// Copyright 2015 Joyent, Inc.

module.exports = PrivateKey;

var assert = require('assert-plus'); var algs = require('./algs'); var crypto = require('crypto'); var Fingerprint = require('./fingerprint'); var Signature = require('./signature'); var errs = require('./errors'); var util = require('util'); var utils = require('./utils'); var edCompat; var ed;

try {

edCompat = require('./ed-compat');

} catch (e) {

/* Just continue through, and bail out if we try to use it. */

}

var Key = require('./key');

var InvalidAlgorithmError = errs.InvalidAlgorithmError; var KeyParseError = errs.KeyParseError; var KeyEncryptedError = errs.KeyEncryptedError;

var formats = {}; formats = require('./formats/auto'); formats = require('./formats/pem'); formats = require('./formats/pkcs1'); formats = require('./formats/pkcs8'); formats = require('./formats/rfc4253'); formats = require('./formats/ssh-private'); formats = formats; formats = formats;

function PrivateKey(opts) {

assert.object(opts, 'options');
Key.call(this, opts);

this._pubCache = undefined;

} util.inherits(PrivateKey, Key);

PrivateKey.formats = formats;

PrivateKey.prototype.toBuffer = function (format, options) {

if (format === undefined)
        format = 'pkcs1';
assert.string(format, 'format');
assert.object(formats[format], 'formats[format]');
assert.optionalObject(options, 'options');

return (formats[format].write(this, options));

};

PrivateKey.prototype.hash = function (algo) {

return (this.toPublic().hash(algo));

};

PrivateKey.prototype.toPublic = function () {

if (this._pubCache)
        return (this._pubCache);

var algInfo = algs.info[this.type];
var pubParts = [];
for (var i = 0; i < algInfo.parts.length; ++i) {
        var p = algInfo.parts[i];
        pubParts.push(this.part[p]);
}

this._pubCache = new Key({
        type: this.type,
        source: this,
        parts: pubParts
});
if (this.comment)
        this._pubCache.comment = this.comment;
return (this._pubCache);

};

PrivateKey.prototype.derive = function (newType, newSize) {

assert.string(newType, 'type');
assert.optionalNumber(newSize, 'size');
var priv, pub;

if (this.type === 'ed25519' && newType === 'curve25519') {
        if (ed === undefined)
                ed = require('jodid25519');

        priv = this.part.r.data;
        if (priv[0] === 0x00)
                priv = priv.slice(1);
        priv = priv.slice(0, 32);

        pub = ed.dh.publicKey(priv);
        priv = utils.mpNormalize(Buffer.concat([priv, pub]));

        return (new PrivateKey({
                type: 'curve25519',
                parts: [
                        { name: 'R', data: utils.mpNormalize(pub) },
                        { name: 'r', data: priv }
                ]
        }));
} else if (this.type === 'curve25519' && newType === 'ed25519') {
        if (ed === undefined)
                ed = require('jodid25519');

        priv = this.part.r.data;
        if (priv[0] === 0x00)
                priv = priv.slice(1);
        priv = priv.slice(0, 32);

        pub = ed.eddsa.publicKey(priv.toString('binary'));
        pub = new Buffer(pub, 'binary');

        priv = utils.mpNormalize(Buffer.concat([priv, pub]));

        return (new PrivateKey({
                type: 'ed25519',
                parts: [
                        { name: 'R', data: utils.mpNormalize(pub) },
                        { name: 'r', data: priv }
                ]
        }));
}
throw (new Error('Key derivation not supported from ' + this.type +
    ' to ' + newType));

};

PrivateKey.prototype.createVerify = function (hashAlgo) {

return (this.toPublic().createVerify(hashAlgo));

};

PrivateKey.prototype.createSign = function (hashAlgo) {

if (hashAlgo === undefined)
        hashAlgo = this.defaultHashAlgorithm();
assert.string(hashAlgo, 'hash algorithm');

/* ED25519 is not supported by OpenSSL, use a javascript impl. */
if (this.type === 'ed25519' && edCompat !== undefined)
        return (new edCompat.Signer(this, hashAlgo));
if (this.type === 'curve25519')
        throw (new Error('Curve25519 keys are not suitable for ' +
            'signing or verification'));

var v, nm, err;
try {
        nm = hashAlgo.toUpperCase();
        v = crypto.createSign(nm);
} catch (e) {
        err = e;
}
if (v === undefined || (err instanceof Error &&
    err.message.match(/Unknown message digest/))) {
        nm = 'RSA-';
        nm += hashAlgo.toUpperCase();
        v = crypto.createSign(nm);
}
assert.ok(v, 'failed to create verifier');
var oldSign = v.sign.bind(v);
var key = this.toBuffer('pkcs1');
var type = this.type;
v.sign = function () {
        var sig = oldSign(key);
        if (typeof (sig) === 'string')
                sig = new Buffer(sig, 'binary');
        sig = Signature.parse(sig, type, 'asn1');
        sig.hashAlgorithm = hashAlgo;
        return (sig);
};
return (v);

};

PrivateKey.parse = function (data, format, options) {

if (typeof (data) !== 'string')
        assert.buffer(data, 'data');
if (format === undefined)
        format = 'auto';
assert.string(format, 'format');
if (typeof (options) === 'string')
        options = { filename: options };
assert.optionalObject(options, 'options');
if (options === undefined)
        options = {};
assert.optionalString(options.filename, 'options.filename');
if (options.filename === undefined)
        options.filename = '(unnamed)';

assert.object(formats[format], 'formats[format]');

try {
        var k = formats[format].read(data, options);
        assert.ok(k instanceof PrivateKey, 'key is not a private key');
        if (!k.comment)
                k.comment = options.filename;
        return (k);
} catch (e) {
        if (e.name === 'KeyEncryptedError')
                throw (e);
        throw (new KeyParseError(options.filename, format, e));
}

};

PrivateKey.isPrivateKey = function (obj, ver) {

return (utils.isCompatible(obj, PrivateKey, ver));

};

/*

* API versions for PrivateKey:
* [1,0] -- initial ver
* [1,1] -- added auto, pkcs[18], openssh/ssh-private formats
* [1,2] -- added defaultHashAlgorithm
* [1,3] -- added derive, ed, createDH
* [1,4] -- first tagged version
*/

PrivateKey.prototype._sshpkApiVersion = [1, 4];

PrivateKey._oldVersionDetect = function (obj) {

assert.func(obj.toPublic);
assert.func(obj.createSign);
if (obj.derive)
        return ([1, 3]);
if (obj.defaultHashAlgorithm)
        return ([1, 2]);
if (obj.formats['auto'])
        return ([1, 1]);
return ([1, 0]);

};