<?php
/**
 * ET Core OAuth Library
 *
 * Copyright © 2016-2017 Elegant Themes, Inc.
 *
 * Based on code from the TwitterOAuth Library:
 *   - Copyright © 2009-2016 Abraham Williams
 *   - Copyright © 2007-2009 Andy Smith
 *
 * @license
 * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
 * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
 * permit persons to whom the Software is furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all copies or substantial
 * portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
 * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
 * OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
 * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 */


class ET_Core_LIB_OAuthBase {
	/**
	 * Writes a message to the PHP error log.
	 *
	 * @since 1.1.0
	 *
	 * @param mixed $msg
	 */
	public static function write_log( $msg, $level = 'DEBUG', $_this = null ) {
		$name = ( null !== $_this ) ? get_class( $_this ) : 'ET_Core_LIB_OAuthBase';

		if ( ! is_string( $msg ) ) {
			$msg = print_r( $msg, true );
		}

		error_log( "{$name} [{$level}]: $msg" );
	}
}


class ET_Core_LIB_OAuthUtil {

	public static function build_http_query( $params, $return_json=false ) {
		if ( ! $params ) {
			return '';
		}

		if ( $return_json ) {
			// return json string without further processing if needed
			return json_encode( $params );
		}

		// Url encode both the keys and the values
		$keys   = ET_Core_LIB_OAuthUtil::urlencode_rfc3986( array_keys( $params ) );
		$values = ET_Core_LIB_OAuthUtil::urlencode_rfc3986( array_values( $params ) );
		$params = array_combine( $keys, $values );

		// Parameters are sorted by name, using lexicographical byte value ordering.
		// Ref: Spec: 9.1.1 (1)
		uksort( $params, 'strcmp' );
		$pairs = array();

		foreach ( $params as $parameter => $value ) {
			if ( is_array( $value ) ) {
					// When two or more parameters share the same name, they are sorted by their value
					// Ref: Spec: 9.1.1 (1)
					// June 12th, 2010 - changed to sort because of issue 164 by hidetaka
					sort( $value, SORT_STRING );

				foreach ( $value as $duplicate_value ) {
					$pairs[] = "{$parameter}={$duplicate_value}";
				}

			} else {
				$pairs[] = "{$parameter}={$value}";
			}
		}

		// For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61)
		// Each name-value pair is separated by an '&' character (ASCII code 38)
		return implode( '&', $pairs );
	}

	public static function parse_parameters( $input = '' ) {
		if ( '' === $input ) {
			return array();
		}

		$pairs             = explode( '&', $input );
		$parsed_parameters = array();

		foreach ( $pairs as $pair ) {
			$split     = explode( '=', $pair, 2 );
			$parameter = ET_Core_LIB_OAuthUtil::urldecode_rfc3986( $split[0] );
			$value     = isset( $split[1] ) ? ET_Core_LIB_OAuthUtil::urldecode_rfc3986( $split[1] ) : '';

			if ( isset( $parsed_parameters[ $parameter ] ) ) {
				// We have already received parameter(s) with this name, so add to the list
				// of parameters with this name
				if ( is_scalar( $parsed_parameters[ $parameter ] ) ) {
					// This is the first duplicate, so transform scalar (string) into an array
					// so we can add the duplicates
					$parsed_parameters[ $parameter ] = array( $parsed_parameters[ $parameter ] );
				}
				$parsed_parameters[ $parameter ][] = $value;
			} else {
				$parsed_parameters[ $parameter ] = $value;
			}
		}
		return $parsed_parameters;
	}

	public static function urldecode_rfc3986( $string ) {
		return rawurldecode( $string );
	}

	public static function urlencode_rfc3986( $input ) {
		$output = '';

		if ( is_array( $input ) ) {
			$output = array_map( array( 'ET_Core_LIB_OAuthUtil', 'urlencode_rfc3986' ), $input );

		} else if ( is_scalar( $input ) ) {
			$output = rawurlencode( utf8_encode( $input ) );
		}

		return $output;
	}
}

/**
 * A base class for implementing a Signature Method
 * See section 9 ("Signing Requests") in the spec
 */
abstract class ET_Core_LIB_OAuthSignatureMethod {
	/**
	 * Build the signature
	 * NOTE: The output of this function MUST NOT be urlencoded. The encoding is handled in
	 * {@link ET_Core_OAuth_Request} when the final request is serialized.
	 *
	 * @param ET_Core_LIB_OAuthRequest    $request
	 * @param ET_Core_LIB_OAuthConsumer   $consumer
	 * @param ET_Core_LIB_OAuthToken|null $token
	 *
	 * @return string
	 */
	abstract public function build_signature( $request, $consumer, $token = null );

