/**************************************
 * Extracted from:
 *    http://www.w3.org/TR/WebCryptoAPI
 **/

/**************************************
 * 9
 **/
[NoInterfaceObject]
interface RandomSource {
  ArrayBufferView getRandomValues(ArrayBufferView array);
};

/**************************************
 * 10
 **/
// TBD: ISSUE-28
typedef (Algorithm or DOMString) AlgorithmIdentifier;

dictionary AlgorithmParameters {
};

dictionary Algorithm {
  DOMString name;
  AlgorithmParameters params;
};

/**************************************
 * 11
 **/
enum KeyType {
  "secret",
  "public",
  "private"
};

enum KeyUsage {
  "encrypt",
  "decrypt",
  "sign",
  "verify",
  "derive"
};

interface Key {
  readonly attribute KeyType type;
  readonly attribute bool extractable;
  readonly attribute Algorithm algorithm;
  readonly attribute KeyUsage[] keyUsage;
};

/**************************************
 * 12
 **/
interface CryptoOperation : EventTarget {
  void process(ArrayBufferView buffer);
  void finish();
  void abort();

  readonly attribute Key? key;
  readonly attribute Algorithm algorithm;
  readonly attribute any result;

  [TreatNonCallableasNull] attribute Function? onabort;
  [TreatNonCallableAsNull] attribute Function? onerror;
  [TreatNonCallableAsNull] attribute Function? onprogress;
  [TreatNonCallableAsNull] attribute Function? oncomplete;
};

/**************************************
 * 13
 **/
interface KeyOperation : EventTarget {
  readonly attribute any result;

  [TreatNonCallableAsNull] attribute Function? onerror;
  [TreatNonCallableAsNull] attribute Function? oncomplete;
};

/**************************************
 * 14
 **/
enum KeyFormat {
  // An unformatted sequence of bytes. Intended for secret keys.
  "raw",
  // The DER encoding of the PrivateKeyInfo structure from RFC 5208.
  "pkcs8",
  // The DER encoding of the SubjectPublicKeyInfo structure from RFC 5280.
  "spki",
  // The key is represented as JSON according to the JSON Web Key format.
  "jwk",
};

interface Crypto {
  CryptoOperation encrypt(AlgorithmIdentifier algorithm,
                          Key key,
                          optional ArrayBufferView? buffer = null);
  CryptoOperation decrypt(AlgorithmIdentifier algorithm,
                          Key key,
                          optional ArrayBufferView? buffer = null);
  CryptoOperation sign(AlgorithmIdentifier algorithm,
                       Key key,
                       optional ArrayBufferView? buffer = null);
  CryptoOperation verify(AlgorithmIdentifier algorithm,
                         Key key,
                         ArrayBufferView signature,
                         optional ArrayBufferView? buffer = null);
  CryptoOperation digest(AlgorithmIdentifier algorithm,
                         optional ArrayBufferView? buffer = null);

  // TBD: ISSUE-36
  KeyOperation generateKey(AlgorithmIdentifier algorithm,
                           bool extractable = false,
                           KeyUsage[] keyUsages = []);
  KeyOperation deriveKey(AlgorithmIdentifier algorithm,
                         Key baseKey,
                         AlgorithmIdentifier? derivedKeyType,
                         bool extractable = false,
                         KeyUsage[] keyUsages = []);

  // TBD: ISSUE-35
  KeyOperation importKey(KeyFormat format,
                         ArrayBufferView keyData,
                         AlgorithmIdentifier? algorithm,
                         bool extractable = false,
                         KeyUsage[] keyUsages = []);
  KeyOperation exportKey(KeyFormat format, Key key);
};

Crypto implements RandomSource;

partial interface Window {
  readonly attribute Crypto crypto;
};

/**************************************
 * 15
 **/
interface WorkerCrypto {
};

WorkerCrypto implements RandomSource;

partial interface WorkerGlobalScope {
  readonly attribute WorkerCrypto crypto;
};

/**************************************
 * 16
 */
typedef Uint8Array BigInteger;


