package com.fr.password.tool;

import cn.hutool.core.util.StrUtil;
import com.fr.password.tool.keys.RSAKeysHandler;
import com.fr.password.tool.util.BCECUtil;
import com.fr.password.tool.util.EncodeUtil;
import com.fr.password.tool.util.rsa.RSAUtil;
import com.fr.password.tool.util.smx.SM2Util;
import com.fr.password.tool.util.smx.SM3Util;
import com.fr.password.tool.util.smx.SM4Util;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;
import org.springframework.util.StringUtils;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;

public class SecurityToolbox {

    private static SecurityToolbox instance = new SecurityToolbox();

    private SecurityToolbox() {
    }

    public static SecurityToolbox getInstance() {
        return instance;
    }

    public String rsaEncrypt(String plainText, String key) {
        PublicKey publicKey = RSAKeysHandler.getInstance().string2PublicKey(key);
        return EncodeUtil.byte2Base64(RSAUtil.encrypt(plainText.getBytes(), publicKey));
    }

    public String rsaDecrypt(String cipherText, String key) throws IOException {
        PrivateKey privateKey = RSAKeysHandler.getInstance().string2PrivateKey(key);
        return new String(RSAUtil.decrypt(EncodeUtil.base642Byte(cipherText), privateKey), StandardCharsets.UTF_8);
    }

    public String sm2Encrypt(String plainText, String key) throws
            IOException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, InvalidCipherTextException {
        if (StrUtil.isEmpty(plainText) || StrUtil.isEmpty(key)) {
            return plainText;
        }
        String privateKey = new String(base642Byte(key), StandardCharsets.UTF_8);
        ECPrivateKeyParameters privateKeyParameters = BCECUtil.convertSEC1ToECPrivateKey(ByteUtils.fromHexString(privateKey));
        ECPublicKeyParameters publicKeyParameters = BCECUtil.buildECPublicKeyByPrivateKey(privateKeyParameters);
        return byte2Base64(SM2Util.encrypt(publicKeyParameters, plainText.getBytes()));
    }

    public String sm2Decrypt(String cipherText, String key) throws Exception {
        return new String(SM2Util.decrypt(key2ECPrivateKeyParameters(key), base642Byte(cipherText)), StandardCharsets.UTF_8);
    }

    // fOvwPYPkUmVYjnAO

    public String aesEncrypt(String plainText, String password) {
        Key secretKey = getEasKey(password);
        try {
            Cipher cipher = Cipher.getInstance("AES");
            cipher.init(Cipher.ENCRYPT_MODE, secretKey);
            byte[] p = plainText.getBytes("UTF-8");
            byte[] result = cipher.doFinal(p);
            return byte2Base64(result);
        } catch (Exception e) {
        }
        return null;
    }

    /**
     * @param cipherText base64后的密文
     * @param password   秘钥
     * @return
     */
    public String aesDecrypt(String cipherText, String password) {
        try {
            Key secretKey = getEasKey(password);
            //默认即为AES/ECB/PKCS5Padding
            Cipher cipher = Cipher.getInstance("AES");
            cipher.init(Cipher.DECRYPT_MODE, secretKey);
            byte[] result = cipher.doFinal(base642Byte(cipherText));
            return new String(result, "UTF-8");
        } catch (Exception e) {
        }
        return null;
    }

    // edbfbd27db981534b1356d14f0e9bef9
    public String sm4Encrypt(String plainText, String key) {
        return byte2Base64(SM4Util.encryptData_ECB(plainText, key));
    }

    public String sm4Decrypt(String cipherText, String key) {
        return new String(SM4Util.decryptData_ECB(cipherText, key), StandardCharsets.UTF_8);
    }

    private Key getEasKey(String password) {
        try {
            //eas秘钥长度使用16byte(128位)，不足则填充0，多则截取前16
            byte[] bytes = password.getBytes("UTF-8");
            byte[] key = new byte[16];

            for (int i = 0; i < bytes.length && i < key.length; i++) {
                key[i] = bytes[i];
            }
            return new SecretKeySpec(key, "AES");
        } catch (Exception e) {
        }
        return null;
    }

    public String sha256(String plainTextData) {
        if (StringUtils.isEmpty(plainTextData)) {
            return plainTextData;
        }
        try {
            byte[] bytes = sha256(plainTextData.getBytes("UTF-8"));
            return byteArrayToHexString(bytes);
        } catch (UnsupportedEncodingException e) {
        }
        return plainTextData;
    }

    private byte[] sha256(byte[] plainTextData) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(plainTextData);
            return messageDigest.digest();
        } catch (Exception e) {
        }
        return plainTextData;
    }

    public  String sm3Encrypt(String plainText) {
        if (StringUtils.isEmpty(plainText)) {
            return plainText;
        }
        try {
            byte[] bytes = SM3Util.hash(plainText.getBytes("UTF-8"));
            return byteArrayToHexString(bytes);
        } catch (UnsupportedEncodingException exception) {
        }
        return plainText;
    }


    public String byteArrayToHexString(byte[] b) {
        StringBuilder hs = new StringBuilder();
        String tempStr;
        for (int n = 0; b != null && n < b.length; n++) {
            tempStr = Integer.toHexString(b[n] & 0XFF);
            if (tempStr.length() == 1)
                hs.append('0');
            hs.append(tempStr);
        }
        return hs.toString().toLowerCase();
    }

    public byte[] base642Byte(String base64Key) throws IOException {
        BASE64Decoder decoder = new BASE64Decoder();
        return decoder.decodeBuffer(base64Key);
    }

    public String byte2Base64(byte[] bytes) {
        BASE64Encoder encoder = new BASE64Encoder();
        return encoder.encode(bytes);
    }

    public ECPrivateKeyParameters key2ECPrivateKeyParameters(String key) {
        try {
            String privateKey = new String(base642Byte(key), StandardCharsets.UTF_8);
            return BCECUtil.convertSEC1ToECPrivateKey(ByteUtils.fromHexString(privateKey));
        } catch (Exception e) {
        }
        return null;
    }

    public String getPublicKey(KeyPair keyPair) {
        PublicKey publicKey = keyPair.getPublic();
        byte[] bytes = publicKey.getEncoded();
        return byte2Base64(bytes);
    }

    /**
     * 获取RSA私钥的base64编码字符串
     *
     * @param keyPair 秘钥对
     * @return 私钥编码字符串
     */
    public String getPrivateKey(KeyPair keyPair) {
        PrivateKey privateKey = keyPair.getPrivate();
        byte[] bytes = privateKey.getEncoded();
        return byte2Base64(bytes);
    }
}