	/**
	 * Verifies that a given signature is correct
	 *
	 * @param ET_Core_LIB_OAuthRequest  $request
	 * @param ET_Core_LIB_OAuthConsumer $consumer
	 * @param ET_Core_LIB_OAuthToken    $token
	 * @param string                    $signature
	 *
	 * @return bool
	 */
	public function check_signature( $request, $consumer, $token, $signature ) {
		$built = $this->build_signature( $request, $consumer, $token );

		// Check for zero length, although its unlikely here
		if ( empty( $built ) || empty( $signature ) ) {
			return false;
		}

		if ( strlen( $built ) !== strlen( $signature ) ) {
			return false;
		}

		// Avoid a timing leak with a (hopefully) time insensitive compare
		$result = 0;

		for ( $i = 0; $i < strlen( $signature ); $i ++ ) {
			$result |= ord( $built[ $i ] ) ^ ord( $signature[ $i ] );
		}

		return 0 === $result;
	}

	/**
	 * Returns the name of this Signature Method (ie HMAC-SHA1)
	 *
	 * @return string
	 */
	abstract public function get_name();
}


/**
 * The HMAC-SHA1 signature method uses the HMAC-SHA1 signature algorithm as defined in [RFC2104] where
 * the Signature Base String is the text and the key is the concatenated values of the Consumer Secret and
 * Token Secret (each encoded per Parameter Encoding first), separated by an '&' character (ASCII code 38)
 * even if empty. As per Chapter 9.2 of the HMAC-SHA1 spec.
 */
class ET_Core_LIB_OAuthHMACSHA1 extends ET_Core_LIB_OAuthSignatureMethod {
	/**
	 * @inheritDoc
	 */
	public function build_signature( $request, $consumer, $token = null ) {
		$base_string          = $request->get_signature_base_string();
		$token                = $token ? $token->secret : '';
		$request->base_string = $base_string;
		$key_parts            = array( $consumer->secret, $token );
		$key                  = implode( '&', $key_parts );

		return base64_encode( hash_hmac( 'sha1', $base_string, $key, true ) );
	}

	/**
	 * @inheritDoc
	 */
	public function get_name() {
		return 'HMAC-SHA1';
	}
}


class ET_Core_LIB_OAuthConsumer {
	public $callback_url;
	public $id;
	public $key;
	public $secret;

	public function __construct( $id, $secret, $callback_url = '' ) {
		$this->id           = $this->key = $id;
		$this->secret       = $secret;
		$this->callback_url = $callback_url;
	}

	function __toString() {
		$name = get_class( $this );
		$key  = 'ET_Core_LIB_OAuthConsumer' === $name ? 'key' : 'id';

		return "{$name}[{$key}={$this->key}, secret={$this->secret}]";
	}
}


class ET_Core_LIB_OAuthToken {
	public $key;
	public $secret;
	public $refresh_token;

	/**
	 * @param string $key    The OAuth Token
	 * @param string $secret The OAuth Token Secret
	 */
	public function __construct( $key, $secret ) {
		$this->key    = $key;
		$this->secret = $secret;
	}

	/**
	 * Generates the basic string serialization of a token that a server
	 * would respond to 'request_token' and 'access_token' calls with
	 *
	 * @return string
	 */
	public function __toString() {
		return sprintf( "oauth_token=%s&oauth_token_secret=%s",
			ET_Core_LIB_OAuthUtil::urlencode_rfc3986( $this->key ),
			ET_Core_LIB_OAuthUtil::urlencode_rfc3986( $this->secret )
		);
	}
}


class ET_Core_LIB_OAuthRequest extends ET_Core_LIB_OAuthBase {
	protected $parameters;
	protected $http_method;
	protected $http_url;
	public static $version = '1.0';
	public $base_string;

	/**
	 * ET_Core_OAuth_Request Constructor
	 *
	 * @param string     $http_method
	 * @param string     $http_url
	 * @param array|null $parameters
	 */
	public function __construct( $http_method, $http_url, $parameters = array() ) {
		$this->parameters  = $parameters;
		$this->http_method = $http_method;
		$this->http_url    = $http_url;
	}

	/**
	 * pretty much a helper function to set up the request
	 *
	 * @param ET_Core_LIB_OAuthConsumer $consumer
	 * @param ET_Core_LIB_OAuthToken    $token
	 * @param string                    $http_method
	 * @param string                    $http_url
	 * @param array                     $parameters
	 *
	 * @return ET_Core_LIB_OAuthRequest
	 */
	public static function from_consumer_and_token( $consumer, $token, $http_method, $http_url, $parameters = array() ) {
		$defaults = array(
			"oauth_version"      => ET_Core_LIB_OAuthRequest::$version,
			"oauth_nonce"        => ET_Core_LIB_OAuthRequest::generate_nonce(),
			"oauth_timestamp"    => time(),
			"oauth_consumer_key" => $consumer->key
		);

		if ( $token ) {
			$defaults['oauth_token'] = $token->key;
		}

		$parameters = wp_parse_args( $parameters, $defaults );

		return new ET_Core_LIB_OAuthRequest( $http_method, $http_url, $parameters );
	}

	/**
	 * Returns the HTTP Method in uppercase
	 *
	 * @return string
	 */
	public function get_normalized_http_method() {
		return strtoupper( $this->http_method );
	}

