/*	Cryptnos Online Core Library
	Primary Author:  Jeffrey T. Darlington
	Last Updated:    March 22, 2011
	
	This JavaScript library provides the core functionality of Cryptnos Online
	aside from the actual cryptographic hashes themselves.  It takes care of
	form generation, input validation, and performing the core task of
	generating the user's password from the supplied inputs.  The goal is to
	minimize the mixing of JavaScript and HTML, so that the HTML page need only
	include a minimum of embedded JavaScript.
	
	This program is free software; you can redistribute it and/or modify it
	under the terms of the GNU General Public License as published by the Free
	Software Foundation; either version 2 of the License, or (at your option)
	any later version.

	This program is distributed in the hope that it will be useful, but WITHOUT
	ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
	more details.

	You should have received a copy of the GNU General Public License along with
	this program; if not, write to the Free Software Foundation, Inc.,
	51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

var Cryptnos = {};

/* Highlight the given form element: */
Cryptnos.HighlightBox = function(theBox)
{
	theBox.style.background = 'maroon';
	theBox.style.color = 'white';
	theBox.focus();
};

/* Unhighlight the given form element: */
Cryptnos.UnhighlightBox = function(theBox)
{
	theBox.style.background = 'black';
	theBox.style.color = '#C0C0C0';
};

/* Given a hash algorithm name, return the length of the Base64-encoded result-
   ing string.  This is used by VerifyLength() below to set the maximum length
   value the user can specify. */
Cryptnos.MaxHashLength = function(hash)
{
	/* This isn't particularly elegant; all I did was compute the hash of a
	   file using the specified algorithm, count the number of characters, and
	   hard-code it.  However, I thought that was more efficient than getting
	   that number programmatically.  Note that if we get an unexpected result,
	   we return a -1. */
	switch (hash) {
		case 'MD5':
			return 24;
		case 'SHA-1':
			return 28;
		case 'SHA-256':
			return 44;
		case 'SHA-512':
			return 88;
		case 'RIPEMD-160':
			return 28;
		default:
			return -1;
	}
};

/* Adjust the character limit restrictions options when a new hash algorithm is
   selected. */
Cryptnos.ChangeHash = function(hashBox)
{
	/* Get the hash algorithm and its maximum length: */
	var newHash = hashBox.value;
	var newMaxLength = Cryptnos.MaxHashLength(newHash);
	/* Get the currently selected limit by getting the currently selected
	   option: */
	var currCharLimit = Cryptnos.TheForm.charLimit.selectedIndex;
	var i = 0;
	/* If the new hash is a valid one: */
	if (newMaxLength > 0) {
		/* This probably isn't the most efficient way of doing things, but it
		   seems to be what works.  Rather than dynamically adding and removing
		   items from the list, we're going to be destructive and blow away
		   the entire character limit option array and recreate it every time
		   the hash changes.  Fortunatley, there aren't a lot of values in this
		   drop-down, so it shouldn't take very long.
		
		   I absolutely *hate* doing browser-specific code, but IE 7 just
		   doesn't want to play along.  While the code below works fine in all
		   the other browsers, it doesn't work for IE 7, so we'll have to test
		   for that separately. */
		var ie7regex = /MSIE 7/;
		if (ie7regex.test(navigator.userAgent)) {
			Cryptnos.TheForm.charLimit.options.length = 0;
			Cryptnos.TheForm.charLimit.options[0] = new Option("None", 0, true, false);
			for (i = 1; i <= newMaxLength; i++) {
				Cryptnos.TheForm.charLimit.options[i] = new Option(i, i, false, false);
			}
		/* I'm not happy with this code either, but the main reason I went this
		   route was that Safari didn't like the code above.  Fortunately, this
		   seems to work for everyone else except IE 7 (it even works with IE 8)
		   so it looks like the more compatible version. It's a bit weird, but
		   hey, this is JavaScript. *Everything* is weird. */
		} else {
			/* Taken from the following URL:
			   http://www.webmasters.am/blog/javascript-select-add-remove-methods-in-safari-bug-fix/javascript/2009/10/
			   We've wrapped the <select> in a <span> element in the form.
			   Safari doesn't like dynamically rebuilding selects, so we'll
			   start by completely blowing away the contents of the span and
			   we'll rebuild the entire select by hand. */
			var charLimitSpan = document.getElementById("charLimitSpan");
			charLimitSpan.innerHTML = "";
			/* Create the new select and make sure we give it the same name as
			   it had before: */
			var newSelect = document.createElement("select");
			newSelect.name = "charLimit";
			/* Create the first "None" option: */
			var newOption = document.createElement("option");
			newOption.text = "None";
			newOption.title = "The maximum length of the generated password. Note that character restriction settings may make the password shorter than this value.";
			newOption.value = 0;
			/* More browser-specific stuff:  Every other browser has a two
			   parameter add() method which takes an object for the second
			   item.  We want to add to the end of the list so we'll pass in a
			   null.  Except... IE doesn't do things this way.  It wants a
			   numeric index of the option to insert in front of, or we use a
			   one parameter add() to add it to the end.  We'll enclose the
			   standard-compliant version in a try block and let IE blow up
			   when it reaches it, falling back to the catch. */
			try { newSelect.add(newOption, null); }
			catch (ex1) { newSelect.add(newOption); }
			/* Now loop through the rest of the options, from 1 to the new max
			   length of the hash.  Note the try/catch similar to above. */
			for (i = 1; i <= newMaxLength; i++) {
				newOption = document.createElement("option");
				newOption.text = i;
				newOption.value = i;
				try { newSelect.add(newOption, null); }
				catch (ex2) { newSelect.add(newOption); }
			}
			/* Finally, add the new select into the span so it's visible: */
			charLimitSpan.appendChild(newSelect);
		}
		/* Now check the previously selected character limit and compare it to
		   the new max length.  If the old limit is bigger than the max length,
		   we might as well remove the limit entirely by selecting the first
		   item ("None"). */
		if (currCharLimit > newMaxLength) {
			Cryptnos.TheForm.charLimit.options[0].selected = true;
		/* Otherwise, simply reselect whatever we had before and keep the user's
		   preference: */
		} else {
			Cryptnos.TheForm.charLimit.options[currCharLimit].selected = true;
		}
	/* This shouldn't happen, but if the hash was invalid, complain: */
	} else {
		alert("Invalid hash algorithm detected. Please select a valid hash algorithm.");
	}
};

