agent-pay 0.1.0

use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey, SECRET_KEY_LENGTH};
use rand::rngs::OsRng;

use crate::error::Error;

const ED25519_PUB_MULTICODEC: [u8; 2] = [0xED, 0x01];

#[derive(Debug, Clone)]
pub struct KeyPair {
    pub public_key: [u8; 32],
    pub private_key: [u8; SECRET_KEY_LENGTH],
}

pub fn generate_key_pair() -> KeyPair {
    let signing = SigningKey::generate(&mut OsRng);
    let verifying = signing.verifying_key();
    KeyPair {
        public_key: verifying.to_bytes(),
        private_key: signing.to_bytes(),
    }
}

pub fn did_key_from_public_key(public_key: &[u8]) -> Result<String, Error> {
    if public_key.len() != 32 {
        return Err(Error::InvalidDidKey(format!(
            "Ed25519 public key must be 32 bytes, got {}",
            public_key.len()
        )));
    }
    let mut bytes = Vec::with_capacity(34);
    bytes.extend_from_slice(&ED25519_PUB_MULTICODEC);
    bytes.extend_from_slice(public_key);
    let encoded = bs58::encode(&bytes).into_string();
    Ok(format!("did:key:z{encoded}"))
}

pub fn public_key_from_did_key(did: &str) -> Result<[u8; 32], Error> {
    if !did.starts_with("did:key:z") {
        return Err(Error::InvalidDidKey(format!("not a did:key: {did}")));
    }
    let multibase = &did["did:key:z".len()..];
    let decoded = bs58::decode(multibase)
        .into_vec()
        .map_err(|e| Error::Multibase(e.to_string()))?;
    if decoded.len() < 34 {
        return Err(Error::InvalidDidKey(format!(
            "did:key multibase too short: decoded {} bytes (need 2-byte multicodec + 32-byte Ed25519 key)",
            decoded.len()
        )));
    }
    if decoded[0] != 0xED || decoded[1] != 0x01 {
        let got = format!("0x{:02x}{:02x}", decoded[0], decoded[1]);
        return Err(Error::InvalidDidKey(format!(
            "unsupported did:key multicodec (expected 0xed01, got {got})"
        )));
    }
    let mut out = [0u8; 32];
    out.copy_from_slice(&decoded[2..34]);
    Ok(out)
}

pub fn verification_method_id(did: &str) -> Result<String, Error> {
    if let Some(fragment) = did.strip_prefix("did:key:") {
        return Ok(format!("{did}#{fragment}"));
    }
    if !did.contains('#') {
        return Err(Error::Other(format!("cannot derive fragment from {did}")));
    }
    Ok(did.to_string())
}

pub fn ed25519_sign(private_key: &[u8; SECRET_KEY_LENGTH], message: &[u8]) -> [u8; 64] {
    let signing = SigningKey::from_bytes(private_key);
    signing.sign(message).to_bytes()
}

pub fn ed25519_verify(public_key: &[u8; 32], message: &[u8], signature: &[u8]) -> bool {
    let Ok(verifying) = VerifyingKey::from_bytes(public_key) else {
        return false;
    };
    let Ok(sig) = <[u8; 64]>::try_from(signature) else {
        return false;
    };
    let sig = Signature::from_bytes(&sig);
    verifying.verify(message, &sig).is_ok()
}