"use strict";

var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard");

var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");

Object.defineProperty(exports, "__esModule", {
  value: true
});
exports.deriveSecret = exports.verify = exports.sign = exports.generateKey = void 0;

var _regenerator = _interopRequireDefault(require("@babel/runtime/regenerator"));

var _asyncToGenerator2 = _interopRequireDefault(require("@babel/runtime/helpers/asyncToGenerator"));

var _jsEncodingUtils = _interopRequireDefault(require("js-encoding-utils"));

var asn1enc = _interopRequireWildcard(require("./asn1enc.js"));

/**
 * webapi.js
 */

/**
 * Generate elliptic curve cryptography public/private key pair. Generated keys are in JWK.
 * @param {String} namedCurve - Name of curve like 'P-256'.
 * @param {Object} webCrypto - WebCryptoSubtle object.
 * @return {Promise<{publicKey: JsonWebKey, privateKey: JsonWebKey}>} - The generated keys.
 */
var generateKey =
/*#__PURE__*/
function () {
  var _ref = (0, _asyncToGenerator2.default)(
  /*#__PURE__*/
  _regenerator.default.mark(function _callee(namedCurve, webCrypto) {
    var keys, publicKey, privateKey;
    return _regenerator.default.wrap(function _callee$(_context) {
      while (1) {
        switch (_context.prev = _context.next) {
          case 0:
            _context.next = 2;
            return webCrypto.generateKey({
              name: 'ECDSA',
              namedCurve: namedCurve,
              hash: {
                name: 'SHA-256'
              }
            }, true, ['sign', 'verify']);

          case 2:
            keys = _context.sent;
            _context.next = 5;
            return webCrypto.exportKey('jwk', keys.publicKey);

          case 5:
            publicKey = _context.sent;
            _context.next = 8;
            return webCrypto.exportKey('jwk', keys.privateKey);

          case 8:
            privateKey = _context.sent;
            // delete optional entries to export as general ecdsa/ecdh key
            ['key_ops', 'alg', 'ext'].forEach(function (elem) {
              delete publicKey[elem];
              delete privateKey[elem];
            });
            return _context.abrupt("return", {
              publicKey: publicKey,
              privateKey: privateKey
            });

          case 11:
          case "end":
            return _context.stop();
        }
      }
    }, _callee);
  }));

  return function generateKey(_x, _x2) {
    return _ref.apply(this, arguments);
  };
}();
/**
 * Sign message with ECDSA.
 * @param {Uint8Array} msg - Byte array of message to be signed.
 * @param {JsonWebKey} privateJwk - Private key object in JWK format.
 * @param {String} hash - Name of hash algorithm used in singing, like 'SHA-256'.
 * @param {String} signatureFormat - Signature format, 'raw' or 'der'
 * @param {Object} webCrypto - WebCryptoSubtle object.
 * @return {Promise<Uint8Array>} - Output signature byte array in raw or der format.
 */


exports.generateKey = generateKey;

var sign =
/*#__PURE__*/
function () {
  var _ref2 = (0, _asyncToGenerator2.default)(
  /*#__PURE__*/
  _regenerator.default.mark(function _callee2(msg, privateJwk, hash, signatureFormat, webCrypto) {
    var algo, key, signature;
    return _regenerator.default.wrap(function _callee2$(_context2) {
      while (1) {
        switch (_context2.prev = _context2.next) {
          case 0:
            algo = {
              name: 'ECDSA',
              namedCurve: privateJwk.crv,
              hash: {
                name: hash
              }
            };
            _context2.next = 3;
            return webCrypto.importKey('jwk', privateJwk, algo, false, ['sign']);

          case 3:
            key = _context2.sent;
            _context2.next = 6;
            return webCrypto.sign(algo, key, msg);

          case 6:
            signature = _context2.sent;
            return _context2.abrupt("return", signatureFormat === 'raw' ? new Uint8Array(signature) : asn1enc.encodeAsn1Signature(new Uint8Array(signature), privateJwk.crv));

          case 8:
          case "end":
            return _context2.stop();
        }
      }
    }, _callee2);
  }));

