#!/usr/bin/env python3

import os, sys, duniterpy.key, libnacl.sign

def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str:
	if arg in args and len(args) > args.index(arg)+n:
		return args[args.index(arg)+n]
	else:
		return default

def read_data(data_path, b=True):
	if data_path == "-":
		if b:
			return sys.stdin.read().encode()
		else:
			return sys.stdin.read()
	else:
		if b:
			return open(os.path.expanduser(data_path), "rb").read()
		else:
			return open(os.path.expanduser(data_path), "r").read()

def write_data(data, result_path):
	(sys.stdout if result_path == "-" else open(os.path.expanduser(result_path), "wb")).write(data)

def encrypt(data, pubkey):
	return duniterpy.key.PublicKey(pubkey).encrypt_seal(data)

def decrypt(data, privkey):
	return duniterpy.key.SigningKey.from_seedhex(privkey).decrypt_seal(data)

def sign(data, privkey):
	return duniterpy.key.SigningKey.from_seedhex(privkey).sign(data)

def verify(data, pubkey):
	try:
		return libnacl.sign.Verifier(duniterpy.key.PublicKey(pubkey).hex_pk()).verify(data)
	except ValueError:
		exit(1)

def show_help():
	print("""Usage:
python3 natools.py <command> [options]

Commands:
  encrypt  Encrypt data
  decrypt  Decrypt data
  sign     Sign data
  verify   Verify data

Options:
  -i <path>  Input file path (default: -)
  -k <path>  Privkey file path (default: authfile.key)
  -p <str>   Pubkey (base58)
  -o <path>  Output file path (default: -)

Note: "-" means stdin or stdout.
""")

if __name__ == "__main__":
	
	if "--help" in sys.argv:
		show_help()
		exit()
	
	data_path = getargv("-i", "-")
	privkey_path = getargv("-k", "authfile.key")
	pubkey = getargv("-p")
	result_path = getargv("-o", "-")
	
	try:
		if sys.argv[1] == "encrypt":
			write_data(encrypt(read_data(data_path), pubkey), result_path)
		elif sys.argv[1] == "decrypt":
			write_data(decrypt(read_data(data_path), read_data(privkey_path, False)), result_path)
		elif sys.argv[1] == "sign":
			write_data(sign(read_data(data_path), read_data(privkey_path, False)), result_path)
		elif sys.argv[1] == "verify":
			write_data(verify(read_data(data_path), pubkey), result_path)
		else:
			show_help()
	except Exception as e:
		sys.stderr.write("Error: ", e, "\n")
		show_help()
		exit(1)