package hasher

// Copyright (c) 2025 Robert Strutts <bobs@NewToFaith.com>
// License: MIT
// GIT: https://git.mysnippetsofcode.com/bobs/execguard 

import(
    "execguard/core/configure"
    "encoding/base64"
    "crypto/sha256"
	"crypto/sha512"
	"encoding/hex"
	"log"
	"os"
	"strings"
    "github.com/yang3yen/xxtea-go/xxtea"
)

var (
    config configure.Config
)

func SetGlobalConfig(c configure.Config) {
    config = c
}

func normalizeXXTEAKey(key []byte) []byte {
    switch {
    case len(key) == 16:
        return key
    case len(key) > 16:
        hash := sha256.Sum256(key)
        return hash[:16]
    default: // len(key) < 16
        padded := make([]byte, 16)
        copy(padded, key)
        // Simple padding with repeated key pattern
        for i := len(key); i < 16; i++ {
            padded[i] = key[i%len(key)]
        }
        return padded
    }
}

func ComputeHash(path string, log *log.Logger) string {
	data, err := os.ReadFile(path)
	if err != nil {
		return ""
	}
    
    var hashBytes []byte
	switch strings.ToLower(config.HashType) {
	case "sha256":
		sum := sha256.Sum256(data)
		hashBytes = sum[:]
	case "sha512", "":
		sum := sha512.Sum512(data)
		hashBytes = sum[:]
	default:
		log.Printf("Unknown hash_type '%s', defaulting to sha512.", config.HashType)
		sum := sha512.Sum512(data)
		hashBytes = sum[:]
	}
    
	switch strings.ToLower(config.HashEncryption) {
	case "none":
		return hex.EncodeToString(hashBytes)

	case "xor":
		if config.Passphrase == "" {
			log.Println("XOR encryption selected but no passphrase provided.")
			return hex.EncodeToString(hashBytes)
		}
		key := []byte(config.Passphrase)
		enc := make([]byte, len(hashBytes))
		for i := 0; i < len(hashBytes); i++ {
			enc[i] = hashBytes[i] ^ key[i%len(key)]
		}
		return hex.EncodeToString(enc)

	case "xxtea":
		if config.Passphrase == "" {
			log.Println("XXTEA encryption selected but no passphrase provided.")
			return hex.EncodeToString(hashBytes)
		}
        
        key := normalizeXXTEAKey([]byte(config.Passphrase))
        enc, err := xxtea.Encrypt(hashBytes, key, false, 0)
        if err != nil {
            log.Println("XXTEA encryption KEY error???")
            return hex.EncodeToString(hashBytes)
        }
		return base64.StdEncoding.EncodeToString(enc)

	default:
		log.Printf("Unknown hash_encryption type: %s. Using plain hash.", config.HashEncryption)
		return hex.EncodeToString(hashBytes)
	}
}