<?php

/*  This file is part of studidcard.

    studidcard is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    studidcard is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
*/

require __DIR__ . '/vendor/autoload.php';
require __DIR__ . '/config/config.php';

use Spipu\Html2Pdf\Html2Pdf;

session_start();

if (!isset($_SESSION['id_token'])) {
    header('Location: index.php');
    exit();
}

// load keys
$private_key = file_get_contents('keys/private_key.bin');
$public_key  = file_get_contents('keys/public_key.bin');

// create data_json
foreach ($CONFIG['oidc']['mappings'] as $key => $value) {
    $data[$key] = $_SESSION[$key];
}

if ($CONFIG['version'] === '0.1') {
    $data_json   = json_encode($data);
    $data_crypt  = sodium_crypto_box_seal($data_json, sodium_crypto_sign_ed25519_pk_to_curve25519($public_key));
    $message['verify']    = 'ausweis.steinbeis.schule';
    $message['data']      = sodium_bin2base64($data_crypt, SODIUM_BASE64_VARIANT_URLSAFE);
    $message['signature'] = sodium_bin2base64(sodium_crypto_sign_detached($message['verify'] . $message['data'], $private_key), SODIUM_BASE64_VARIANT_URLSAFE); 
    $message_encoded = urlencode(json_encode($message));
} elseif ($CONFIG['version'] === '0.2') {
    $data_json   = json_encode($data);
    $data_crypt  = sodium_crypto_box_seal($data_json, sodium_crypto_sign_ed25519_pk_to_curve25519($public_key));
    $message_encoded = sodium_bin2base64(sodium_crypto_sign($data_crypt, $private_key), SODIUM_BASE64_VARIANT_URLSAFE); 
} elseif ($CONFIG['version'] === '0.3') {
    $nonce = random_bytes(SODIUM_CRYPTO_BOX_NONCEBYTES);
    $keypair = sodium_crypto_box_keypair_from_secretkey_and_publickey(
               sodium_crypto_sign_ed25519_sk_to_curve25519($private_key),
               sodium_crypto_sign_ed25519_pk_to_curve25519($public_key));
    $data_json   = json_encode($data);
    $data_crypt  = sodium_crypto_box($data_json, $nonce, $keypair);
    $data_crypt  = sodium_crypto_box_seal($data_json, sodium_crypto_sign_ed25519_pk_to_curve25519($public_key));
    $message_encoded = sodium_bin2base64(sodium_crypto_sign($data_crypt, $private_key), SODIUM_BASE64_VARIANT_URLSAFE); 
}

//echo $message_encoded . "\n Length:" . strlen($message_encoded);
//$message_encoded = urlencode(gzcompress(json_encode($message),9));

//echo "data_json: " . $data_json . "\n";
//echo "data_crypt: " . $data_crypt . "\n";
//echo "message: ";
//var_dump($message);
//echo "\n";
///////  sodium_crypto_sign_ed25519_sk_to_curve25519($private_key)
//echo "Message: ".$message_encoded;

$url = $CONFIG['baseurl'] . 'verify.php?v=' . $CONFIG['version'] . '&d=' . $message_encoded;

// url is needed by qrcode.php
$_SESSION['url'] = $url;

$verified = true;

if (isset($_GET['pdf'])) {
  $pdf=true;
  ob_start();
  include('idcard-print.php');
  $out = ob_get_contents();
  ob_end_clean();
  $html2pdf = new Html2Pdf(orientation:'L', format:Array(96,65), margins:Array(5,5,5,0));
  //$html2pdf = new Html2Pdf(orientation:'L', format:'BUSINESS_CARD',margins:Array(0,0,0,0));
  $html2pdf->writeHTML($out);
  $html2pdf->output('schuelerausweis.pdf','D');
} else {
  include('idcard.php');
}

?>