package huibo

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/hmac"
	"crypto/md5"
	"crypto/rand"
	"crypto/sha256"
	"encoding/base64"
	"errors"
	"fmt"
	"io"
)

// MD5Encrypt 使用 AppKey 进行 MD5 加密
func MD5Encrypt(data, appKey string) string {
	h := md5.New()
	h.Write([]byte(data + appKey))
	return fmt.Sprintf("%x", h.Sum(nil))
}

// HMACSHA256Base64 使用 HMAC-SHA256 算法生成签名
func HMACSHA256Base64(data, secret string) string {
	m := hmac.New(sha256.New, []byte(secret))
	_, _ = m.Write([]byte(data))
	return base64.StdEncoding.EncodeToString(m.Sum(nil))
}

// EncryptAESGCMBase64 使用 AES-GCM 算法加密数据
func EncryptAESGCMBase64(plainText, base64Key string) (string, error) {
	key, err := base64.StdEncoding.DecodeString(base64Key)
	if err != nil {
		return "", err
	}
	block, err := aes.NewCipher(key)
	if err != nil {
		return "", err
	}
	gcm, err := cipher.NewGCM(block)
	if err != nil {
		return "", err
	}

	iv := make([]byte, 12)
	if _, err = io.ReadFull(rand.Reader, iv); err != nil {
		return "", err
	}
	ciphertext := gcm.Seal(nil, iv, []byte(plainText), nil)
	out := append(iv, ciphertext...)
	return base64.StdEncoding.EncodeToString(out), nil
}

// DecryptAESGCMBase64 使用 AES-GCM 算法解密数据
func DecryptAESGCMBase64(encryptedBase64, base64Key string) (string, error) {
	key, err := base64.StdEncoding.DecodeString(base64Key)
	if err != nil {
		return "", err
	}
	raw, err := base64.StdEncoding.DecodeString(encryptedBase64)
	if err != nil {
		return "", err
	}
	if len(raw) < 13 {
		return "", errors.New("密文长度非法")
	}

	iv := raw[:12]
	ciphertext := raw[12:]
	block, err := aes.NewCipher(key)
	if err != nil {
		return "", err
	}
	gcm, err := cipher.NewGCM(block)
	if err != nil {
		return "", err
	}
	plain, err := gcm.Open(nil, iv, ciphertext, nil)
	if err != nil {
		return "", err
	}
	return string(plain), nil
}