'use strict';

var asn1 = require('./asn1');
var aesid = require('./aesid.json');
var fixProc = require('./fixProc');
var ciphers = require('browserify-aes');
var compat = require('pbkdf2');
var Buffer = require('safe-buffer').Buffer;

function decrypt(data, password) {
	var salt = data.algorithm.decrypt.kde.kdeparams.salt;
	var iters = parseInt(data.algorithm.decrypt.kde.kdeparams.iters.toString(), 10);
	var algo = aesid[data.algorithm.decrypt.cipher.algo.join('.')];
	var iv = data.algorithm.decrypt.cipher.iv;
	var cipherText = data.subjectPrivateKey;
	var keylen = parseInt(algo.split('-')[1], 10) / 8;
	var key = compat.pbkdf2Sync(password, salt, iters, keylen, 'sha1');
	var cipher = ciphers.createDecipheriv(algo, key, iv);
	var out = [];
	out.push(cipher.update(cipherText));
	out.push(cipher['final']());
	return Buffer.concat(out);
}

function parseKeys(buffer) {
	var password;
	if (typeof buffer === 'object' && !Buffer.isBuffer(buffer)) {
		password = buffer.passphrase;
		buffer = buffer.key;
	}
	if (typeof buffer === 'string') {
		buffer = Buffer.from(buffer);
	}

	var stripped = fixProc(buffer, password);

	var type = stripped.tag;
	var data = stripped.data;
	var subtype, ndata;
	switch (type) {
		case 'CERTIFICATE':
			ndata = asn1.certificate.decode(data, 'der').tbsCertificate.subjectPublicKeyInfo;
			// falls through
		case 'PUBLIC KEY':
			if (!ndata) {
				ndata = asn1.PublicKey.decode(data, 'der');
			}
			subtype = ndata.algorithm.algorithm.join('.');
			switch (subtype) {
				case '1.2.840.113549.1.1.1':
					return asn1.RSAPublicKey.decode(ndata.subjectPublicKey.data, 'der');
				case '1.2.840.10045.2.1':
					ndata.subjectPrivateKey = ndata.subjectPublicKey;
					return {
						type: 'ec',
						data: ndata
					};
				case '1.2.840.10040.4.1':
					ndata.algorithm.params.pub_key = asn1.DSAparam.decode(ndata.subjectPublicKey.data, 'der');
					return {
						type: 'dsa',
						data: ndata.algorithm.params
					};
				default: throw new Error('unknown key id ' + subtype);
			}
			// throw new Error('unknown key type ' + type)
		case 'ENCRYPTED PRIVATE KEY':
			data = asn1.EncryptedPrivateKey.decode(data, 'der');
			data = decrypt(data, password);
			// falls through
		case 'PRIVATE KEY':
			ndata = asn1.PrivateKey.decode(data, 'der');
			subtype = ndata.algorithm.algorithm.join('.');
			switch (subtype) {
				case '1.2.840.113549.1.1.1':
					return asn1.RSAPrivateKey.decode(ndata.subjectPrivateKey, 'der');
				case '1.2.840.10045.2.1':
					return {
						curve: ndata.algorithm.curve,
						privateKey: asn1.ECPrivateKey.decode(ndata.subjectPrivateKey, 'der').privateKey
					};
				case '1.2.840.10040.4.1':
					ndata.algorithm.params.priv_key = asn1.DSAparam.decode(ndata.subjectPrivateKey, 'der');
					return {
						type: 'dsa',
						params: ndata.algorithm.params
					};
				default: throw new Error('unknown key id ' + subtype);
			}
			// throw new Error('unknown key type ' + type)
		case 'RSA PUBLIC KEY':
			return asn1.RSAPublicKey.decode(data, 'der');
		case 'RSA PRIVATE KEY':
			return asn1.RSAPrivateKey.decode(data, 'der');
		case 'DSA PRIVATE KEY':
			return {
				type: 'dsa',
				params: asn1.DSAPrivateKey.decode(data, 'der')
			};
		case 'EC PRIVATE KEY':
			data = asn1.ECPrivateKey.decode(data, 'der');
			return {
				curve: data.parameters.value,
				privateKey: data.privateKey
			};
		default: throw new Error('unknown key type ' + type);
	}
}
parseKeys.signature = asn1.signature;

module.exports = parseKeys;