/* What to do when the Generate button is clicked: */
Cryptnos.Generate = function()
{
	/* Clear any highlighted boxes: */
	Cryptnos.UnhighlightBox(Cryptnos.TheForm.siteBox);
	Cryptnos.UnhighlightBox(Cryptnos.TheForm.password);
	Cryptnos.UnhighlightBox(Cryptnos.TheForm.charLimit);
	Cryptnos.UnhighlightBox(Cryptnos.TheForm.iterations);
	/* Make sure the site box is populated.  Note that we don't necessarily
	   care what's in it, but we just need *something*. */
	if (Cryptnos.TheForm.siteBox.value.length === 0) {
		alert("You must enter a site name or token in the Site Name text box.");
		Cryptnos.HighlightBox(Cryptnos.TheForm.siteBox);
		return false;
	}
	/* Similarly, make sure the password box is populated: */
	else if (Cryptnos.TheForm.password.value.length === 0) {
		alert("You must enter a master password in the Master Password text box.");
		Cryptnos.HighlightBox(Cryptnos.TheForm.password);
		return false;
	}
	/* If the inputs look good, continue: */
	else {
		/* Pick the hash algorithm to use based on the user's selection: */
		var hashAlgo = null;
		switch (Cryptnos.TheForm.hash.value) {
			case 'MD5':
				hashAlgo = CryptnosHashes.MD5;
				break;
			case 'SHA-1':
				hashAlgo = CryptnosHashes.SHA1;
				break;
			case 'SHA-256':
				hashAlgo = CryptnosHashes.SHA256;
				break;
			case 'SHA-512':
				hashAlgo = CryptnosHashes.SHA512;
				break;
			case 'RIPEMD-160':
				hashAlgo = CryptnosHashes.RIPEMD160;
				break;
			default:
				alert("ERROR: Invalid hash");
				return false;
		}
		/* Perform the actual hash.  Note that the iterations drop-down has a
		   zero-based index, so to get the actual number of iterations we just
		   need to add one to the selected index. */
		var theHash = Cryptnos.TheForm.siteBox.value + Cryptnos.TheForm.password.value;
		theHash = hashAlgo(theHash, Cryptnos.TheForm.iterations.selectedIndex + 1);
		/* Perform any character type restrictions: */
		switch (Cryptnos.TheForm.charType.value) {
			case '1':
				theHash = theHash.replace(/\W/g, '_');
				break;
			case '2':
				theHash = theHash.replace(/[^a-zA-Z0-9]/g, '');
				break;
			case '3':
				theHash = theHash.replace(/[^a-zA-Z]/g, '');
				break;
			case '4':
				theHash = theHash.replace(/\D/g, '');
				break;
			default:
				break;
		}
		/* Perform any character length restrictions.  For the character limit
		   drop-down, the first item, "None", will have a index of zero.  If the
		   index is greater than that, we'll impose a limit.  From there, the
		   limit value will be the same as the index in the option array, so
		   we'll use the selected index to cut the substring. */
		if (Cryptnos.TheForm.charLimit.selectedIndex > 0 && theHash.length > Cryptnos.TheForm.charLimit.selectedIndex) {
			theHash = theHash.substr(0, Cryptnos.TheForm.charLimit.selectedIndex);
		}
		/* Place the resulting hash in the output text box: */
		Cryptnos.TheForm.result.value = theHash;
	}
	/* Always return false here so we won't submit the form to the server: */
	return false;
};