	/**
	 * parses the url and rebuilds it to be
	 * scheme://host/path
	 *
	 * @return string
	 */
	public function get_normalized_http_url() {
		$parts  = parse_url( $this->http_url );
		$scheme = $parts['scheme'];
		$host   = strtolower( $parts['host'] );
		$path   = $parts['path'];

		return "{$scheme}://{$host}{$path}";
	}

	/**
	 * @param $name
	 *
	 * @return string|null
	 */
	public function get_parameter( $name ) {
		return isset( $this->parameters[ $name ] ) ? $this->parameters[ $name ] : null;
	}

	/**
	 * @return array
	 */
	public function get_parameters() {
		return $this->parameters;
	}

	/**
	 * The request parameters, sorted and concatenated into a normalized string.
	 *
	 * @return string
	 */
	public function get_signable_parameters() {
		// Grab a copy of all parameters
		$params = $this->parameters;

		// Remove oauth_signature if present
		// Ref: Spec: 9.1.1 ("The oauth_signature parameter MUST be excluded.")
		if ( isset( $params['oauth_signature'] ) ) {
			unset( $params['oauth_signature'] );
		}

		return ET_Core_LIB_OAuthUtil::build_http_query( $params );
	}

	/**
	 * Returns the base string of this request
	 *
	 * The base string defined as the method, the url, and the parameters (normalized),
	 * each urlencoded and then concatenated with '&'.
	 *
	 * @return string
	 */
	public function get_signature_base_string() {
		$parts = array(
			$this->get_normalized_http_method(),
			$this->get_normalized_http_url(),
			$this->get_signable_parameters()
		);

		$parts = ET_Core_LIB_OAuthUtil::urlencode_rfc3986( $parts );

		return implode( '&', $parts );
	}

	/**
	 * @param $name
	 */
	public function remove_parameter( $name ) {
		unset( $this->parameters[ $name ] );
	}

	/**
	 * @param string $name
	 * @param string $value
	 */
	public function set_parameter( $name, $value ) {
		$this->parameters[ $name ] = $value;
	}

	/**
	 * Builds the data one would send in a POST request
	 * @param bool $need_json indicates the query data format ( http query string or json string )
	 *
	 * @return string
	 */
	public function to_post_data( $need_json = false ) {
		return ET_Core_LIB_OAuthUtil::build_http_query( $this->parameters, $need_json );
	}

	/**
	 * Builds a url usable for a GET request
	 *
	 * @return string
	 */
	public function to_url() {
		$postData = $this->to_post_data();
		$out      = $this->get_normalized_http_url();

		if ( $postData ) {
			$out .= '?' . $postData;
		}

		return $out;
	}

	/**
	 * Builds the HTTP Authorization Header
	 *
	 * @return string
	 */
	public function to_header() {
		$out = '';

		foreach ( $this->parameters as $parameter => $value ) {
			if ( 0 !== strpos( 'oauth', $parameter ) ) {
				continue;
			}

			if ( is_array( $value ) ) {
				self::write_log( 'Arrays not supported in headers!', 'ERROR' );
				continue;
			}

			$out .= ( '' === $out ) ? 'OAuth ' : ', ';
			$out .= ET_Core_LIB_OAuthUtil::urlencode_rfc3986( $parameter );
			$out .= '="' . ET_Core_LIB_OAuthUtil::urlencode_rfc3986( $value ) . '"';
		}

		return $out;
	}

	/**
	 * @return string
	 */
	public function __toString() {
		return $this->to_url();
	}

	/**
	 * @param ET_Core_LIB_OAuthSignatureMethod $signature_method
	 * @param ET_Core_LIB_OAuthConsumer        $consumer
	 * @param ET_Core_LIB_OAuthToken           $token
	 */
	public function sign_request( $signature_method, $consumer, $token = null ) {
		$this->set_parameter( 'oauth_signature_method', $signature_method->get_name() );
		$signature = $this->build_signature( $signature_method, $consumer, $token );
		$this->set_parameter( 'oauth_signature', $signature );
	}

	/**
	 * @param ET_Core_LIB_OAuthSignatureMethod $signatureMethod
	 * @param ET_Core_LIB_OAuthConsumer        $consumer
	 * @param ET_Core_LIB_OAuthToken           $token
	 *
	 * @return string
	 */
	public function build_signature( $signatureMethod, $consumer, $token = null ) {
		return $signatureMethod->build_signature( $this, $consumer, $token );
	}

	/**
	 * @return string
	 */
	public static function generate_nonce() {
		return md5( microtime() . mt_rand() );
	}
}