use base64::engine::general_purpose::STANDARD;
use base64::Engine;
use rust_util::{simple_error, XResult};
use swift_secure_enclave_tool_rs::KeyPurpose;

pub fn is_support_se() -> bool {
    swift_secure_enclave_tool_rs::is_secure_enclave_supported().unwrap_or(false)
}

pub fn decrypt_data(
    private_key_base64: &str,
    ephemeral_public_key_bytes: &[u8],
) -> XResult<Vec<u8>> {
    let private_key_representation = STANDARD.decode(private_key_base64)?;
    let shared_secret = swift_secure_enclave_tool_rs::private_key_ecdh(
        &private_key_representation,
        ephemeral_public_key_bytes,
    )?;
    Ok(shared_secret)
}

pub fn generate_se_p256_keypair() -> XResult<(String, String)> {
    if !is_support_se() {
        return simple_error!("Secure enclave is not supported.");
    }
    let key_material =
        swift_secure_enclave_tool_rs::generate_ecdsa_keypair(KeyPurpose::KeyAgreement, true)?;
    Ok((
        hex::encode(&key_material.public_key_point),
        STANDARD.encode(&key_material.private_key_representation),
    ))
}