/****************************************************************
** Licensed Materials - Property of IBM
** IBM Cognos Products: CAMCrypto
** (C) Copyright IBM Corp. 2005, 2019
** US Government Users Restricted Rights - Use, duplication or 
** disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
********************************************************************/

// CAMAuthenticityTokenSession
// Operations supporting the generation of an Authenticity Token. See
// WO2385 - Client Token Phase One

function CAMAuthenticityTokenSession() {
	// Note: no return statement here
};
CAMAuthenticityTokenSession.prototype.generate = function()
{
	var cookieString = this._getCookie();
	if( !cookieString ){
		return null;
	}

	var authToken_version = "V1";
	// base64 decode content revealing the UserSessionID token.
	base64 = new Base64();
	var token = base64.decode64( cookieString );

	// Get Token Version.
	// var version = token.substring( 0, 1 ); 
	var version = token.charCodeAt( 0 ) & 0xFF;

	// Extract timelen.
	var szTimelen = token.substring( 1, 5 );	// timelength
	var timelen = this._intFromBytes( szTimelen );
	
	// Find the length of the user session id.
	var uidlenstart = 5 + timelen;
	var uidlenstop = uidlenstart + 4;
	var szuidlen = token.substring( uidlenstart, uidlenstop );
	var uidlen = this._intFromBytes( szuidlen );
	
	// Extract the string for the usersessionid.
	var uidstart = uidlenstop;
	var uidstop = uidstart + uidlen;
	var uid = token.substring( uidstart, uidstop );

	// In a version 1 USID token we only need the userSessionID. In version 2+
	// extract the string for the algorithm. Position to the beginning of digest 
	// algorithm length, ignore csk value.

	var cskIdLenStart = uidstop;			// cskidlen 
	var cskIdLenStop = cskIdLenStart + 4; 
	var szcskIdLen = token.substring( cskIdLenStart, cskIdLenStop );
	var cskIdLen = this._intFromBytes( szcskIdLen );

	var cskidstart = cskIdLenStop;			// cskid
	var cskidstop = cskidstart + cskIdLen;

	var digLenStart;

	if ( version >= 2 ) {

		var digAlgLenStart = cskidstop;			// digAlgLen
		var digAlgLenStop = digAlgLenStart + 4;
		var szdigAlgLen = token.substring( digAlgLenStart, digAlgLenStop );
		var digAlgLen = this._intFromBytes( szdigAlgLen );

		var digAlgStart = digAlgLenStop;		// digAlg
		var digAlgStop = digAlgStart + digAlgLen;
		var szDigAlg = token.substring( digAlgStart, digAlgStop );

		// Now that we have a value for the algorithm, ensure that it is valid.
		// alternatively we could let the issue be logged on the server.
		if (! ( szDigAlg in { 'SHA':'', 'SHA-1':'', 'SHA1':'', 'SHA-256':'', 'SHA-384':'', 'SHA-512':'' } )) {
			return "bad digest algorithm";
		}
		digLenStart = digAlgStop;			// diglen
	} else { // version 1
		digLenStart = cskidstop;			// diglen
	}

	var digLenStop = digLenStart + 4;
	var szdigLen = token.substring( digLenStart, digLenStop );
	var digLen = this._intFromBytes( szdigLen, 0, 4 );

	var digStart = digLenStop;			// dig
	var digStop = digStart + digLen;
	var dig = token.substring( digStart, digStop );

	var authToken = authToken_version + dig;

	// Base64 encode.
	b64 = new Base64();
	var b64Token = b64.encode64( authToken );
	
	// return b64Token;
	return b64Token;
};

CAMAuthenticityTokenSession.prototype._getCookie = function()
{
	var cookies = document.cookie.split(';');
	if( !cookies || !cookies.length){
		return null;
	}

	var cookieName = 'usersessionid=';

	for(var i=0; i<cookies.length; i++){
		var item = cookies[i].trim();
		if( item.indexOf(cookieName) === 0){
			var cookieVal = item.substring( cookieName.length);
			return cookieVal;
		};
	};
	return null;
}

CAMAuthenticityTokenSession.prototype._intFromBytes = function( bytes ) {
	var val = 0;
	for(var i=3; i>=0; i-- ) {
		val <<= 8;
		val |= (bytes.charCodeAt(i) & 0x00FF);
	}
	return val;
}