package helper

import (
	"github.com/ProtonMail/gopenpgp/v2/crypto"
	"github.com/pkg/errors"
)

// SignCleartextMessageArmored signs text given a private key and its
// passphrase, canonicalizes and trims the newlines, and returns the
// PGP-compliant special armoring.
func SignCleartextMessageArmored(privateKey string, passphrase []byte, text string) (string, error) {
	signingKey, err := crypto.NewKeyFromArmored(privateKey)
	if err != nil {
		return "", errors.Wrap(err, "gopenpgp: error in creating key object")
	}

	unlockedKey, err := signingKey.Unlock(passphrase)
	if err != nil {
		return "", errors.Wrap(err, "gopenpgp: error in unlocking key")
	}
	defer unlockedKey.ClearPrivateParams()

	keyRing, err := crypto.NewKeyRing(unlockedKey)
	if err != nil {
		return "", errors.Wrap(err, "gopenpgp: error in creating keyring")
	}

	return SignCleartextMessage(keyRing, text)
}

// VerifyCleartextMessageArmored verifies PGP-compliant armored signed plain
// text given the public key and returns the text or err if the verification
// fails.
func VerifyCleartextMessageArmored(publicKey, armored string, verifyTime int64) (string, error) {
	signingKey, err := crypto.NewKeyFromArmored(publicKey)
	if err != nil {
		return "", errors.Wrap(err, "gopenpgp: error in creating key object")
	}

	verifyKeyRing, err := crypto.NewKeyRing(signingKey)
	if err != nil {
		return "", errors.Wrap(err, "gopenpgp: error in creating key ring")
	}

	return VerifyCleartextMessage(verifyKeyRing, armored, verifyTime)
}

// SignCleartextMessage signs text given a private keyring, canonicalizes and
// trims the newlines, and returns the PGP-compliant special armoring.
func SignCleartextMessage(keyRing *crypto.KeyRing, text string) (string, error) {
	message := crypto.NewPlainMessageFromString(text)

	signature, err := keyRing.SignDetached(message)
	if err != nil {
		return "", errors.Wrap(err, "gopenpgp: error in signing cleartext message")
	}

	return crypto.NewClearTextMessage(message.GetBinary(), signature.GetBinary()).GetArmored()
}

// VerifyCleartextMessage verifies PGP-compliant armored signed plain text
// given the public keyring and returns the text or err if the verification
// fails.
func VerifyCleartextMessage(keyRing *crypto.KeyRing, armored string, verifyTime int64) (string, error) {
	clearTextMessage, err := crypto.NewClearTextMessageFromArmored(armored)
	if err != nil {
		return "", errors.Wrap(err, "gopengpp: unable to unarmor cleartext message")
	}

	message := crypto.NewPlainMessageFromString(clearTextMessage.GetString())
	signature := crypto.NewPGPSignature(clearTextMessage.GetBinarySignature())
	err = keyRing.VerifyDetached(message, signature, verifyTime)
	if err != nil {
		return "", errors.Wrap(err, "gopengpp: unable to verify cleartext message")
	}

	return message.GetString(), nil
}