// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////

#include "tink/proto_keyset_format.h"

#include <ios>
#include <iostream>
#include <memory>
#include <ostream>
#include <sstream>
#include <string>
#include <utility>

#include "tink/binary_keyset_reader.h"
#include "tink/binary_keyset_writer.h"
#include "tink/cleartext_keyset_handle.h"
#include "tink/util/secret_data.h"

namespace crypto {
namespace tink {

crypto::tink::util::StatusOr<KeysetHandle> ParseKeysetFromProtoKeysetFormat(
    absl::string_view serialized_keyset, SecretKeyAccessToken token) {
  crypto::tink::util::StatusOr<std::unique_ptr<crypto::tink::KeysetReader>>
      keyset_reader = BinaryKeysetReader::New(serialized_keyset);
  if (!keyset_reader.ok()) {
    return keyset_reader.status();
  }
  crypto::tink::util::StatusOr<std::unique_ptr<KeysetHandle>> result =
    CleartextKeysetHandle::Read(std::move(*keyset_reader));
  if (!result.ok()) {
    return result.status();
  }
  return std::move(**result);
}

crypto::tink::util::StatusOr<util::SecretData>
SerializeKeysetToProtoKeysetFormat(const KeysetHandle& keyset_handle,
                                   SecretKeyAccessToken token) {
  std::stringbuf string_buf(std::ios_base::out);
  crypto::tink::util::StatusOr<std::unique_ptr<BinaryKeysetWriter>>
      keyset_writer = BinaryKeysetWriter::New(
          std::make_unique<std::ostream>(&string_buf));
  if (!keyset_writer.ok()) {
    return keyset_writer.status();
  }
  crypto::tink::util::Status status =
      CleartextKeysetHandle::Write(keyset_writer->get(), keyset_handle);
  if (!status.ok()) {
    return status;
  }
  // TODO(tholenst): directly write into a secret data.
  return util::SecretDataFromStringView(string_buf.str());
}

crypto::tink::util::StatusOr<KeysetHandle>
ParseKeysetWithoutSecretFromProtoKeysetFormat(
    absl::string_view serialized_keyset) {
  std::string keyset_copy = std::string(serialized_keyset);
  crypto::tink::util::StatusOr<std::unique_ptr<KeysetHandle>> result =
    KeysetHandle::ReadNoSecret(keyset_copy);
  if (!result.ok()) {
    return result.status();
  }
  return std::move(**result);
}

crypto::tink::util::StatusOr<std::string>
SerializeKeysetWithoutSecretToProtoKeysetFormat(
    const KeysetHandle& keyset_handle) {
  std::stringbuf string_buf(std::ios_base::out);
  crypto::tink::util::StatusOr<std::unique_ptr<BinaryKeysetWriter>>
      keyset_writer = BinaryKeysetWriter::New(
          std::make_unique<std::ostream>(&string_buf));
  if (!keyset_writer.ok()) {
    return keyset_writer.status();
  }
  crypto::tink::util::Status status =
      keyset_handle.WriteNoSecret(keyset_writer->get());
  if (!status.ok()) {
    return status;
  }
  return string_buf.str();
}

}  // namespace tink
}  // namespace crypto