// Security Implementation
var auth = new Auth();

// Internal variables to the Security object
Security = new Object();
var bEndSession = false;

// More custom bloodhound java script code is at the bottom of the algorithm code.

/* A JavaScript implementation of the Secure Hash Algorithm, SHA-256
 * Version 0.3 Copyright Angel Marin 2003-2004 - http://anmar.eu.org/
 * Distributed under the BSD License
 * Some bits taken from Paul Johnston's SHA-1 implementation
 */

var chrsz = 8;  /* bits per input character. 8 - ASCII; 16 - Unicode  */
function safe_add (x, y) {
  var lsw = (x & 0xFFFF) + (y & 0xFFFF);
  var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
  return (msw << 16) | (lsw & 0xFFFF);
}
function S (X, n) {return ( X >>> n ) | (X << (32 - n));}
function R (X, n) {return ( X >>> n );}
function Ch(x, y, z) {return ((x & y) ^ ((~x) & z));}
function Maj(x, y, z) {return ((x & y) ^ (x & z) ^ (y & z));}
function Sigma0256(x) {return (S(x, 2) ^ S(x, 13) ^ S(x, 22));}
function Sigma1256(x) {return (S(x, 6) ^ S(x, 11) ^ S(x, 25));}
function Gamma0256(x) {return (S(x, 7) ^ S(x, 18) ^ R(x, 3));}
function Gamma1256(x) {return (S(x, 17) ^ S(x, 19) ^ R(x, 10));}
function core_sha256 (m, l) {
    var K = new Array(0x428A2F98,0x71374491,0xB5C0FBCF,0xE9B5DBA5,0x3956C25B,0x59F111F1,0x923F82A4,0xAB1C5ED5,0xD807AA98,0x12835B01,0x243185BE,0x550C7DC3,0x72BE5D74,0x80DEB1FE,0x9BDC06A7,0xC19BF174,0xE49B69C1,0xEFBE4786,0xFC19DC6,0x240CA1CC,0x2DE92C6F,0x4A7484AA,0x5CB0A9DC,0x76F988DA,0x983E5152,0xA831C66D,0xB00327C8,0xBF597FC7,0xC6E00BF3,0xD5A79147,0x6CA6351,0x14292967,0x27B70A85,0x2E1B2138,0x4D2C6DFC,0x53380D13,0x650A7354,0x766A0ABB,0x81C2C92E,0x92722C85,0xA2BFE8A1,0xA81A664B,0xC24B8B70,0xC76C51A3,0xD192E819,0xD6990624,0xF40E3585,0x106AA070,0x19A4C116,0x1E376C08,0x2748774C,0x34B0BCB5,0x391C0CB3,0x4ED8AA4A,0x5B9CCA4F,0x682E6FF3,0x748F82EE,0x78A5636F,0x84C87814,0x8CC70208,0x90BEFFFA,0xA4506CEB,0xBEF9A3F7,0xC67178F2);
    var HASH = new Array(0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19);
    var W = new Array(64);
    var a, b, c, d, e, f, g, h, i, j;
    var T1, T2;
    /* append padding */
    m[l >> 5] |= 0x80 << (24 - l % 32);
    m[((l + 64 >> 9) << 4) + 15] = l;
    for ( var i = 0; i<m.length; i+=16 ) {
        a = HASH[0]; b = HASH[1]; c = HASH[2]; d = HASH[3]; e = HASH[4]; f = HASH[5]; g = HASH[6]; h = HASH[7];
        for ( var j = 0; j<64; j++) {
            if (j < 16) W[j] = m[j + i];
            else W[j] = safe_add(safe_add(safe_add(Gamma1256(W[j - 2]), W[j - 7]), Gamma0256(W[j - 15])), W[j - 16]);
            T1 = safe_add(safe_add(safe_add(safe_add(h, Sigma1256(e)), Ch(e, f, g)), K[j]), W[j]);
            T2 = safe_add(Sigma0256(a), Maj(a, b, c));
            h = g; g = f; f = e; e = safe_add(d, T1); d = c; c = b; b = a; a = safe_add(T1, T2);
        }
        HASH[0] = safe_add(a, HASH[0]); HASH[1] = safe_add(b, HASH[1]); HASH[2] = safe_add(c, HASH[2]); HASH[3] = safe_add(d, HASH[3]); HASH[4] = safe_add(e, HASH[4]); HASH[5] = safe_add(f, HASH[5]); HASH[6] = safe_add(g, HASH[6]); HASH[7] = safe_add(h, HASH[7]);
    }
    return HASH;
}
function str2binb (str) {
  var bin = Array();
  var mask = (1 << chrsz) - 1;
  for(var i = 0; i < str.length * chrsz; i += chrsz)
    bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (24 - i%32);
  return bin;
}
function binb2hex (binarray) {
  var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */
  var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
  var str = "";
  for (var i = 0; i < binarray.length * 4; i++) {
    str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) + hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8  )) & 0xF);
  }
  return str;
}

