import CryptoKit
import Foundation
import MartinOMEMO

final class AESGSMEngine: AES_GCM_Engine {
    static let shared = AESGSMEngine()

    private init() {}

    func encrypt(iv: Data, key: Data, message: Data, output: UnsafeMutablePointer<Data>?, tag: UnsafeMutablePointer<Data>?) -> Bool {
        do {
            let symmetricKey = SymmetricKey(data: key)
            let sealedBox = try AES.GCM.seal(message, using: symmetricKey, nonce: AES.GCM.Nonce(data: iv))

            if let output = output, let data = sealedBox.combined {
                output.pointee = data
            }
            if let tag = tag {
                tag.pointee = sealedBox.tag
            }
            return true
        } catch {
            print("Encryption error: \(error)")
            return false
        }
    }

    func decrypt(iv: Data, key: Data, encoded: Data, auth tag: Data?, output: UnsafeMutablePointer<Data>?) -> Bool {
        do {
            let symmetricKey = SymmetricKey(data: key)
            guard let tag = tag else {
                print("Tag is missing")
                return false
            }
            let sealedBox = try AES.GCM.SealedBox(nonce: AES.GCM.Nonce(data: iv), ciphertext: encoded, tag: tag)
            let decryptedData = try AES.GCM.open(sealedBox, using: symmetricKey)

            if let output = output {
                output.pointee = decryptedData
            }
            return true
        } catch {
            print("Decryption error: \(error)")
            return false
        }
    }

    static func generateIV() throws -> Data {
        var bytes = [Int8](repeating: 0, count: 12)
        let status = SecRandomCopyBytes(kSecRandomDefault, bytes.count, &bytes)
        if status != errSecSuccess {
            throw AppError.securityError
        }
        return Data(bytes: bytes, count: bytes.count)
    }

    static func generateKey() throws -> Data {
        let key = SymmetricKey(size: .bits256)
        return key.withUnsafeBytes { Data($0) }
    }
}