package security

import (
	"bytes"
	"crypto/aes"
	"crypto/cipher"
	"errors"
)

// AESCipher one of Encryptor implement
type AESCipher struct {
	key []byte
	iv  []byte
}

// NewAESCipher return a AESCipher
func NewAESCipher(key string) *AESCipher {
	size := len(key) / 8
	if size < 2 {
		//log.Error("incorrect key, need 16(aes-128), 24(aes-192), 32(aes-256) length string")
		return nil
	} else if size > 4 {
		size = 4
	}
	key = key[:size*8]
	return &AESCipher{key: []byte(key), iv: []byte(key[:16])}
}

// Decode src
func (cipher *AESCipher) Decode(src []byte) []byte {
	encrypt, err := aesDeCrypt(src, cipher.key, cipher.iv)
	if err != nil {
		return src
	}
	return encrypt
}

// Encode src
func (cipher *AESCipher) Encode(src []byte) []byte {
	encrypt, err := aesEcrypt(src, cipher.key, cipher.iv)
	if err != nil {
		//log.Error("Aes Encode error %s", err)
		return src
	}
	return encrypt
}

//PKCS7 填充模式
func pKCS7Padding(ciphertext []byte, blockSize int) []byte {
	padding := blockSize - len(ciphertext)%blockSize
	//Repeat()函数的功能是把切片[]byte{byte(padding)}复制padding个，然后合并成新的字节切片返回
	padText := bytes.Repeat([]byte{byte(padding)}, padding)
	return append(ciphertext, padText...)
}

//填充的反向操作，删除填充字符串
func pKCS7UnPadding(origData []byte) ([]byte, error) {
	//获取数据长度
	length := len(origData)
	if length == 0 {
		return nil, errors.New("pKCS7UnPadding error")
	}
	//获取填充字符串长度
	unpadding := int(origData[length-1])
	//截取切片，删除填充字节，并且返回明文
	return origData[:(length - unpadding)], nil
}

//实现加密
func aesEcrypt(origData []byte, key, iv []byte) ([]byte, error) {
	//创建加密算法实例
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	//获取块的大小
	blockSize := block.BlockSize()
	//对数据进行填充，让数据长度满足需求
	origData = pKCS7Padding(origData, blockSize)
	//采用AES加密方法中CBC加密模式
	blocMode := cipher.NewCBCEncrypter(block, iv)
	crypted := make([]byte, len(origData))
	//执行加密
	blocMode.CryptBlocks(crypted, origData)
	return crypted, nil
}

//实现解密
func aesDeCrypt(cypted []byte, key, iv []byte) ([]byte, error) {
	//创建加密算法实例
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	//创建加密客户端实例
	blockMode := cipher.NewCBCDecrypter(block, iv)
	origData := make([]byte, len(cypted))
	//这个函数也可以用来解密
	blockMode.CryptBlocks(origData, cypted)
	//去除填充字符串
	origData, err = pKCS7UnPadding(origData)
	if err != nil {
		return nil, err
	}
	return origData, err
}