package vault

import (
	"bytes"
	"encoding/json"
	"os"
	"path/filepath"
)

// WriteEncrypted writes data to a fully encrypted file.
func WriteEncrypted(hash []byte, filename string, data []byte) error {
	ciphertext, err := Encrypt(hash, data)
	if err != nil {
		return err
	}

	// Write it to a file.
	fh, err := os.Create(filename)
	if err != nil {
		return err
	}
	defer fh.Close()

	fh.Write(ciphertext)

	return nil
}

// WriteSecureJSON writes an encrypted JSON file to disk using the password.
func WriteSecureJSON(profile string, hash []byte, v interface{}) error {
	Log.Info("WriteSecureJSON started")

	// Serialize the metadata to JSON.
	meta := bytes.NewBuffer([]byte{})
	encoder := json.NewEncoder(meta)
	encoder.SetIndent("", "\t")
	err := encoder.Encode(v)
	if err != nil {
		return err
	}

	// DEBUG: write a plain text JSON file.
	if true {
		jsonfile := filepath.Join(profile, "meta.json")
		Log.Info("Writing plain text JSON file to %s", jsonfile)
		fh, err := os.Create(jsonfile)
		if err != nil {
			return err
		}
		defer fh.Close()
		fh.Write(meta.Bytes())
	}

	// Write the encrypted metadata file.
	metafile := filepath.Join(profile, "meta.bin")
	err = WriteEncrypted(hash, metafile, meta.Bytes())
	if err != nil {
		return err
	}

	return nil
}

// ReadSecureJSON loads an encrypted JSON file from disk using the password.
func ReadSecureJSON(password string, v interface{}) error {
	return nil
}