package main

import (
	"crypto"
	"encoding/base64"
	"flag"
	"fmt"
	"io/ioutil"

	"git.zero-knowledge.org/gibheer/pki"
)

func VerifyInput(args []string) error {
	fs := flag.NewFlagSet("pkictl verify-input", flag.ExitOnError)
	flagPublic := fs.String("public-key", "", "path to the public key or read from stdin")
	flagInput := fs.String("input", "stdin", "path to the message or stdin")
	flagSignature := fs.String("signature", "", "the signature to check the message against")
	fs.Parse(args)

	sig, err := base64.StdEncoding.DecodeString(*flagSignature)
	if err != nil {
		return err
	}

	in, err := openInput(*flagInput)
	if err != nil {
		return err
	}
	defer in.Close()
	msg, err := ioutil.ReadAll(in)
	if err != nil {
		return err
	}

	pub_raw, err := openInput(*flagPublic)
	if err != nil {
		return err
	}
	defer pub_raw.Close()
	pem, err := parseFile(pub_raw)
	if err != nil {
		return err
	}
	if len(pem) > 1 {
		return fmt.Errorf("too many objects in public key file")
	}
	if len(pem[pki.PemLabelPublic]) > 1 {
		return fmt.Errorf("too many public keys found")
	}

	public, err := loadPublicKey(pem[pki.PemLabelPublic][0])
	if err != nil {
		return err
	}

	valid, err := public.Verify(msg, sig, crypto.SHA256)
	if valid {
		fmt.Println("valid")
		return nil
	}
	fmt.Println("invalid")
	return err
}

func loadPublicKey(raw_pu []byte) (pki.PublicKey, error) {
	if public, err := pki.LoadPublicKeyEd25519(raw_pu); err != nil {
		return public, nil
	}
	if public, err := pki.LoadPublicKeyEcdsa(raw_pu); err == nil {
		return public, nil
	}
	if public, err := pki.LoadPublicKeyRsa(raw_pu); err == nil {
		return public, nil
	}
	return nil, fmt.Errorf("no valid public key found")
}