/* Print out the main form.  This is pulled into the JavaScript so it won't get
   displayed at all if the user does not have JavaScript enabled. */
Cryptnos.PrintForm = function()
{
	var i = 1;
	document.writeln("<form name=\"cryptnos\" action=\"\" method=\"post\"><table>");
	document.writeln("<tr><td>Site Token:</td><td><input type=\"text\" name=\"siteBox\" value=\"\" title=\"The site name or token. This should be unique for each site.\" /></td></tr>");
	document.writeln("<tr><td>Master Password:</td><td><input type=\"password\" name=\"password\" value=\"\" size=\"100\" title=\"Your &quot;secret&quot;. NEVER reveal this input to anyone.\" /></td></tr>");
	document.writeln("<tr><td>Hash Algorithm:</td><td><select name=\"hash\" title=\"Changing hash algorithms is a good way to make different passphrases with the same inputs.\" onChange=\"javascript:Cryptnos.ChangeHash(this);\"><option value=\"MD5\">MD5</option><option value=\"SHA-1\" selected=\"selected\">SHA-1</option><option value=\"SHA-256\">SHA-256</option><option value=\"SHA-512\">SHA-512</option><option value=\"RIPEMD-160\">RIPEMD-160</option></select></td></tr>");
	/* SHA-384, Whirlpool, and Tiger are supported by the other clients, but we
	   don't have JavaScript versions of them yet.  Once we do, we'll add them
	   to the hash drop-down. */
	//<option value=\"SHA-384\">SHA-384</option><option value=\"Whirlpool\">Whirlpool</option><option value=\"Tiger\">Tiger</option>
	document.write("<tr><td>Hash Iterations:</td><td><select name=\"iterations\" title=\"The number of iterations of the hash algorithm to perform. Iterations are capped at 500 for performance and compatibility reasons.\" /><option value=\"1\" selected=\"selected\">1</option>");
	for (i = 2; i <= 500; i++) {
		document.write("<option value=\"" + i + "\">" + i + "</option>");
	}
	document.writeln("</select> iterations</td></tr>");
	document.writeln("<tr><td>Character Restriction:</td><td>Use <select name=\"charType\" title=\"Limit what types of characters the password will contain.\"><option value=\"0\" selected=\"selected\">all generated characters</option><option value=\"1\">alphanumerics, change others to underscores</option><option value=\"2\">alphanumerics only</option><option value=\"3\">alphabetic characters only</option><option value=\"4\">numbers only</option></select></td></tr>");
	document.write("<tr><td>Length Restriction:</td><td><span id=\"charLimitSpan\"><select name=\"charLimit\" title=\"The maximum length of the generated password. Note that character restriction settings may make the password shorter than this value.\"><option value=\"0\" selected=\"selected\">None</option>");
	for (i = 1; i <= Cryptnos.MaxHashLength("SHA-1"); i++) {
		document.write("<option value=\"" + i + "\">" + i + "</option>");
	}
	document.writeln("</select></span></td></tr>");
	document.writeln("<tr><td>Generate Password:</td><td><input name=\"generateBtn\" type=\"button\" value=\"Generate\" onClick=\"javascript:return Cryptnos.Generate();\" title=\"Click this button to generate your new password.\" /></td></tr>");
	document.writeln("<tr><td>Generated Password:</td><td><input type=\"text\" name=\"result\" value=\"\" size=\"100\" title=\"Your generated password. Changing this value will not affect your inputs above; this is only a result.\" /></td></tr>");
	document.writeln("</table></form>");
	/* Set the reference to the form, now that it's been built: */
	Cryptnos.TheForm = document.forms.cryptnos.elements;
};

/* For browsers we know we have specific problems with, tell the caller to
   display a warning that the browser is incompatible with Cryptnos. */
Cryptnos.IsBrowserCompatible = function()
{
	/* We don't even *care* if you're running IE 6: */
	var ie6regex = /MSIE 6/;
	if (ie6regex.test(navigator.userAgent)) { return false; }
	/* The Nintendo Wii doesn't work: */
	var wiiregex = /Wii/;
	if (wiiregex.test(navigator.userAgent)) { return false; }
	/* Everything else will default to true unless we have reason to
	   specifically warn the user about it. */
	return true;
};

/* This contains a reference to the form DOM, which we reference everywhere
   above. */
Cryptnos.TheForm = null;