package signature

import (
	"crypto/ecdsa"
	"fmt"

	"github.com/nspcc-dev/neofs-api-go/v2/refs"
	crypto "github.com/nspcc-dev/neofs-crypto"
)

type cfg struct {
	defaultScheme  refs.SignatureScheme
	restrictScheme refs.SignatureScheme
}

func defaultCfg() *cfg {
	return &cfg{
		defaultScheme:  refs.ECDSA_SHA512,
		restrictScheme: refs.UnspecifiedScheme,
	}
}

func verify(cfg *cfg, data []byte, sig *refs.Signature) error {
	scheme := sig.GetScheme()
	if scheme == refs.UnspecifiedScheme {
		scheme = cfg.defaultScheme
	}
	if cfg.restrictScheme != refs.UnspecifiedScheme && scheme != cfg.restrictScheme {
		return fmt.Errorf("%w: unexpected signature scheme", crypto.ErrInvalidSignature)
	}

	pub := crypto.UnmarshalPublicKey(sig.GetKey())
	switch scheme {
	case refs.ECDSA_SHA512:
		return crypto.Verify(pub, data, sig.GetSign())
	case refs.ECDSA_RFC6979_SHA256:
		return crypto.VerifyRFC6979(pub, data, sig.GetSign())
	default:
		return crypto.ErrInvalidSignature
	}
}

func sign(cfg *cfg, scheme refs.SignatureScheme, key *ecdsa.PrivateKey, data []byte) ([]byte, error) {
	switch scheme {
	case refs.ECDSA_SHA512:
		return crypto.Sign(key, data)
	case refs.ECDSA_RFC6979_SHA256:
		return crypto.SignRFC6979(key, data)
	default:
		panic("unsupported scheme")
	}
}

func SignWithRFC6979() SignOption {
	return func(c *cfg) {
		c.defaultScheme = refs.ECDSA_RFC6979_SHA256
		c.restrictScheme = refs.ECDSA_RFC6979_SHA256
	}
}