// Copyright 2015 Joyent, Inc.

module.exports = {

read: read,
readPkcs1: readPkcs1,
write: write,
writePkcs1: writePkcs1

};

var assert = require('assert-plus'); var asn1 = require('asn1'); var algs = require('../algs'); var utils = require('../utils');

var Key = require('../key'); var PrivateKey = require('../private-key'); var pem = require('./pem');

var pkcs8 = require('./pkcs8'); var readECDSACurve = pkcs8.readECDSACurve;

function read(buf, options) {

return (pem.read(buf, options, 'pkcs1'));

}

function write(key, options) {

return (pem.write(key, options, 'pkcs1'));

}

/* Helper to read in a single mpint */ function readMPInt(der, nm) {

assert.strictEqual(der.peek(), asn1.Ber.Integer,
    nm + ' is not an Integer');
return (utils.mpNormalize(der.readString(asn1.Ber.Integer, true)));

}

function readPkcs1(alg, type, der) {

switch (alg) {
case 'RSA':
        if (type === 'public')
                return (readPkcs1RSAPublic(der));
        else if (type === 'private')
                return (readPkcs1RSAPrivate(der));
        throw (new Error('Unknown key type: ' + type));
case 'DSA':
        if (type === 'public')
                return (readPkcs1DSAPublic(der));
        else if (type === 'private')
                return (readPkcs1DSAPrivate(der));
        throw (new Error('Unknown key type: ' + type));
case 'EC':
case 'ECDSA':
        if (type === 'private')
                return (readPkcs1ECDSAPrivate(der));
        else if (type === 'public')
                return (readPkcs1ECDSAPublic(der));
        throw (new Error('Unknown key type: ' + type));
default:
        throw (new Error('Unknown key algo: ' + alg));
}

}

function readPkcs1RSAPublic(der) {

// modulus and exponent
var n = readMPInt(der, 'modulus');
var e = readMPInt(der, 'exponent');

// now, make the key
var key = {
        type: 'rsa',
        parts: [
                { name: 'e', data: e },
                { name: 'n', data: n }
        ]
};

return (new Key(key));

}

function readPkcs1RSAPrivate(der) {

var version = readMPInt(der, 'version');
assert.strictEqual(version[0], 0);

// modulus then public exponent
var n = readMPInt(der, 'modulus');
var e = readMPInt(der, 'public exponent');
var d = readMPInt(der, 'private exponent');
var p = readMPInt(der, 'prime1');
var q = readMPInt(der, 'prime2');
var dmodp = readMPInt(der, 'exponent1');
var dmodq = readMPInt(der, 'exponent2');
var iqmp = readMPInt(der, 'iqmp');

// now, make the key
var key = {
        type: 'rsa',
        parts: [
                { name: 'n', data: n },
                { name: 'e', data: e },
                { name: 'd', data: d },
                { name: 'iqmp', data: iqmp },
                { name: 'p', data: p },
                { name: 'q', data: q },
                { name: 'dmodp', data: dmodp },
                { name: 'dmodq', data: dmodq }
        ]
};

return (new PrivateKey(key));

}

function readPkcs1DSAPrivate(der) {

var version = readMPInt(der, 'version');
assert.strictEqual(version.readUInt8(0), 0);

var p = readMPInt(der, 'p');
var q = readMPInt(der, 'q');
var g = readMPInt(der, 'g');
var y = readMPInt(der, 'y');
var x = readMPInt(der, 'x');

// now, make the key
var key = {
        type: 'dsa',
        parts: [
                { name: 'p', data: p },
                { name: 'q', data: q },
                { name: 'g', data: g },
                { name: 'y', data: y },
                { name: 'x', data: x }
        ]
};

return (new PrivateKey(key));

}

function readPkcs1DSAPublic(der) {

var y = readMPInt(der, 'y');
var p = readMPInt(der, 'p');
var q = readMPInt(der, 'q');
var g = readMPInt(der, 'g');

var key = {
        type: 'dsa',
        parts: [
                { name: 'y', data: y },
                { name: 'p', data: p },
                { name: 'q', data: q },
                { name: 'g', data: g }
        ]
};

return (new Key(key));

}

function readPkcs1ECDSAPublic(der) {

der.readSequence();

var oid = der.readOID();
assert.strictEqual(oid, '1.2.840.10045.2.1', 'must be ecPublicKey');

var curveOid = der.readOID();

var curve;
var curves = Object.keys(algs.curves);
for (var j = 0; j < curves.length; ++j) {
        var c = curves[j];
        var cd = algs.curves[c];
        if (cd.pkcs8oid === curveOid) {
                curve = c;
                break;
        }
}
assert.string(curve, 'a known ECDSA named curve');

var Q = der.readString(asn1.Ber.BitString, true);
Q = utils.ecNormalize(Q);

var key = {
        type: 'ecdsa',
        parts: [
                { name: 'curve', data: new Buffer(curve) },
                { name: 'Q', data: Q }
        ]
};

return (new Key(key));

