// trifid-api, an open source reimplementation of the Defined Networking nebula management server.
//     Copyright (C) 2023 c0repwn3r
//
//     This program is free software: you can redistribute it and/or modify
//     it under the terms of the GNU General Public License as published by
//     the Free Software Foundation, either version 3 of the License, or
//     (at your option) any later version.
//
//     This program is distributed in the hope that it will be useful,
//     but WITHOUT ANY WARRANTY; without even the implied warranty of
//     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//     GNU General Public License for more details.
//
//     You should have received a copy of the GNU General Public License
//     along with this program.  If not, see <https://www.gnu.org/licenses/>.

use crate::config::TrifidConfig;
use aes_gcm::aead::{Aead, Payload};
use aes_gcm::{Aes256Gcm, KeyInit, Nonce};
use rand::Rng;
use std::error::Error;
use trifid_pki::rand_core::OsRng;

pub fn get_cipher_from_config(config: &TrifidConfig) -> Result<Aes256Gcm, Box<dyn Error>> {
    let key_slice = hex::decode(&config.crypto.data_encryption_key)?;
    Ok(Aes256Gcm::new_from_slice(&key_slice)?)
}

pub fn encrypt_with_nonce(
    plaintext: &[u8],
    nonce: [u8; 12],
    cipher: &Aes256Gcm,
) -> Result<Vec<u8>, aes_gcm::Error> {
    let nonce = Nonce::from_slice(&nonce);
    let ciphertext = cipher.encrypt(nonce, plaintext)?;
    Ok(ciphertext)
}

pub fn decrypt_with_nonce(
    ciphertext: &[u8],
    nonce: [u8; 12],
    cipher: &Aes256Gcm,
) -> Result<Vec<u8>, aes_gcm::Error> {
    let nonce = Nonce::from_slice(&nonce);
    let plaintext = cipher.decrypt(nonce, Payload::from(ciphertext))?;
    Ok(plaintext)
}

pub fn generate_random_iv() -> [u8; 12] {
    OsRng.gen()
}