  return function sign(_x3, _x4, _x5, _x6, _x7) {
    return _ref2.apply(this, arguments);
  };
}();
/**
 * Verify signature with ECDSA.
 * @param {Uint8Array} msg - Byte array of message that have been signed.
 * @param {Uint8Array} signature - Byte array of signature for the given message.
 * @param {JsonWebKey} publicJwk - Public key object in JWK format.
 * @param {String} hash - Name of hash algorithm used in singing, like 'SHA-256'.
 * @param {String} signatureFormat - Signature format,'raw' or 'der'.
 * @param {Object} webCrypto - WebCryptoSubtle object.
 * @return {Promise<boolean>} - The result of verification.
 */


exports.sign = sign;

var verify =
/*#__PURE__*/
function () {
  var _ref3 = (0, _asyncToGenerator2.default)(
  /*#__PURE__*/
  _regenerator.default.mark(function _callee3(msg, signature, publicJwk, hash, signatureFormat, webCrypto) {
    var algo, key, rawSignature;
    return _regenerator.default.wrap(function _callee3$(_context3) {
      while (1) {
        switch (_context3.prev = _context3.next) {
          case 0:
            algo = {
              name: 'ECDSA',
              namedCurve: publicJwk.crv,
              hash: {
                name: hash
              }
            };
            _context3.next = 3;
            return webCrypto.importKey('jwk', publicJwk, algo, false, ['verify']);

          case 3:
            key = _context3.sent;
            rawSignature = signatureFormat === 'raw' ? signature : asn1enc.decodeAsn1Signature(signature, publicJwk.crv);
            _context3.next = 7;
            return webCrypto.verify(algo, key, rawSignature, msg);

          case 7:
            return _context3.abrupt("return", _context3.sent);

          case 8:
          case "end":
            return _context3.stop();
        }
      }
    }, _callee3);
  }));

  return function verify(_x8, _x9, _x10, _x11, _x12, _x13) {
    return _ref3.apply(this, arguments);
  };
}();
/**
 * Key Derivation for ECDH, Elliptic Curve Diffie-Hellman Key Exchange.
 * @param {JsonWebKey} publicJwk - Remote public key object in JWK format.
 * @param {JsonWebKey} privateJwk - Local (my) private key object in JWK format.
 * @param {Object} webCrypto - WebCryptoSubtle object.
 * @return {Promise<Uint8Array>} - The derived master secret via ECDH.
 */


exports.verify = verify;

var deriveSecret =
/*#__PURE__*/
function () {
  var _ref4 = (0, _asyncToGenerator2.default)(
  /*#__PURE__*/
  _regenerator.default.mark(function _callee4(publicJwk, privateJwk, webCrypto) {
    var algo, privateKey, publicKey, bitLen;
    return _regenerator.default.wrap(function _callee4$(_context4) {
      while (1) {
        switch (_context4.prev = _context4.next) {
          case 0:
            algo = {
              name: 'ECDH',
              namedCurve: privateJwk.crv
            };
            _context4.next = 3;
            return webCrypto.importKey('jwk', privateJwk, algo, false, ['deriveBits']);

          case 3:
            privateKey = _context4.sent;
            _context4.next = 6;
            return webCrypto.importKey('jwk', publicJwk, algo, false, []);

          case 6:
            publicKey = _context4.sent;

            bitLen = function bitLen() {
              var arr = _jsEncodingUtils.default.encoder.decodeBase64Url(privateJwk.x);

              return 8 * arr.length;
            };

            _context4.t0 = Uint8Array;
            _context4.next = 11;
            return webCrypto.deriveBits(Object.assign(algo, {
              public: publicKey
            }), privateKey, bitLen());

          case 11:
            _context4.t1 = _context4.sent;
            return _context4.abrupt("return", new _context4.t0(_context4.t1));

          case 13:
          case "end":
            return _context4.stop();
        }
      }
    }, _callee4);
  }));

  return function deriveSecret(_x14, _x15, _x16) {
    return _ref4.apply(this, arguments);
  };
}();

exports.deriveSecret = deriveSecret;