}

function readPkcs1ECDSAPrivate(der) {

var version = readMPInt(der, 'version');
assert.strictEqual(version.readUInt8(0), 1);

// private key
var d = der.readString(asn1.Ber.OctetString, true);

der.readSequence(0xa0);
var curve = readECDSACurve(der);
assert.string(curve, 'a known elliptic curve');

der.readSequence(0xa1);
var Q = der.readString(asn1.Ber.BitString, true);
Q = utils.ecNormalize(Q);

var key = {
        type: 'ecdsa',
        parts: [
                { name: 'curve', data: new Buffer(curve) },
                { name: 'Q', data: Q },
                { name: 'd', data: d }
        ]
};

return (new PrivateKey(key));

}

function writePkcs1(der, key) {

der.startSequence();

switch (key.type) {
case 'rsa':
        if (PrivateKey.isPrivateKey(key))
                writePkcs1RSAPrivate(der, key);
        else
                writePkcs1RSAPublic(der, key);
        break;
case 'dsa':
        if (PrivateKey.isPrivateKey(key))
                writePkcs1DSAPrivate(der, key);
        else
                writePkcs1DSAPublic(der, key);
        break;
case 'ecdsa':
        if (PrivateKey.isPrivateKey(key))
                writePkcs1ECDSAPrivate(der, key);
        else
                writePkcs1ECDSAPublic(der, key);
        break;
default:
        throw (new Error('Unknown key algo: ' + key.type));
}

der.endSequence();

}

function writePkcs1RSAPublic(der, key) {

der.writeBuffer(key.part.n.data, asn1.Ber.Integer);
der.writeBuffer(key.part.e.data, asn1.Ber.Integer);

}

function writePkcs1RSAPrivate(der, key) {

var ver = new Buffer(1);
ver[0] = 0;
der.writeBuffer(ver, asn1.Ber.Integer);

der.writeBuffer(key.part.n.data, asn1.Ber.Integer);
der.writeBuffer(key.part.e.data, asn1.Ber.Integer);
der.writeBuffer(key.part.d.data, asn1.Ber.Integer);
der.writeBuffer(key.part.p.data, asn1.Ber.Integer);
der.writeBuffer(key.part.q.data, asn1.Ber.Integer);
if (!key.part.dmodp || !key.part.dmodq)
        utils.addRSAMissing(key);
der.writeBuffer(key.part.dmodp.data, asn1.Ber.Integer);
der.writeBuffer(key.part.dmodq.data, asn1.Ber.Integer);
der.writeBuffer(key.part.iqmp.data, asn1.Ber.Integer);

}

function writePkcs1DSAPrivate(der, key) {

var ver = new Buffer(1);
ver[0] = 0;
der.writeBuffer(ver, asn1.Ber.Integer);

der.writeBuffer(key.part.p.data, asn1.Ber.Integer);
der.writeBuffer(key.part.q.data, asn1.Ber.Integer);
der.writeBuffer(key.part.g.data, asn1.Ber.Integer);
der.writeBuffer(key.part.y.data, asn1.Ber.Integer);
der.writeBuffer(key.part.x.data, asn1.Ber.Integer);

}

function writePkcs1DSAPublic(der, key) {

der.writeBuffer(key.part.y.data, asn1.Ber.Integer);
der.writeBuffer(key.part.p.data, asn1.Ber.Integer);
der.writeBuffer(key.part.q.data, asn1.Ber.Integer);
der.writeBuffer(key.part.g.data, asn1.Ber.Integer);

}

function writePkcs1ECDSAPublic(der, key) {

der.startSequence();

der.writeOID('1.2.840.10045.2.1'); /* ecPublicKey */
var curve = key.part.curve.data.toString();
var curveOid = algs.curves[curve].pkcs8oid;
assert.string(curveOid, 'a known ECDSA named curve');
der.writeOID(curveOid);

der.endSequence();

var Q = utils.ecNormalize(key.part.Q.data, true);
der.writeBuffer(Q, asn1.Ber.BitString);

}

function writePkcs1ECDSAPrivate(der, key) {

var ver = new Buffer(1);
ver[0] = 1;
der.writeBuffer(ver, asn1.Ber.Integer);

der.writeBuffer(key.part.d.data, asn1.Ber.OctetString);

der.startSequence(0xa0);
var curve = key.part.curve.data.toString();
var curveOid = algs.curves[curve].pkcs8oid;
assert.string(curveOid, 'a known ECDSA named curve');
der.writeOID(curveOid);
der.endSequence();

der.startSequence(0xa1);
var Q = utils.ecNormalize(key.part.Q.data, true);
der.writeBuffer(Q, asn1.Ber.BitString);
der.endSequence();

}