// Copyright 2015 Joyent, Inc.

module.exports = Signature;

var assert = require('assert-plus'); var Buffer = require('safer-buffer').Buffer; var algs = require('./algs'); var crypto = require('crypto'); var errs = require('./errors'); var utils = require('./utils'); var asn1 = require('asn1'); var SSHBuffer = require('./ssh-buffer');

var InvalidAlgorithmError = errs.InvalidAlgorithmError; var SignatureParseError = errs.SignatureParseError;

function Signature(opts) {

assert.object(opts, 'options');
assert.arrayOfObject(opts.parts, 'options.parts');
assert.string(opts.type, 'options.type');

var partLookup = {};
for (var i = 0; i < opts.parts.length; ++i) {
        var part = opts.parts[i];
        partLookup[part.name] = part;
}

this.type = opts.type;
this.hashAlgorithm = opts.hashAlgo;
this.curve = opts.curve;
this.parts = opts.parts;
this.part = partLookup;

}

Signature.prototype.toBuffer = function (format) {

if (format === undefined)
        format = 'asn1';
assert.string(format, 'format');

var buf;
var stype = 'ssh-' + this.type;

switch (this.type) {
case 'rsa':
        switch (this.hashAlgorithm) {
        case 'sha256':
                stype = 'rsa-sha2-256';
                break;
        case 'sha512':
                stype = 'rsa-sha2-512';
                break;
        case 'sha1':
        case undefined:
                break;
        default:
                throw (new Error('SSH signature ' +
                    'format does not support hash ' +
                    'algorithm ' + this.hashAlgorithm));
        }
        if (format === 'ssh') {
                buf = new SSHBuffer({});
                buf.writeString(stype);
                buf.writePart(this.part.sig);
                return (buf.toBuffer());
        } else {
                return (this.part.sig.data);
        }
        break;

case 'ed25519':
        if (format === 'ssh') {
                buf = new SSHBuffer({});
                buf.writeString(stype);
                buf.writePart(this.part.sig);
                return (buf.toBuffer());
        } else {
                return (this.part.sig.data);
        }
        break;

case 'dsa':
case 'ecdsa':
        var r, s;
        if (format === 'asn1') {
                var der = new asn1.BerWriter();
                der.startSequence();
                r = utils.mpNormalize(this.part.r.data);
                s = utils.mpNormalize(this.part.s.data);
                der.writeBuffer(r, asn1.Ber.Integer);
                der.writeBuffer(s, asn1.Ber.Integer);
                der.endSequence();
                return (der.buffer);
        } else if (format === 'ssh' && this.type === 'dsa') {
                buf = new SSHBuffer({});
                buf.writeString('ssh-dss');
                r = this.part.r.data;
                if (r.length > 20 && r[0] === 0x00)
                        r = r.slice(1);
                s = this.part.s.data;
                if (s.length > 20 && s[0] === 0x00)
                        s = s.slice(1);
                if ((this.hashAlgorithm &&
                    this.hashAlgorithm !== 'sha1') ||
                    r.length + s.length !== 40) {
                        throw (new Error('OpenSSH only supports ' +
                            'DSA signatures with SHA1 hash'));
                }
                buf.writeBuffer(Buffer.concat([r, s]));
                return (buf.toBuffer());
        } else if (format === 'ssh' && this.type === 'ecdsa') {
                var inner = new SSHBuffer({});
                r = this.part.r.data;
                inner.writeBuffer(r);
                inner.writePart(this.part.s);

                buf = new SSHBuffer({});
                /* XXX: find a more proper way to do this? */
                var curve;
                if (r[0] === 0x00)
                        r = r.slice(1);
                var sz = r.length * 8;
                if (sz === 256)
                        curve = 'nistp256';
                else if (sz === 384)
                        curve = 'nistp384';
                else if (sz === 528)
                        curve = 'nistp521';
                buf.writeString('ecdsa-sha2-' + curve);
                buf.writeBuffer(inner.toBuffer());
                return (buf.toBuffer());
        }
        throw (new Error('Invalid signature format'));
default:
        throw (new Error('Invalid signature data'));
}

};

Signature.prototype.toString = function (format) {

assert.optionalString(format, 'format');
return (this.toBuffer(format).toString('base64'));

};

Signature.parse = function (data, type, format) {

if (typeof (data) === 'string')
        data = Buffer.from(data, 'base64');
assert.buffer(data, 'data');
assert.string(format, 'format');
assert.string(type, 'type');

var opts = {};
opts.type = type.toLowerCase();
opts.parts = [];

try {
        assert.ok(data.length > 0, 'signature must not be empty');
        switch (opts.type) {
        case 'rsa':
                return (parseOneNum(data, type, format, opts));
        case 'ed25519':
                return (parseOneNum(data, type, format, opts));

        case 'dsa':
        case 'ecdsa':
                if (format === 'asn1')
                        return (parseDSAasn1(data, type, format, opts));
                else if (opts.type === 'dsa')
                        return (parseDSA(data, type, format, opts));
                else
                        return (parseECDSA(data, type, format, opts));

        default:
                throw (new InvalidAlgorithmError(type));
        }

} catch (e) {
        if (e instanceof InvalidAlgorithmError)
                throw (e);
        throw (new SignatureParseError(type, format, e));
}

