package cryptostore

import (
	"github.com/pkg/errors"
	crypto "github.com/tendermint/go-crypto"
)

var (
	// SecretBox uses the algorithm from NaCL to store secrets securely
	SecretBox Encoder = secretbox{}
	// Noop doesn't do any encryption, should only be used in test code
	Noop Encoder = noop{}
)

// Encoder is used to encrypt any key with a passphrase for storage.
//
// This should use a well-designed symetric encryption algorithm
type Encoder interface {
	Encrypt(key crypto.PrivKey, pass string) ([]byte, error)
	Decrypt(data []byte, pass string) (crypto.PrivKey, error)
}

func secret(passphrase string) []byte {
	// TODO: Sha256(Bcrypt(passphrase))
	return crypto.Sha256([]byte(passphrase))
}

type secretbox struct{}

func (e secretbox) Encrypt(key crypto.PrivKey, pass string) ([]byte, error) {
	s := secret(pass)
	cipher := crypto.EncryptSymmetric(key.Bytes(), s)
	return cipher, nil
}

func (e secretbox) Decrypt(data []byte, pass string) (crypto.PrivKey, error) {
	s := secret(pass)
	private, err := crypto.DecryptSymmetric(data, s)
	if err != nil {
		return crypto.PrivKey{}, errors.Wrap(err, "Invalid Passphrase")
	}
	key, err := crypto.PrivKeyFromBytes(private)
	return key, errors.Wrap(err, "Invalid Passphrase")
}

type noop struct{}

func (n noop) Encrypt(key crypto.PrivKey, pass string) ([]byte, error) {
	return key.Bytes(), nil
}

func (n noop) Decrypt(data []byte, pass string) (crypto.PrivKey, error) {
	return crypto.PrivKeyFromBytes(data)
}