/**************************************
 * 17
 **/
interface KeyPair {
  Key publicKey;
  Key privateKey;
};


/**************************************
 * 19.3.3
 **/
dictionary RsaKeyGenParams : AlgorithmParameters {
  // The length, in bits, of the RSA modulus
  unsigned long modulusLength;
  // The RSA public exponent
  BigInteger publicExponent;
};

/**************************************
 * 19.4.3
 **/
dictionary RsaSsaParams : AlgorithmParameters {
  // The hash algorithm to use
  AlgorithmIdentifier hash;
};

/**************************************
 * 19.5.3
 **/
dictionary RsaPssParams : AlgorithmParameters {
  // The hash function to apply to the message
  AlgorithmIdentifier hash;
  // The mask generation function
  AlgorithmIdentifier mgf;
  // The desired length of the random salt
  unsigned long saltLength;
};

/**************************************
 * 19.6.3
 **/
dictionary RsaOaepParams : AlgorithmParameters {
  // The hash function to apply to the message
  AlgorithmIdentifier hash;
  // The mask generation function
  AlgorithmIdentifier mgf;
  // The optional label/application data to associate with the message
  ArrayBufferView? label;
};

/**************************************
 * 19.7.3
 **/
dictionary EcdsaParams : AlgorithmParameters {
  // The hash algorithm to use
  AlgorithmIdentifier hash;
};
enum NamedCurve {
  // NIST recommended curve P-256, also known as secp256r1.
  "P-256",
  // NIST recommended curve P-384, also known as secp384r1.
  "P-384",
  // NIST recommended curve P-521, also known as secp521r1.
  "P-521"
};

/**************************************
 * 19.7.4
 **/
dictionary EcKeyGenParams : AlgorithmParameters {
  // A named curve
  NamedCurve namedCurve;
};

/**************************************
 * 19.8.3
 **/
typedef Uint8Array ECPoint;

dictionary EcdhKeyDeriveParams : AlgorithmParameters {
  // The peer's EC public key.
  ECPoint public;
};

/**************************************
 * 19.9.3
 **/
dictionary AesCtrParams : AlgorithmParameters {
  // The initial value of the counter block. counter MUST be 16 bytes
  // (the AES block size). The counter bits are the rightmost length
  // bits of the counter block. The rest of the counter block is for
  // the nonce. The counter bits are incremented using the standard
  // incrementing function specified in NIST SP 800-38A Appendix B.1:
  // the counter bits are interpreted as a big-endian integer and
  // incremented by one.
  ArrayBuffer counter;
  // The length, in bits, of the rightmost part of the counter block
  // that is incremented.
  [EnforceRange] octet length;
};

/**************************************
 * 19.9.4
 **/
dictionary AesKeyGenParams : AlgorithmParameters {
  // The length, in bits, of the key.
  [EnforceRange] unsigned short length;
};

/**************************************
 * 19.10.3
 **/
dictionary AesCbcParams : AlgorithmParameters {
  // The initialization vector. MUST be 16 bytes.
  ArrayBufferView iv;
};

/**************************************
 * 19.11.3
 **/
dictionary AesGcmParams : AlgorithmParameters {
  // The initialization vector to use. May be up to 2^56 bytes long.
  ArrayBufferView? iv;
  // The additional authentication data to include.
  ArrayBufferView? additionalData;
  // The desired length of the authentication tag. May be 0 - 128.
  [EnforceRange] octet? tagLength = 0;
};

/**************************************
 * 19.12.3
 **/
dictionary HmacParams : AlgorithmParameters {
  // The inner hash function to use.
  AlgorithmIdentifier hash;
};

/**************************************
 * 19.13.3
 **/
dictionary DhKeyGenParams : AlgorithmParameters {
  // The prime p.
  BigInteger prime;
  // The base g.
  BigInteger generator;
};

/**************************************
 * 19.13.4
 **/
dictionary DhKeyDeriveParams : AlgorithmParameters {
  // The peer's public value.
  BigInteger public;
};

