package cryptography

import (
	"crypto/aes"
	"crypto/cipher"

	"github.com/spf13/viper"
)

func EncryptPassword(b []byte) ([]byte, error) {
	nonce := viper.Get("nonce").(string)
	dev := viper.Get("device").(string)

	block, err := aes.NewCipher([]byte(dev))
	if err != nil {
		return nil, err
	}

	aesg, err := cipher.NewGCM(block)
	if err != nil {
		return nil, err
	}

	//adding #nosec here since gosec interprets this as a hardcoded nonce when in reality it is securely generated
	//using crypto/rand when running the config command. Here is is pulled from memory and is not a hardcoded nonce
	//as gosec thinks, will remove this skip once the issue is addressed from gosec
	ct := aesg.Seal(nil, []byte(nonce), []byte(b), nil) // #nosec
	return ct, nil
}

func DecryptPassword(b []byte) (string, error) {
	nonce := viper.Get("nonce").(string)
	password := viper.Get("password").(string)
	dev := viper.Get("device").(string)

	block, err := aes.NewCipher([]byte(dev))
	if err != nil {
		return "", err
	}

	aesg, err := cipher.NewGCM(block)
	if err != nil {
		return "", err
	}

	op, err := aesg.Open(nil, []byte(nonce), []byte(password), nil)
	if err != nil {
		return "", err
	}

	return string(op), nil
}