// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/installer/util/google_update_util.h"

#include <algorithm>
#include <map>
#include <utility>
#include <vector>

#include "base/command_line.h"
#include "base/environment.h"
#include "base/files/file_path.h"
#include "base/logging.h"
#include "base/memory/scoped_ptr.h"
#include "base/process/kill.h"
#include "base/process/launch.h"
#include "base/strings/string16.h"
#include "base/strings/string_split.h"
#include "base/time/time.h"
#include "base/win/registry.h"
#include "base/win/scoped_handle.h"
#include "chrome/installer/launcher_support/chrome_launcher_support.h"
#include "chrome/installer/util/google_update_constants.h"
#include "chrome/installer/util/google_update_settings.h"

using base::win::RegKey;

namespace google_update {

namespace {

const int kGoogleUpdateTimeoutMs = 20 * 1000;

const char kEnvVariableUntrustedData[] = "GoogleUpdateUntrustedData";
const int kEnvVariableUntrustedDataMaxLength = 4096;

// Returns true if Google Update is present at the given level.
bool IsGoogleUpdatePresent(bool system_install) {
  // Using the existence of version key in the registry to decide.
  return GoogleUpdateSettings::GetGoogleUpdateVersion(system_install).IsValid();
}

// Returns GoogleUpdateSetup.exe's executable path at specified level.
// or an empty path if none is found.
base::FilePath GetGoogleUpdateSetupExe(bool system_install) {
  const HKEY root_key = system_install ? HKEY_LOCAL_MACHINE : HKEY_CURRENT_USER;
  RegKey update_key;

  if (update_key.Open(root_key, kRegPathGoogleUpdate, KEY_QUERY_VALUE) ==
          ERROR_SUCCESS) {
    string16 path_str;
    string16 version_str;
    if ((update_key.ReadValue(kRegPathField, &path_str) == ERROR_SUCCESS) &&
        (update_key.ReadValue(kRegGoogleUpdateVersion, &version_str) ==
             ERROR_SUCCESS)) {
      return base::FilePath(path_str).DirName().Append(version_str).
          Append(kGoogleUpdateSetupExe);
    }
  }
  return base::FilePath();
}

// If Google Update is present at system-level, sets |cmd_string| to the command
// line to install Google Update at user-level and returns true.
// Otherwise, clears |cmd_string| and returns false.
bool GetUserLevelGoogleUpdateInstallCommandLine(string16* cmd_string) {
  cmd_string->clear();
  base::FilePath google_update_setup(
      GetGoogleUpdateSetupExe(true));  // system-level.
  if (!google_update_setup.empty()) {
    CommandLine cmd(google_update_setup);
    // Appends "/install runtime=true&needsadmin=false /silent /nomitag".
    // NB: /nomitag needs to be at the end.
    // Constants are found in code.google.com/p/omaha/common/const_cmd_line.h.
    cmd.AppendArg("/install");
    // The "&" can be used in base::LaunchProcess() without quotation
    // (this is problematic only if run from command prompt).
    cmd.AppendArg("runtime=true&needsadmin=false");
    cmd.AppendArg("/silent");
    cmd.AppendArg("/nomitag");
    *cmd_string = cmd.GetCommandLineString();
  }
  return !cmd_string->empty();
}

// Launches command |cmd_string|, and waits for |timeout| milliseconds before
// timing out.  To wait indefinitely, one can set
// |timeout| to be base::TimeDelta::FromMilliseconds(INFINITE).
// Returns true if this executes successfully.
// Returns false if command execution fails to execute, or times out.
bool LaunchProcessAndWaitWithTimeout(const string16& cmd_string,
                                     base::TimeDelta timeout) {
  bool success = false;
  base::win::ScopedHandle process;
  int exit_code = 0;
  VLOG(0) << "Launching: " << cmd_string;
  if (!base::LaunchProcess(cmd_string, base::LaunchOptions(),
                           &process)) {
    PLOG(ERROR) << "Failed to launch (" << cmd_string << ")";
  } else if (!base::WaitForExitCodeWithTimeout(process, &exit_code, timeout)) {
    // The GetExitCodeProcess failed or timed-out.
    LOG(ERROR) <<"Command (" << cmd_string << ") is taking more than "
               << timeout.InMilliseconds() << " milliseconds to complete.";
  } else if (exit_code != 0) {
    LOG(ERROR) << "Command (" << cmd_string << ") exited with code "
               << exit_code;
  } else {
    success = true;
  }
  return success;
}