/**************************************
 * 19.15.4
 **/
dictionary ConcatParams : AlgorithmParameters {
  // The digest method to use to derive the keying material.
  AlgorithmIdentifier hash;

  // A bit string corresponding to the AlgorithmId field of the OtherInfo parameter.
  // The AlgorithmId indicates how the derived keying material will be parsed and for which
  // algorithm(s) the derived secret keying material will be used.
  ArrayBufferView algorithmId;

  // A bit string that corresponds to the PartyUInfo field of the OtherInfo parameter.
  ArrayBufferView partyUInfo;
  // A bit string that corresponds to the PartyVInfo field of the OtherInfo parameter.
  ArrayBufferView partyVInfo;
  // An optional bit string that corresponds to the SuppPubInfo field of the OtherInfo parameter.
  ArrayBufferView? publicInfo;
  // An optional bit string that corresponds to the SuppPrivInfo field of the OtherInfo parameter.
  ArrayBufferView? privateInfo;
};

/**************************************
 * 19.16.3
 **/
dictionary Pbkdf2Params : AlgorithmParameters {
  ArrayBufferView salt;
  [Clamp] unsigned long iterations;
  AlgorithmIdentifier prf;
  ArrayBufferView? password;
}

/**************************************
 * 21.1

// Algorithm Object
var algorithmKeyGen = {
  name: "RSASSA-PKCS1-v1_5",
  // RsaKeyGenParams
  params: {
    modulusLength: 2048,
    publicExponent: new Uint8Array([0x01, 0x00, 0x01]),  // Equivalent to 65537
  }
};

var algorithmSign = {
  name: "RSASSA-PKCS1-v1_5",
  // RsaSsaParams
  params: {
    hash: {
      name: "SHA-256",
    }
  }
};

var keyGen = window.crypto.generateKey(algorithmKeyGen,
                                       false, // extractable
                                       ["sign"]);

keyGen.oncomplete = function(event) {
  // Because we are not supplying data to .sign(), a multi-part
  // CryptoOperation will be returned, which requires us to call .process()
  // and .finish().
  var signer = window.crypt.sign(algorithmSign, event.target.result.privateKey);
  signer.oncomplete = function(event) {
    console.log("The signature is: " + event.target.result);
  }
  signer.onerror = function(event) {
    console.error("Unable to sign");
  }

  var dataPart1 = convertPlainTextToArrayBufferView("hello,");
  var dataPart2 = convertPlainTextToArrayBufferView(" world!");
  // TODO: create example utility function that converts text -> ArrayBufferView

  signer.process(dataPart1);
  signer.process(dataPart2);
  signer.finish();
};

keyGen.onerror = function(event) {
  console.error("Unable to generate a key.");
};

**/

/**************************************
 * 21.2
var clearDataArrayBufferView = convertPlainTextToArrayBufferView("Plain Text Data");
// TODO: create example utility function that converts text -> ArrayBufferView

var aesAlgorithmKeyGen = {
  name: "AES-CBC",
  // AesKeyGenParams
  params: {
    length: 128
  }
};

var aesAlgorithmEncrypt = {
  name: "AES-CBC",
  // AesCbcParams
  params: {
    iv: window.crypto.getRandomValues(new Uint8Array(16))
  }
};

// Create a keygenerator to produce a one-time-use AES key to encrypt some data
var cryptoKeyGen = window.crypto.generateKey(aesAlgorithmKeyGen,
                                             false, // extractable
                                             ["encrypt"]);

cryptoKeyGen.oncomplete = function(event) {
  // A new, random AES key has been generated.
  var aesKey = event.target.result;

  // Unlike the signing example, which showed multi-part encryption, here we
  // will perform the entire AES operation in a single call.
  var aesOp = window.crypto.encrypt(aesAlgorithmEncrypt, aesKey, clearDataArrayBufferView);
  aesOp.oncomplete = function(event) {
    // The clearData has been encrypted.
    var ciphertext = event.target.result; // ArrayBufferView
  };
  aesOp.onerror = function(event) {
    console.error("Unable to AES encrypt.");
  };
};

**/