package security

import (
	"crypto/ed25519"
	"errors"
	"golang.org/x/crypto/ssh"
	"os"
	"sync"
)

var (
	ed25519Priv ed25519.PrivateKey
	once        sync.Once
)

// InitEd25519Keys 加载并解密 OpenSSH 格式的 Ed25519 私钥
func InitEd25519Keys(passphrase string) error {
	var err error
	once.Do(func() {
		// 读取私钥文件
		data, e := os.ReadFile("keys/alaer_machines")
		if e != nil {
			err = errors.New("failed to load ed25519 private key file: " + e.Error())
			return
		}

		// 解析 OpenSSH 私钥格式（可能是加密的）
		decryptedKey, e := ssh.ParseRawPrivateKeyWithPassphrase(data, []byte(passphrase))
		if e != nil {
			err = errors.New("failed to decrypt private key: " + e.Error())
			return
		}

		// 检查解析出的私钥类型
		switch key := decryptedKey.(type) {
		case ed25519.PrivateKey:
			ed25519Priv = key
		case *ed25519.PrivateKey:
			ed25519Priv = *key
		default:
			err = errors.New("parsed key is not an ed25519 private key, check your key format")
			return
		}
	})
	return err
}

// Ed25519Sign 进行 Ed25519 签名
func Ed25519Sign(message []byte) ([]byte, error) {
	if ed25519Priv == nil {
		return nil, errors.New("private key not initialized")
	}
	return ed25519.Sign(ed25519Priv, message), nil
}