bool IsNotPrintable(unsigned char c) {
  return c < 32 || c >= 127;
}

// Returns whether or not |s| consists of printable characters.
bool IsStringPrintable(const std::string& s) {
  return std::find_if(s.begin(), s.end(), IsNotPrintable) == s.end();
}

bool IsIllegalUntrustedDataKeyChar(unsigned char c) {
  return !(c >= 'A' && c <= 'Z' || c >= 'a' && c <= 'z' ||
           c >= '0' && c <= '9' || c == '-' || c == '_' || c == '$');
}

// Returns true if |key| from untrusted data is valid.
bool IsUntrustedDataKeyValid(const std::string& key) {
  return std::find_if(key.begin(), key.end(), IsIllegalUntrustedDataKeyChar)
      == key.end();
}

// Reads and parses untrusted data passed from Google Update as key-value
// pairs, then overwrites |untrusted_data_map| with the result.
// Returns true if data are successfully read.
bool GetGoogleUpdateUntrustedData(
    std::map<std::string, std::string>* untrusted_data) {
  DCHECK(untrusted_data);
  scoped_ptr<base::Environment> env(base::Environment::Create());
  std::string data_string;
  if (env == NULL || !env->GetVar(kEnvVariableUntrustedData, &data_string))
    return false;

  if (data_string.length() > kEnvVariableUntrustedDataMaxLength ||
      !IsStringPrintable(data_string)) {
    LOG(ERROR) << "Invalid value in " << kEnvVariableUntrustedData;
    return false;
  }

  VLOG(1) << kEnvVariableUntrustedData << ": " << data_string;

  std::vector<std::pair<std::string, std::string> > kv_pairs;
  if (!base::SplitStringIntoKeyValuePairs(data_string, '=', '&', &kv_pairs)) {
    LOG(ERROR) << "Failed to parse untrusted data: " << data_string;
    return false;
  }

  untrusted_data->clear();
  std::vector<std::pair<std::string, std::string> >::const_iterator it;
  for (it = kv_pairs.begin(); it != kv_pairs.end(); ++it) {
    const std::string& key(it->first);
    // TODO(huangs): URL unescape |value|.
    const std::string& value(it->second);
    if (IsUntrustedDataKeyValid(key) && IsStringPrintable(value))
      (*untrusted_data)[key] = value;
    else
      LOG(ERROR) << "Illegal character found in untrusted data.";
  }
  return true;
}

}  // namespace

bool EnsureUserLevelGoogleUpdatePresent() {
  VLOG(0) << "Ensuring Google Update is present at user-level.";

  bool success = false;
  if (IsGoogleUpdatePresent(false)) {
    success = true;
  } else {
    string16 cmd_string;
    if (!GetUserLevelGoogleUpdateInstallCommandLine(&cmd_string)) {
      LOG(ERROR) << "Cannot find Google Update at system-level.";
      // Ideally we should return false. However, this case should not be
      // encountered by regular users, and developers (who often installs
      // Chrome without Google Update) may be unduly impeded by this case.
      // Therefore we return true.
      success = true;
    } else {
      success = LaunchProcessAndWaitWithTimeout(cmd_string,
          base::TimeDelta::FromMilliseconds(INFINITE));
    }
  }
  return success;
}

bool UninstallGoogleUpdate(bool system_install) {
  bool success = false;
  string16 cmd_string(
      GoogleUpdateSettings::GetUninstallCommandLine(system_install));
  if (cmd_string.empty()) {
    success = true;  // Nothing to; vacuous success.
  } else {
    success = LaunchProcessAndWaitWithTimeout(cmd_string,
        base::TimeDelta::FromMilliseconds(kGoogleUpdateTimeoutMs));
  }
  return success;
}

std::string GetUntrustedDataValue(const std::string& key) {
  std::map<std::string, std::string> untrusted_data;
  if (GetGoogleUpdateUntrustedData(&untrusted_data)) {
    std::map<std::string, std::string>::const_iterator data_it(
        untrusted_data.find(key));
    if (data_it != untrusted_data.end())
      return data_it->second;
  }

  return std::string();
}

}  // namespace google_update