package org.openslx.satellitedaemon.util;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;

import org.apache.log4j.Logger;

// TODO: More general naming; this isn't really limited to serverids...
// Might also be worth moving this encrypt/decrypt stuff from satserver and masterserver to the
// shared project (one class doing both)

public class EncryptWithServerIdPublicKey
{

	private static Logger log = Logger.getLogger( EncryptWithServerIdPublicKey.class );

	KeyPair pair;

	public EncryptWithServerIdPublicKey( String alias, String password, String file )
	{
		try {
			KeyStore keystore = KeyStore.getInstance( "JKS" );
			keystore.load( new FileInputStream( new File( file ) ),
					password.toCharArray() );
			Certificate cert = null;

			Key key = keystore.getKey( alias, password.toCharArray() );

			if ( key instanceof PrivateKey ) {
				cert = keystore.getCertificate( alias );
				PublicKey publicKey = cert.getPublicKey();
				pair = new KeyPair( publicKey, (PrivateKey)key );
			}
		} catch ( KeyStoreException e ) {
			log.error( "KeystoreException.", e );
		} catch ( FileNotFoundException e ) {
			log.error( "File " + file + " not found.", e );
		} catch ( UnrecoverableKeyException e ) {
			log.error( "UnrecoverableKeyException", e );
		} catch ( CertificateException e ) {
			log.error( "CertificateException", e );
		} catch ( NoSuchAlgorithmException e ) {
			log.error( "NoSuchAlgorithmException", e );
		} catch ( IOException e ) {
			log.error( "IOException", e );
		}
	}

	public byte[] encryptString( String message ) 
	{
		Signature signature = null;
		try {
			signature = Signature.getInstance( "SHA256WITHRSA" );
			signature.initSign( pair.getPrivate() );
			signature.update( message.getBytes() );
			return signature.sign();
		} catch ( NoSuchAlgorithmException e ) {
			log.error( "NoSuchAlgorithmException", e );
		} catch ( InvalidKeyException e ) {
			log.error( "InvalidKeyException", e );
		} catch ( SignatureException e ) {
			log.error( "SignatureException", e );
		}
		return null;
	}
}