package main

import (
	"crypto/elliptic"
	"errors"
	"fmt"
	"os"

	"github.com/gibheer/pki"
)

const (
	RsaLowerLength = 2048
	RsaUpperLength = 16384
)

var (
	// error messages
	ErrNoPKFound     = errors.New("no private key found")
	ErrNoPUFound     = errors.New("no public key found")
	ErrUnknownFormat = errors.New("key is an unknown format")

	// the possible ecdsa curves allowed to be used
	EcdsaCurves = []int{224, 256, 384, 521}

	// Command to create a private key
	CmdCreatePrivateKey = &Command{
		Use:     "create-private",
		Short:   "create a private key",
		Long:    "Create an ecdsa or rsa key with this command",
		Example: "create-private -type=ecdsa -length=521",
		Run:     create_private_key,
	}
	// private key specific stuff
	FlagPrivateKeyGeneration privateKeyGenerationFlags
)

type (
	// The flags specific to create a private key
	privateKeyGenerationFlags struct {
		Type  string         // type of the private key (rsa, ecdsa)
		Curve elliptic.Curve // curve for ecdsa
		Size  int            // bitsize for rsa
	}
)

// create a new private key
func create_private_key(cmd *Command, args []string) {
	err := checkFlags(checkOutput, checkPrivateKeyGeneration)
	if err != nil {
		crash_with_help(cmd, ErrorFlagInput, "Flags invalid: %s", err)
	}

	var pk pki.Pemmer
	switch FlagPrivateKeyGeneration.Type {
	case "ecdsa":
		pk, err = pki.NewPrivateKeyEcdsa(FlagPrivateKeyGeneration.Curve)
	case "rsa":
		pk, err = pki.NewPrivateKeyRsa(FlagPrivateKeyGeneration.Size)
	case "ed25519":
		pk, err = pki.NewPrivateKeyEd25519()
	default:
		crash_with_help(cmd, ErrorInput, "Unknown private key type '%s'", FlagPrivateKeyGeneration.Type)
	}
	if err != nil {
		crash_with_help(cmd, ErrorProgram, "Error creating private key: %s", err)
	}
	marsh_pem, err := pk.MarshalPem()
	if err != nil {
		crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err)
	}
	_, err = marsh_pem.WriteTo(FlagOutput)
	if err != nil {
		crash_with_help(cmd, ErrorProgram, "Error when writing output: %s", err)
	}
}

// This function adds the private key generation flags.
func InitFlagPrivateKeyGeneration(cmd *Command) {
	cmd.Flags().StringVar(&flagContainer.cryptType, "type", "ecdsa", "the type of the private key (ecdsa, rsa)")
	cmd.Flags().IntVar(
		&flagContainer.length,
		"length", 521,
		fmt.Sprintf("%d - %d for rsa; one of %v for ecdsa", RsaLowerLength, RsaUpperLength, EcdsaCurves),
	)
}

// check the private key generation variables and move them to the work space
func checkPrivateKeyGeneration() error {
	pk_type := flagContainer.cryptType
	FlagPrivateKeyGeneration.Type = pk_type
	switch pk_type {
	case "ecdsa":
		switch flagContainer.length {
		case 224:
			FlagPrivateKeyGeneration.Curve = elliptic.P224()
		case 256:
			FlagPrivateKeyGeneration.Curve = elliptic.P256()
		case 384:
			FlagPrivateKeyGeneration.Curve = elliptic.P384()
		case 521:
			FlagPrivateKeyGeneration.Curve = elliptic.P521()
		default:
			return fmt.Errorf("Curve %d unknown!", flagContainer.length)
		}
	case "rsa":
		size := flagContainer.length
		if RsaLowerLength <= size && size <= RsaUpperLength {
			FlagPrivateKeyGeneration.Size = size
		} else {
			return fmt.Errorf("Length of %d is not allowed for rsa!", size)
		}
	case "ed25519":
	default:
		return fmt.Errorf("Type %s is unknown!", pk_type)
	}
	return nil
}

// add the private key option to the requested flags
func InitFlagPrivateKey(cmd *Command) {
	cmd.Flags().StringVar(&flagContainer.privateKeyPath, "private-key", "", "path to the private key (required)")
}

// check the private key flag and load the private key
func checkPrivateKey() error {
	if flagContainer.privateKeyPath == "" {
		return fmt.Errorf("No private key given!")
	}
	// check permissions of private key file
	info, err := os.Stat(flagContainer.privateKeyPath)
	if err != nil {
		return fmt.Errorf("Error reading private key: %s", err)
	}
	if info.Mode().Perm().String()[4:] != "------" {
		return fmt.Errorf("private key file modifyable by others!")
	}

	pk, err := ReadPrivateKeyFile(flagContainer.privateKeyPath)
	if err != nil {
		return fmt.Errorf("Error reading private key: %s", err)
	}
	FlagPrivateKey = pk
	return nil
}

// Read the private key from the path and try to figure out which type of key it
// might be.
func ReadPrivateKeyFile(path string) (pki.PrivateKey, error) {
	raw_pk, err := readSectionFromFile(path, pki.PemLabelEcdsa)
	if err == nil {
		pk, err := pki.LoadPrivateKeyEcdsa(raw_pk)
		if err != nil {
			return nil, err
		}
		return pk, nil
	}
	raw_pk, err = readSectionFromFile(path, pki.PemLabelRsa)
	if err == nil {
		pk, err := pki.LoadPrivateKeyRsa(raw_pk)
		if err != nil {
			return nil, err
		}
		return pk, nil
	}
	return nil, ErrNoPKFound
}

// read the public key and try to figure out what kind of key it might be
func ReadPublicKeyFile(path string) (pki.PublicKey, error) {
	raw_pu, err := readSectionFromFile(path, pki.PemLabelPublic)
	if err != nil {
		return nil, ErrNoPUFound
	}

	var public pki.PublicKey
	public, err = pki.LoadPublicKeyEcdsa(raw_pu)
	if err == nil {
		return public, nil
	}
	public, err = pki.LoadPublicKeyRsa(raw_pu)
	if err == nil {
		return public, nil
	}
	return nil, ErrUnknownFormat
}