// Copyright (C) 2020 Storj Labs, Inc.
// See LICENSE for copying information.

package multinodeauth

import (
	"bytes"
	"crypto/rand"
	"encoding/base64"

	"github.com/zeebo/errs"
)

// Secret crypto random 32 bytes array for multinode auth.
type Secret [32]byte

// NewSecret creates new multinode auth secret.
func NewSecret() (Secret, error) {
	var b [32]byte

	_, err := rand.Read(b[:])
	if err != nil {
		return b, errs.New("error creating multinode auth secret")
	}

	return b, nil
}

// String implements Stringer.
func (secret Secret) String() string {
	return base64.URLEncoding.EncodeToString(secret[:])
}

// IsZero returns if secret is not set.
func (secret Secret) IsZero() bool {
	var zero Secret
	// this doesn't need to be constant-time, because we're explicitly testing
	// against a hardcoded, well-known value
	return bytes.Equal(secret[:], zero[:])
}

// SecretFromBase64 creates new secret from base64 string.
func SecretFromBase64(s string) (Secret, error) {
	b, err := base64.URLEncoding.DecodeString(s)
	if err != nil {
		return Secret{}, err
	}

	return SecretFromBytes(b)
}

// SecretFromBytes creates secret from bytes slice.
func SecretFromBytes(b []byte) (Secret, error) {
	if len(b) != 32 {
		return Secret{}, errs.New("invalid secret")
	}

	var secret Secret
	copy(secret[:], b)
	return secret, nil
}