package main

import (
	"crypto/rand"
	"crypto/sha256"
	"encoding/hex"
	"encoding/json"
	"flag"
	"fmt"
	"log"
	"os"

	"golang.org/x/crypto/pbkdf2"

	"github.com/jech/galene/group"
)

func main() {
	var iterations int
	var length int
	var saltLen int
	var username string
	flag.StringVar(&username, "user", "",
		"generate entry for given `username`")
	flag.IntVar(&iterations, "iterations", 4096, "`number` of iterations")
	flag.IntVar(&length, "key", 32, "key `length`")
	flag.IntVar(&saltLen, "salt", 8, "salt `length`")
	flag.Parse()

	if len(flag.Args()) == 0 {
		fmt.Fprintf(
			flag.CommandLine.Output(),
			"Usage: %s [option...] password...\n",
			os.Args[0])
		flag.PrintDefaults()
		os.Exit(2)
	}

	salt := make([]byte, saltLen)

	for _, pw := range flag.Args() {
		_, err := rand.Read(salt)
		if err != nil {
			log.Fatalf("Salt: %v", err)
		}
		key := pbkdf2.Key(
			[]byte(pw), salt, iterations, length, sha256.New,
		)

		p := group.Password{
			Type:       "pbkdf2",
			Hash:       "sha-256",
			Key:        hex.EncodeToString(key),
			Salt:       hex.EncodeToString(salt),
			Iterations: iterations,
		}
		e := json.NewEncoder(os.Stdout)
		if username != "" {
			creds := group.ClientCredentials{
				Username: username,
				Password: &p,
			}
			err = e.Encode(creds)
		} else {
			err = e.Encode(p)
		}
		if err != nil {
			log.Fatalf("Encode: %v", err)
		}
	}
}