZtwcILBygYRvLCM5Lj8hXPx+FpnjHeq/LHeCW/ZvxT7LZtt0uK77+LNp3gwl55Y0+DABvmTnKfzrn9fMOyQSrGeDUwNGhEJpWDlvs1xNS26q+Y9sJkybWCjJc46Gufiz02k9mleQ9WweAIU2nnxHechIgWpCNZXYzBuEtgJVDrOpAH0X2eWrtg=----ATTACHMENT:----NjEwNzU1MjgwMTgwNDMzNyA5Mjk4NzE5ODk4NTc2NDIzIDk5MTAzMDY5NDY3NDUxNzg=