// Copyright 2018 Joyent, Inc.

module.exports = {

read: read,
write: write

};

var assert = require('assert-plus'); var asn1 = require('asn1'); var crypto = require('crypto'); var Buffer = require('safer-buffer').Buffer; var algs = require('../algs'); var utils = require('../utils'); var Key = require('../key'); var PrivateKey = require('../private-key');

var pkcs1 = require('./pkcs1'); var pkcs8 = require('./pkcs8'); var sshpriv = require('./ssh-private'); var rfc4253 = require('./rfc4253');

var errors = require('../errors');

var OID_PBES2 = '1.2.840.113549.1.5.13'; var OID_PBKDF2 = '1.2.840.113549.1.5.12';

var OID_TO_CIPHER = {

'1.2.840.113549.3.7': '3des-cbc',
'2.16.840.1.101.3.4.1.2': 'aes128-cbc',
'2.16.840.1.101.3.4.1.42': 'aes256-cbc'

}; var CIPHER_TO_OID = {}; Object.keys(OID_TO_CIPHER).forEach(function (k) {

CIPHER_TO_OID[OID_TO_CIPHER[k]] = k;

});

var OID_TO_HASH = {

'1.2.840.113549.2.7': 'sha1',
'1.2.840.113549.2.9': 'sha256',
'1.2.840.113549.2.11': 'sha512'

}; var HASH_TO_OID = {}; Object.keys(OID_TO_HASH).forEach(function (k) {

HASH_TO_OID[OID_TO_HASH[k]] = k;

});

/*

* For reading we support both PKCS#1 and PKCS#8. If we find a private key,
* we just take the public component of it and use that.
*/

function read(buf, options, forceType) {

var input = buf;
if (typeof (buf) !== 'string') {
        assert.buffer(buf, 'buf');
        buf = buf.toString('ascii');
}

var lines = buf.trim().split(/[\r\n]+/g);

var m;
var si = -1;
while (!m && si < lines.length) {
        m = lines[++si].match(/*JSSTYLED*/
            /[-]+[ ]*BEGIN ([A-Z0-9][A-Za-z0-9]+ )?(PUBLIC|PRIVATE) KEY[ ]*[-]+/);
}
assert.ok(m, 'invalid PEM header');

var m2;
var ei = lines.length;
while (!m2 && ei > 0) {
        m2 = lines[--ei].match(/*JSSTYLED*/
            /[-]+[ ]*END ([A-Z0-9][A-Za-z0-9]+ )?(PUBLIC|PRIVATE) KEY[ ]*[-]+/);
}
assert.ok(m2, 'invalid PEM footer');

/* Begin and end banners must match key type */
assert.equal(m[2], m2[2]);
var type = m[2].toLowerCase();

var alg;
if (m[1]) {
        /* They also must match algorithms, if given */
        assert.equal(m[1], m2[1], 'PEM header and footer mismatch');
        alg = m[1].trim();
}

lines = lines.slice(si, ei + 1);

var headers = {};
while (true) {
        lines = lines.slice(1);
        m = lines[0].match(/*JSSTYLED*/
            /^([A-Za-z0-9-]+): (.+)$/);
        if (!m)
                break;
        headers[m[1].toLowerCase()] = m[2];
}

/* Chop off the first and last lines */
lines = lines.slice(0, -1).join('');
buf = Buffer.from(lines, 'base64');

var cipher, key, iv;
if (headers['proc-type']) {
        var parts = headers['proc-type'].split(',');
        if (parts[0] === '4' && parts[1] === 'ENCRYPTED') {
                if (typeof (options.passphrase) === 'string') {
                        options.passphrase = Buffer.from(
                            options.passphrase, 'utf-8');
                }
                if (!Buffer.isBuffer(options.passphrase)) {
                        throw (new errors.KeyEncryptedError(
                            options.filename, 'PEM'));
                } else {
                        parts = headers['dek-info'].split(',');
                        assert.ok(parts.length === 2);
                        cipher = parts[0].toLowerCase();
                        iv = Buffer.from(parts[1], 'hex');
                        key = utils.opensslKeyDeriv(cipher, iv,
                            options.passphrase, 1).key;
                }
        }
}

if (alg && alg.toLowerCase() === 'encrypted') {
        var eder = new asn1.BerReader(buf);
        var pbesEnd;
        eder.readSequence();

        eder.readSequence();
        pbesEnd = eder.offset + eder.length;

        var method = eder.readOID();
        if (method !== OID_PBES2) {
                throw (new Error('Unsupported PEM/PKCS8 encryption ' +
                    'scheme: ' + method));
        }