};

function parseOneNum(data, type, format, opts) {

if (format === 'ssh') {
        try {
                var buf = new SSHBuffer({buffer: data});
                var head = buf.readString();
        } catch (e) {
                /* fall through */
        }
        if (buf !== undefined) {
                var msg = 'SSH signature does not match expected ' +
                    'type (expected ' + type + ', got ' + head + ')';
                switch (head) {
                case 'ssh-rsa':
                        assert.strictEqual(type, 'rsa', msg);
                        opts.hashAlgo = 'sha1';
                        break;
                case 'rsa-sha2-256':
                        assert.strictEqual(type, 'rsa', msg);
                        opts.hashAlgo = 'sha256';
                        break;
                case 'rsa-sha2-512':
                        assert.strictEqual(type, 'rsa', msg);
                        opts.hashAlgo = 'sha512';
                        break;
                case 'ssh-ed25519':
                        assert.strictEqual(type, 'ed25519', msg);
                        opts.hashAlgo = 'sha512';
                        break;
                default:
                        throw (new Error('Unknown SSH signature ' +
                            'type: ' + head));
                }
                var sig = buf.readPart();
                assert.ok(buf.atEnd(), 'extra trailing bytes');
                sig.name = 'sig';
                opts.parts.push(sig);
                return (new Signature(opts));
        }
}
opts.parts.push({name: 'sig', data: data});
return (new Signature(opts));

}

function parseDSAasn1(data, type, format, opts) {

var der = new asn1.BerReader(data);
der.readSequence();
var r = der.readString(asn1.Ber.Integer, true);
var s = der.readString(asn1.Ber.Integer, true);

opts.parts.push({name: 'r', data: utils.mpNormalize(r)});
opts.parts.push({name: 's', data: utils.mpNormalize(s)});

return (new Signature(opts));

}

function parseDSA(data, type, format, opts) {

if (data.length != 40) {
        var buf = new SSHBuffer({buffer: data});
        var d = buf.readBuffer();
        if (d.toString('ascii') === 'ssh-dss')
                d = buf.readBuffer();
        assert.ok(buf.atEnd(), 'extra trailing bytes');
        assert.strictEqual(d.length, 40, 'invalid inner length');
        data = d;
}
opts.parts.push({name: 'r', data: data.slice(0, 20)});
opts.parts.push({name: 's', data: data.slice(20, 40)});
return (new Signature(opts));

}

function parseECDSA(data, type, format, opts) {

var buf = new SSHBuffer({buffer: data});

var r, s;
var inner = buf.readBuffer();
var stype = inner.toString('ascii');
if (stype.slice(0, 6) === 'ecdsa-') {
        var parts = stype.split('-');
        assert.strictEqual(parts[0], 'ecdsa');
        assert.strictEqual(parts[1], 'sha2');
        opts.curve = parts[2];
        switch (opts.curve) {
        case 'nistp256':
                opts.hashAlgo = 'sha256';
                break;
        case 'nistp384':
                opts.hashAlgo = 'sha384';
                break;
        case 'nistp521':
                opts.hashAlgo = 'sha512';
                break;
        default:
                throw (new Error('Unsupported ECDSA curve: ' +
                    opts.curve));
        }
        inner = buf.readBuffer();
        assert.ok(buf.atEnd(), 'extra trailing bytes on outer');
        buf = new SSHBuffer({buffer: inner});
        r = buf.readPart();
} else {
        r = {data: inner};
}

s = buf.readPart();
assert.ok(buf.atEnd(), 'extra trailing bytes');

r.name = 'r';
s.name = 's';

opts.parts.push(r);
opts.parts.push(s);
return (new Signature(opts));

}

Signature.isSignature = function (obj, ver) {

return (utils.isCompatible(obj, Signature, ver));

};

/*

* API versions for Signature:
* [1,0] -- initial ver
* [2,0] -- support for rsa in full ssh format, compat with sshpk-agent
*          hashAlgorithm property
* [2,1] -- first tagged version
*/

Signature.prototype._sshpkApiVersion = [2, 1];

Signature._oldVersionDetect = function (obj) {

assert.func(obj.toBuffer);
if (obj.hasOwnProperty('hashAlgorithm'))
        return ([2, 0]);
return ([1, 0]);

};