"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const crypto_1 = __importDefault(require("crypto"));
const util_1 = require("util");
const file_js_1 = require("./file.js");
const ASYMMETRIC_KEYS_ALGO = 'rsa';
const ASYMMETRIC_KEYS_CIPHER = 'aes-256-cbc';
const ASYMMETRIC_KEYS_LENGTH = 4096;
const ASYMMETRIC_KEYS_FORMAT = {
    format: 'pem',
    type: 'pkcs8'
};
const SYMMETRIC_ALGO = 'aes-256-gcm';
// NOTE: AES-256 requires a 256 bit key. 256 bits === 32 bytes
const PASSPHRASE_SIZE = 32;
const generateKeyPair = (0, util_1.promisify)(crypto_1.default.generateKeyPair);
const randomBytes = (0, util_1.promisify)(crypto_1.default.randomBytes);
const scrypt = (0, util_1.promisify)(crypto_1.default.scrypt);
class CryptoContext {
    async _generateNonce() {
        return await randomBytes(PASSPHRASE_SIZE);
    }
    async _generateKeyPair() {
        return await generateKeyPair(ASYMMETRIC_KEYS_ALGO, { modulusLength: ASYMMETRIC_KEYS_LENGTH });
    }
    async _generatePassphrase(nonce) {
        const bytes = await randomBytes(PASSPHRASE_SIZE);
        return await scrypt(bytes, nonce, PASSPHRASE_SIZE);
    }
    async _saveNonce(nonce) {
        await (0, file_js_1.save)(file_js_1.FILE_TYPE.NONCE, nonce);
    }
    async _savePrivateKey(privateKey, nonce) {
        const data = privateKey.export(Object.assign({ cipher: ASYMMETRIC_KEYS_CIPHER, passphrase: nonce }, ASYMMETRIC_KEYS_FORMAT));
        await (0, file_js_1.save)(file_js_1.FILE_TYPE.PRIVATE_KEY, data);
    }
    async _savePassphrase(passphrase, publicKey) {
        await (0, file_js_1.save)(file_js_1.FILE_TYPE.PASSPHRASE, crypto_1.default.publicEncrypt(publicKey, passphrase));
    }
    async _saveAuthTag(authTag) {
        await (0, file_js_1.save)(file_js_1.FILE_TYPE.AUTH_TAG, authTag);
    }
    async _loadAuthTag() {
        return await (0, file_js_1.load)(file_js_1.FILE_TYPE.AUTH_TAG);
    }
    async _loadNonce() {
        return await (0, file_js_1.load)(file_js_1.FILE_TYPE.NONCE);
    }
    async _loadPrivateKey(nonce) {
        const data = await (0, file_js_1.load)(file_js_1.FILE_TYPE.PRIVATE_KEY);
        return crypto_1.default.createPrivateKey(Object.assign({ key: data, passphrase: nonce }, ASYMMETRIC_KEYS_FORMAT));
    }
    async _loadPassphrase(privateKey) {
        const data = await (0, file_js_1.load)(file_js_1.FILE_TYPE.PASSPHRASE);
        return crypto_1.default.privateDecrypt(privateKey, data);
    }
    async _generateEncryptionKeys() {
        const nonce = await this._generateNonce();
        const passphrase = await this._generatePassphrase(nonce);
        const { publicKey, privateKey } = await this._generateKeyPair();
        await this._saveNonce(nonce);
        await this._savePrivateKey(privateKey, nonce);
        await this._savePassphrase(passphrase, publicKey);
        return { nonce, passphrase };
    }
    async _loadDecryptionKeys() {
        const authTag = await this._loadAuthTag();
        const nonce = await this._loadNonce();
        const privateKey = await this._loadPrivateKey(nonce);
        const passphrase = await this._loadPassphrase(privateKey);