        eder.readSequence();    /* PBES2-params */

        eder.readSequence();    /* keyDerivationFunc */
        var kdfEnd = eder.offset + eder.length;
        var kdfOid = eder.readOID();
        if (kdfOid !== OID_PBKDF2)
                throw (new Error('Unsupported PBES2 KDF: ' + kdfOid));
        eder.readSequence();
        var salt = eder.readString(asn1.Ber.OctetString, true);
        var iterations = eder.readInt();
        var hashAlg = 'sha1';
        if (eder.offset < kdfEnd) {
                eder.readSequence();
                var hashAlgOid = eder.readOID();
                hashAlg = OID_TO_HASH[hashAlgOid];
                if (hashAlg === undefined) {
                        throw (new Error('Unsupported PBKDF2 hash: ' +
                            hashAlgOid));
                }
        }
        eder._offset = kdfEnd;

        eder.readSequence();    /* encryptionScheme */
        var cipherOid = eder.readOID();
        cipher = OID_TO_CIPHER[cipherOid];
        if (cipher === undefined) {
                throw (new Error('Unsupported PBES2 cipher: ' +
                    cipherOid));
        }
        iv = eder.readString(asn1.Ber.OctetString, true);

        eder._offset = pbesEnd;
        buf = eder.readString(asn1.Ber.OctetString, true);

        if (typeof (options.passphrase) === 'string') {
                options.passphrase = Buffer.from(
                    options.passphrase, 'utf-8');
        }
        if (!Buffer.isBuffer(options.passphrase)) {
                throw (new errors.KeyEncryptedError(
                    options.filename, 'PEM'));
        }

        var cinfo = utils.opensshCipherInfo(cipher);

        cipher = cinfo.opensslName;
        key = utils.pbkdf2(hashAlg, salt, iterations, cinfo.keySize,
            options.passphrase);
        alg = undefined;
}

if (cipher && key && iv) {
        var cipherStream = crypto.createDecipheriv(cipher, key, iv);
        var chunk, chunks = [];
        cipherStream.once('error', function (e) {
                if (e.toString().indexOf('bad decrypt') !== -1) {
                        throw (new Error('Incorrect passphrase ' +
                            'supplied, could not decrypt key'));
                }
                throw (e);
        });
        cipherStream.write(buf);
        cipherStream.end();
        while ((chunk = cipherStream.read()) !== null)
                chunks.push(chunk);
        buf = Buffer.concat(chunks);
}

/* The new OpenSSH internal format abuses PEM headers */
if (alg && alg.toLowerCase() === 'openssh')
        return (sshpriv.readSSHPrivate(type, buf, options));
if (alg && alg.toLowerCase() === 'ssh2')
        return (rfc4253.readType(type, buf, options));

var der = new asn1.BerReader(buf);
der.originalInput = input;

/*
 * All of the PEM file types start with a sequence tag, so chop it
 * off here
 */
der.readSequence();

/* PKCS#1 type keys name an algorithm in the banner explicitly */
if (alg) {
        if (forceType)
                assert.strictEqual(forceType, 'pkcs1');
        return (pkcs1.readPkcs1(alg, type, der));
} else {
        if (forceType)
                assert.strictEqual(forceType, 'pkcs8');
        return (pkcs8.readPkcs8(alg, type, der));
}

}

function write(key, options, type) {

assert.object(key);

var alg = {
    'ecdsa': 'EC',
    'rsa': 'RSA',
    'dsa': 'DSA',
    'ed25519': 'EdDSA'
}[key.type];
var header;

var der = new asn1.BerWriter();

if (PrivateKey.isPrivateKey(key)) {
        if (type && type === 'pkcs8') {
                header = 'PRIVATE KEY';
                pkcs8.writePkcs8(der, key);
        } else {
                if (type)
                        assert.strictEqual(type, 'pkcs1');
                header = alg + ' PRIVATE KEY';
                pkcs1.writePkcs1(der, key);
        }

} else if (Key.isKey(key)) {
        if (type && type === 'pkcs1') {
                header = alg + ' PUBLIC KEY';
                pkcs1.writePkcs1(der, key);
        } else {
                if (type)
                        assert.strictEqual(type, 'pkcs8');
                header = 'PUBLIC KEY';
                pkcs8.writePkcs8(der, key);
        }

} else {
        throw (new Error('key is not a Key or PrivateKey'));
}

var tmp = der.buffer.toString('base64');
var len = tmp.length + (tmp.length / 64) +
    18 + 16 + header.length*2 + 10;
var buf = Buffer.alloc(len);
var o = 0;
o += buf.write('-----BEGIN ' + header + '-----\n', o);
for (var i = 0; i < tmp.length; ) {
        var limit = i + 64;
        if (limit > tmp.length)
                limit = tmp.length;
        o += buf.write(tmp.slice(i, limit), o);
        buf[o++] = 10;
        i = limit;
}
o += buf.write('-----END ' + header + '-----\n', o);

return (buf.slice(0, o));

}