import CurveCrypto from 'libsignal/src/curve25519_wrapper'
import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes } from 'crypto'
import { KeyPair } from '../Types'

export const Curve = {
	generateKeyPair: (): KeyPair => {
		const { pubKey, privKey } = CurveCrypto.keyPair(randomBytes(32))
		return {
			private: Buffer.from(privKey),
			public: Buffer.from(pubKey)
		}
	},
	sharedKey: (privateKey: Uint8Array, publicKey: Uint8Array) => {
		const shared = CurveCrypto.sharedSecret(publicKey, privateKey)
		return Buffer.from(shared)
	},
	sign: (privateKey: Uint8Array, buf: Uint8Array) => (
		Buffer.from(CurveCrypto.sign(privateKey, buf))
	),
	verify: (pubKey: Uint8Array, message: Uint8Array, signature: Uint8Array) => {
		try {
			CurveCrypto.verify(pubKey, message, signature)
			return true
		} catch(error) {
			if(error.message.includes('Invalid')) {
				return false
			}
			throw error
		}
	}
}

export const signedKeyPair = (keyPair: KeyPair, keyId: number) => {
    const signKeys = Curve.generateKeyPair()
    const pubKey = new Uint8Array(33)
    pubKey.set([5], 0)
    pubKey.set(signKeys.public, 1)

    const signature = Curve.sign(keyPair.private, pubKey)
  
    return { keyPair: signKeys, signature, keyId }
}

/** decrypt AES 256 CBC; where the IV is prefixed to the buffer */
export function aesDecrypt(buffer: Buffer, key: Buffer) {
    return aesDecryptWithIV(buffer.slice(16, buffer.length), key, buffer.slice(0, 16))
}
/** decrypt AES 256 CBC */
export function aesDecryptWithIV(buffer: Buffer, key: Buffer, IV: Buffer) {
    const aes = createDecipheriv('aes-256-cbc', key, IV)
    return Buffer.concat([aes.update(buffer), aes.final()])
}
// encrypt AES 256 CBC; where a random IV is prefixed to the buffer
export function aesEncrypt(buffer: Buffer | Uint8Array, key: Buffer) {
    const IV = randomBytes(16)
    const aes = createCipheriv('aes-256-cbc', key, IV)
    return Buffer.concat([IV, aes.update(buffer), aes.final()]) // prefix IV to the buffer
}
// encrypt AES 256 CBC with a given IV
export function aesEncrypWithIV(buffer: Buffer, key: Buffer, IV: Buffer) {
    const aes = createCipheriv('aes-256-cbc', key, IV)
    return Buffer.concat([aes.update(buffer), aes.final()]) // prefix IV to the buffer
}
// sign HMAC using SHA 256
export function hmacSign(buffer: Buffer | Uint8Array, key: Buffer | Uint8Array, variant: 'sha256' | 'sha512' = 'sha256') {
    return createHmac(variant, key).update(buffer).digest()
}
export function sha256(buffer: Buffer) {
    return createHash('sha256').update(buffer).digest()
}
// HKDF key expansion
// from: https://github.com/benadida/node-hkdf
export function hkdf(buffer: Uint8Array, expandedLength: number, { info, salt }: { salt?: Buffer, info?: string }) {
    const hashAlg = 'sha256'
    const hashLength = 32
    salt = salt || Buffer.alloc(hashLength)
    // now we compute the PRK
    const prk = createHmac(hashAlg, salt).update(buffer).digest()

    let prev = Buffer.from([])
    const buffers = []
    const num_blocks = Math.ceil(expandedLength / hashLength)
    
    const infoBuff = Buffer.from(info || [])

    for (var i=0; i<num_blocks; i++) {
      const hmac = createHmac(hashAlg, prk)
      // XXX is there a more optimal way to build up buffers?
      const input = Buffer.concat([
        prev,
        infoBuff,
        Buffer.from(String.fromCharCode(i + 1))
      ]);
      hmac.update(input)

      prev = hmac.digest()
      buffers.push(prev)
    }
    return Buffer.concat(buffers, expandedLength)
}