        return { authTag, nonce, passphrase };
    }
    async _createCipher() {
        const { nonce, passphrase } = await this._generateEncryptionKeys();
        return crypto_1.default.createCipheriv(SYMMETRIC_ALGO, passphrase, nonce);
    }
    async _createDecipher() {
        const { nonce, passphrase, authTag } = await this._loadDecryptionKeys();
        const decipher = await crypto_1.default.createDecipheriv(SYMMETRIC_ALGO, passphrase, nonce);
        decipher.setAuthTag(authTag);
        return decipher;
    }
    async encrypt(data) {
        const cipher = await this._createCipher();
        const result = Buffer.concat([cipher.update(data), cipher.final()]);
        await this._saveAuthTag(cipher.getAuthTag());
        return result;
    }
    async decrypt(data) {
        const decipher = await this._createDecipher();
        return Buffer.concat([decipher.update(data), decipher.final()]);
    }
}
exports.default = CryptoContext;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3J5cHRvLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2NyeXB0by50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLG9EQUFpRztBQUNqRywrQkFBaUM7QUFDakMsdUNBRW1CO0FBRW5CLE1BQU0sb0JBQW9CLEdBQUssS0FBSyxDQUFDO0FBQ3JDLE1BQU0sc0JBQXNCLEdBQUcsYUFBYSxDQUFDO0FBQzdDLE1BQU0sc0JBQXNCLEdBQUcsSUFBSSxDQUFDO0FBRXBDLE1BQU0sc0JBQXNCLEdBQUc7SUFDM0IsTUFBTSxFQUFFLEtBQUs7SUFDYixJQUFJLEVBQUksT0FBTztDQUNULENBQUM7QUFFWCxNQUFNLGNBQWMsR0FBRyxhQUFhLENBQUM7QUFFckMsOERBQThEO0FBQzlELE1BQU0sZUFBZSxHQUFHLEVBQUUsQ0FBQztBQWdCM0IsTUFBTSxlQUFlLEdBQUcsSUFBQSxnQkFBUyxFQUFDLGdCQUFNLENBQUMsZUFBZSxDQUFDLENBQUM7QUFDMUQsTUFBTSxXQUFXLEdBQU8sSUFBQSxnQkFBUyxFQUFDLGdCQUFNLENBQUMsV0FBVyxDQUFDLENBQUM7QUFDdEQsTUFBTSxNQUFNLEdBQVksSUFBQSxnQkFBUyxFQUF5QyxnQkFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0FBRXpGLE1BQXFCLGFBQWE7SUFDOUIsS0FBSyxDQUFDLGNBQWM7UUFDaEIsT0FBTyxNQUFNLFdBQVcsQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUM5QyxDQUFDO0lBRUQsS0FBSyxDQUFDLGdCQUFnQjtRQUNsQixPQUFPLE1BQU0sZUFBZSxDQUFDLG9CQUFvQixFQUFFLEVBQUUsYUFBYSxFQUFFLHNCQUFzQixFQUFFLENBQUMsQ0FBQztJQUNsRyxDQUFDO0lBRUQsS0FBSyxDQUFDLG1CQUFtQixDQUFFLEtBQWE7UUFDcEMsTUFBTSxLQUFLLEdBQUcsTUFBTSxXQUFXLENBQUMsZUFBZSxDQUFDLENBQUM7UUFFakQsT0FBTyxNQUFNLE1BQU0sQ0FBQyxLQUFLLEVBQUUsS0FBSyxFQUFFLGVBQWUsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFTyxLQUFLLENBQUMsVUFBVSxDQUFDLEtBQWE7UUFDbEMsTUFBTSxJQUFBLGNBQUksRUFBQyxtQkFBUyxDQUFDLEtBQUssRUFBRSxLQUFLLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQsS0FBSyxDQUFDLGVBQWUsQ0FBRSxVQUFxQixFQUFFLEtBQWE7UUFDdkQsTUFBTSxJQUFJLEdBQUcsVUFBVSxDQUFDLE1BQU0saUJBQUcsTUFBTSxFQUFFLHNCQUFzQixFQUFFLFVBQVUsRUFBRSxLQUFLLElBQUssc0JBQXNCLEVBQUcsQ0FBQztRQUVqSCxNQUFNLElBQUEsY0FBSSxFQUFDLG1CQUFTLENBQUMsV0FBVyxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQzVDLENBQUM7SUFFRCxLQUFLLENBQUMsZUFBZSxDQUFFLFVBQWtCLEVBQUUsU0FBb0I7UUFDM0QsTUFBTSxJQUFBLGNBQUksRUFBQyxtQkFBUyxDQUFDLFVBQVUsRUFBRSxnQkFBTSxDQUFDLGFBQWEsQ0FBQyxTQUFTLEVBQUUsVUFBVSxDQUFDLENBQUMsQ0FBQztJQUNsRixDQUFDO0lBRUQsS0FBSyxDQUFDLFlBQVksQ0FBRSxPQUFlO1FBQy9CLE1BQU0sSUFBQSxjQUFJLEVBQUMsbUJBQVMsQ0FBQyxRQUFRLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVELEtBQUssQ0FBQyxZQUFZO1FBQ2QsT0FBTyxNQUFNLElBQUEsY0FBSSxFQUFDLG1CQUFTLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVPLEtBQUssQ0FBQyxVQUFVO1FBQ3BCLE9BQU8sTUFBTSxJQUFBLGNBQUksRUFBQyxtQkFBUyxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRCxLQUFLLENBQUMsZUFBZSxDQUFFLEtBQWE7UUFDaEMsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFBLGNBQUksRUFBQyxtQkFBUyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBRS9DLE9BQU8sZ0JBQU0sQ0FBQyxnQkFBZ0IsaUJBQUcsR0FBRyxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsS0FBSyxJQUFLLHNCQUFzQixFQUFHLENBQUM7SUFDaEcsQ0FBQztJQUVELEtBQUssQ0FBQyxlQUFlLENBQUUsVUFBcUI7UUFDeEMsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFBLGNBQUksRUFBQyxtQkFBUyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBRTlDLE9BQU8sZ0JBQU0sQ0FBQyxjQUFjLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFRCxLQUFLLENBQUMsdUJBQXVCO1FBQ3pCLE1BQU0sS0FBSyxHQUFRLE1BQU0sSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO1FBQy9DLE1BQU0sVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLG1CQUFtQixDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRXpELE1BQU0sRUFBRSxTQUFTLEVBQUUsVUFBVSxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztRQUVoRSxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDN0IsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUM5QyxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBRWxELE9BQU8sRUFBRSxLQUFLLEVBQUUsVUFBVSxFQUFFLENBQUM7SUFDakMsQ0FBQztJQUVELEtBQUssQ0FBQyxtQkFBbUI7UUFDckIsTUFBTSxPQUFPLEdBQU0sTUFBTSxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7UUFDN0MsTUFBTSxLQUFLLEdBQVEsTUFBTSxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7UUFDM0MsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ3JELE1BQU0sVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUUxRCxPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsQ0FBQztJQUMxQyxDQUFDO0lBRU8sS0FBSyxDQUFDLGFBQWE7UUFDdkIsTUFBTSxFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyx1QkFBdUIsRUFBRSxDQUFDO1FBRW5FLE9BQU8sZ0JBQU0sQ0FBQyxjQUFjLENBQUMsY0FBYyxFQUFFLFVBQVUsRUFBRSxLQUFLLENBQUMsQ0FBQztJQUNwRSxDQUFDO0lBRU8sS0FBSyxDQUFDLGVBQWU7UUFDekIsTUFBTSxFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsT0FBTyxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztRQUV4RSxNQUFNLFFBQVEsR0FBRyxNQUFNLGdCQUFNLENBQUMsZ0JBQWdCLENBQUMsY0FBYyxFQUFFLFVBQVUsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUVsRixRQUFRLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRTdCLE9BQU8sUUFBUSxDQUFDO0lBQ3BCLENBQUM7SUFFRCxLQUFLLENBQUMsT0FBTyxDQUFFLElBQVk7UUFDdkIsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7UUFFMUMsTUFBTSxNQUFNLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUMsQ0FBQztRQUVwRSxNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUM7UUFFN0MsT0FBTyxNQUFNLENBQUM7SUFDbEIsQ0FBQztJQUVELEtBQUssQ0FBQyxPQUFPLENBQUUsSUFBWTtRQUN2QixNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztRQUU5QyxPQUFPLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxFQUFFLFFBQVEsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDcEUsQ0FBQztDQUNKO0FBMUdELGdDQTBHQyJ9