module:set_global();

local http_request = require"socket.http".request;

local ltn12 = require"ltn12";

local json = require"util.json";

local json_encode, json_decode = json.encode, json.decode;

local gettime = require"socket".gettime;

local serialize = require"util.serialization".serialize;

local msva_url = assert(os.getenv"MONKEYSPHERE_VALIDATION_AGENT_SOCKET",

	"MONKEYSPHERE_VALIDATION_AGENT_SOCKET is unset, please set it").."/reviewcert";

local function check_with_monkeysphere(event)

	local session, host, cert = event.session, event.host, event.cert;

	local result = {};

	local post_body = json_encode {

		peer = {

			name = host;

			type = "peer";

		};

		context = "https";

		-- context = "xmpp"; -- Monkeysphere needs to be extended to understand this

		pkc = {

			type = "x509pem";

			data = cert:pem();

		};

	}

	local req = {

		method = "POST";

		url = msva_url;

		headers = {

			["Content-Type"] = "application/json";

			["Content-Length"] = tostring(#post_body);

		};

		sink = ltn12.sink.table(result);

		source = ltn12.source.string(post_body);

	};

	session.log("debug", "Asking what Monkeysphere thinks about this certificate");

	local starttime = gettime();

	local ok, code = http_request(req);

	module:log("debug", "Request took %fs", gettime() - starttime);

	local body = table.concat(result);

	if ok and code == 200 and body then

		body = json_decode(body);

		if body then

			session.log(body.valid and "info" or "warn", "Monkeysphere thinks the cert is %salid: %s", body.valid and "V" or "Inv", body.message);

			if body.valid then

				session.cert_chain_status = "valid";

				session.cert_identity_status = "valid";

				return true;

			end

		end

	else

		module:log("warn", "Request failed: %s, %s", tostring(code), tostring(body));

		module:log("debug", serialize(req));

	end

end

module:hook("s2s-check-certificate", check_with_monkeysphere);