package main

import (
	"crypto"
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha1"
	"crypto/x509"
	"encoding/pem"
	"errors"
	"io/fs"
	"log"
	"os"
)

var publicKey *rsa.PublicKey
var privateKey *rsa.PrivateKey

func initKeys() {
	pubKeyBytes, err1 := os.ReadFile("keys/public.key")
	privKeyBytes, err2 := os.ReadFile("keys/private.key")
	if err1 != nil || err2 != nil {
		log.Println("WARNING: At least one key half could not be opened, players will not have any textures!")
		log.Println("Try generating a keypair by running \"tripwire gen-keys\".")
		if config.DebugMode {
			log.Println(err1)
			log.Println(err2)
		}
		return
	}

	pubDer, _ := pem.Decode(pubKeyBytes)
	privDer, _ := pem.Decode(privKeyBytes)

	pubKey, err1 := x509.ParsePKIXPublicKey(pubDer.Bytes)
	privKey, err2 := x509.ParsePKCS8PrivateKey(privDer.Bytes)
	if err1 != nil || err2 != nil {
		log.Println("WARNING: At least one key half could not be loaded, players will not have any textures!")
		log.Println("Try generating a keypair by running \"tripwire gen-keys\".")
		if config.DebugMode {
			log.Println(err1)
			log.Println(err2)
		}
		return
	}
	publicKey = pubKey.(*rsa.PublicKey)
	privateKey = privKey.(*rsa.PrivateKey)
}

func genKeys() {
	os.Mkdir("keys", 0700)
	_, err1 := os.Stat("keys/public.key")
	_, err2 := os.Stat("keys/public.key")
	if err1 == nil || err2 == nil {
		log.Println(
			"Error: At least one key half is already present. " +
				"If you are having errors reading the key " +
				"files, you have likely incorrectly configured " +
				"folder permissions.",
		)
		log.Println(
			"If you would like to generate a new keypair anyway, " +
				"delete the keys folder and run this command again.",
		)
		os.Exit(1)
	}
	if !errors.Is(err1, fs.ErrNotExist) || !errors.Is(err2, fs.ErrNotExist) {
		log.Fatalln(
			"Error: Could not access keys folder. " +
				"Try recreating the folder, or running this command " +
				"as a user that has permissions to view it.",
		)
	}
	log.Println("Generating RSA keypair at 4096 bits...")
	privkey, err := rsa.GenerateKey(rand.Reader, 4096)
	if err != nil {
		log.Fatalln(err)
	}

	pubkeygen, err := x509.MarshalPKIXPublicKey(&privkey.PublicKey)
	if err != nil {
		log.Fatalln(err)
	}

	err = os.WriteFile(
		"keys/public.key",
		encodePem(pubkeygen, "PUBLIC KEY"),
		0600,
	)
	if err != nil {
		log.Fatalln(err)
	}

	privkeygen, err := x509.MarshalPKCS8PrivateKey(privkey)
	if err != nil {
		log.Fatalln(err)
	}

	err = os.WriteFile(
		"keys/private.key",
		encodePem(privkeygen, "PRIVATE KEY"),
		0600,
	)
	if err != nil {
		log.Fatalln(err)
	}
	log.Println("Done!")
}

func signWithPrivateKey(value string) ([]byte, error) {
	hasher := sha1.New()
	hasher.Write([]byte(value))

	return rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA1, hasher.Sum(nil))
}

func encodePem(in []byte, name string) []byte {
	return pem.EncodeToMemory(
		&pem.Block{
			Type:  name,
			Bytes: in,
		},
	)
}