// Modified to include Security "Namespace" concept.
Security.hex_sha256 = function(s) {return binb2hex(core_sha256(str2binb(s),s.length * chrsz));}

// Logs in the user (boolean indicating success)
Security.LoginUser = function(User, Pass)
{
    // First I need to get the Challenge from the server
    // Then I need to hash the password, append the Challenge and rehash as a whole
    // I then take the user ID and the rehashed value and send it on to the server
    var Challenge = auth.Challenge();
    var LocalToken = Security.hex_sha256(Security.hex_sha256(Pass) + Challenge);
    var ret = auth.Authenticate(User, LocalToken)
    if (ret == 0 && Pass.indexOf(' ') != -1)  // if login failed and password contains spaces, try again without spaces
    {
        LocalToken = Security.hex_sha256(Security.hex_sha256(Pass.split(' ').join('')) + Challenge);
        ret = auth.Authenticate(User, LocalToken)
    }
    if (ret == 1)
        Security.LoadUserVariables();
    return ret;
}

// Logs in the user (boolean indicating success)
Security.LoginHash = function(User, Pass)
{
    // First I need to get the Challenge from the server
    // Then I need to take the hashed password, append the Challenge and rehash as a whole
    // I then take the user ID and the rehashed value and send it on to the server
    var LocalToken = Security.hex_sha256(Pass + auth.Challenge());
    var ret = auth.Authenticate(User, LocalToken)
    if (ret == 1)
        Security.LoadUserVariables();
    return ret;
}

// This function loads the user variables into friendly variables to prevent multiple
// calls to the server while preserving the security "Namespace"
Security.LoadUserVariables = function()
{
    data = auth.GetUserData();
    Security.UserId = data.userId;
    Security.DisplayName = data.displayName;
    Security.Email = data.email;
}


Security.CheckFeature = function(feature) 
{
    return auth.CheckFeature(feature);
}

// Clears the user's authenticated session
Security.SignOut = function()
{
    auth.SignOut();
//    Security.Redirect("../../SignOut.htm");
    Security.Redirect("/");
}

// This function handles the pop up to warn the user that the session is about to expire.
Security.Warn = function()
{
    
    // Check to see if this is an authenticated user.  This function isn't necessary
    // if they are not yet.
    //if (Security.AuthenticatedUser())
    //{
        if (bEndSession) // Check to see if this user has allowed the session to expire.
        {
            auth.SignOut();
            Security.Redirect("../../TimeOut.htm");
        }
        else
        {
            var Page = location.href;
            if (auth.WarnUser())
            {
                if (Page.indexOf('localhost-not') > 0)
                {
                    Security.ExtendSession();
                }
                else
                {
                    // Warn user that their session is about to expire.
                    soundManager.play('timeoutSound');
                    Ext.MessageBox.alert('Timeout Warning', 'Please click OK to extend your session.  Otherwise you will be logged off.', Security.ExtendSession);
                    bEndSession = true;
                }
            }
            else
            {
                bEndSession = false;
                
            }
            setTimeout("Security.Warn();",60000);
        }
    //}
}

// Used through the application and in the "Warn" to see if the user is authenticated
// This particular function does NOT extend/renew the session, simply checks to see if the
// current session is active
Security.AuthenticatedUser = function() { return auth.AuthenticatedUser(false);}

// This function can be used throughout the application to extend the user's session.
// Useful due to the amount of javascript functionality in Bloodhound, theoretically, the user
// could be sifting through data returned from the server for an extended amount of time
// without having to pull any fresh data from the server.
Security.ExtendSession = function() 
{ 
                
    bEndSession = false;
    return auth.AuthenticatedUser(true);
}

Security.Redirect = function(loc) 
{
    var Page = location.href;
    if (Page.indexOf('main.htm') > 0)
    {
        window.location = loc;
    }
    else
    {
        parent.window.location = loc;
    }
}

// This function is called when the page is loaded  
Ext.onReady(function()
{
// This code can reside elsewhere, but since default.htm does not have it's own .JS file, we will set the display name here for now.
    var dn = document.getElementById('DisplayName')
    if (dn && Security.DisplayName)
        dn.innerHTML = Security.DisplayName;
});



// unless I am in the pages sections, I should be authenticated
var Page = location.href;


if (Page.indexOf('Pages') > 0)
{
    if(!auth.AuthenticatedUser(false))
        {   
            Security.Redirect("../../default.htm");
        }
        else
        {
            Security.LoadUserVariables();
        }
}