package rsa

import (
	"bytes"
	"crypto"
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha1"
	"crypto/x509"
	"encoding/base64"
	"fmt"
)

//Secret defines the private key type
type Secret uint

const (
	PKCS1 Secret = iota
	PKCS8
)

// SignWithSha1Base64 @Title 签名 采用sha1算法进行签名并输出为Base64格式
func SignWithSha1Base64(data string, privateKey *rsa.PrivateKey) (string, error) {
	h := sha1.New()
	h.Write([]byte(data))
	hash := h.Sum(nil)
	signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA1, hash[:])
	if err != nil {
		return "", err
	}
	out := base64.StdEncoding.EncodeToString(signature)
	return out, nil
}

// EncryptWithSha1Base64 @Title 加密 采用sha1算法加密后转base64格式
func EncryptWithSha1Base64(originalData string, publicKey *rsa.PublicKey) (string, error) {
	partLen := publicKey.N.BitLen()/8 - 11
	chunks := split([]byte(originalData), partLen)
	buff := bytes.NewBufferString("")
	for _, chunk := range chunks {
		encryptedData, err := rsa.EncryptPKCS1v15(rand.Reader, publicKey, chunk)
		if err != nil {
			return "", err
		}
		buff.Write(encryptedData)
	}
	return base64.StdEncoding.EncodeToString(buff.Bytes()), nil
}

// DecryptWithSha1Base64 @Title 解密 对采用sha1算法加密后转base64格式的数据进行解密
func DecryptWithSha1Base64(encryptedData string, privateKey *rsa.PrivateKey) (string, error) {
	encryptedDecodeBytes, err := base64.StdEncoding.DecodeString(encryptedData)
	if err != nil {
		return "", err
	}
	partLen := privateKey.PublicKey.N.BitLen() / 8
	chunks := split(encryptedDecodeBytes, partLen)
	buffer := bytes.NewBufferString("")
	for _, chunk := range chunks {
		decrypted, err := rsa.DecryptPKCS1v15(rand.Reader, privateKey, chunk)
		if err != nil {
			return "", err
		}
		buffer.Write(decrypted)
	}
	return buffer.String(), err
}

func split(buf []byte, lim int) [][]byte {
	var chunk []byte
	chunks := make([][]byte, 0, len(buf)/lim+1)
	for len(buf) >= lim {
		chunk, buf = buf[:lim], buf[lim:]
		chunks = append(chunks, chunk)
	}
	if len(buf) > 0 {
		chunks = append(chunks, buf[:len(buf)])
	}
	return chunks
}

//ParsePrivateKey parses private key bytes to rsa privateKey
func ParsePrivateKey(privateKeyDecoded string, keyType Secret) (*rsa.PrivateKey, error) {
	decodeString, err := base64.StdEncoding.DecodeString(privateKeyDecoded)
	if err != nil {
		return nil, err
	}
	switch keyType {
	case PKCS1:
		return x509.ParsePKCS1PrivateKey(decodeString)
	case PKCS8:
		keyParsed, err := x509.ParsePKCS8PrivateKey(decodeString)
		return keyParsed.(*rsa.PrivateKey), err
	default:
		return &rsa.PrivateKey{}, fmt.Errorf("secretInfo PrivateKeyDataType unsupport")
	}
}

//ParsePublicKey parses public key bytes to rsa publicKey
func ParsePublicKey(privateKeyDecoded string) (*rsa.PublicKey, error) {
	decodeString, err := base64.StdEncoding.DecodeString(privateKeyDecoded)
	if err != nil {
		return nil, err
	}
	publicKey, err := x509.ParsePKIXPublicKey(decodeString)
	if err != nil {
		return nil, err
	}
	return publicKey.(*rsa.PublicKey), nil
}

// ParseCertificate 解析证书
func ParseCertificate(certString string) (*x509.Certificate, error) {
	decodeString, _ := base64.StdEncoding.DecodeString(certString)
	return x509.ParseCertificate(decodeString)
}

// RsaEncrypt @Title Rsa加密
func RsaEncrypt(origData []byte, publicKey *rsa.PublicKey) ([]byte, error) {
	return rsa.EncryptPKCS1v15(rand.Reader, publicKey, origData)
}

// RsaDecrypt @Title Rsa解密
func RsaDecrypt(ciphertext []byte, privateKey *rsa.PrivateKey) ([]byte, error) {
	return rsa.DecryptPKCS1v15(rand.Reader, privateKey, ciphertext)
}