import { XWing } from "@noble/post-quantum/hybrid.js";
import { xchacha20poly1305 } from "@noble/ciphers/chacha.js";
import { sha3_512 } from "@noble/hashes/sha3.js";
import type { EncryptedPayload } from "./types.ts";

export function decryptText(
  secretKey: Uint8Array,
  payload: EncryptedPayload,
): string {
  const cipherText = Uint8Array.fromBase64(payload.cipherText);
  const nonce = Uint8Array.fromBase64(payload.nonce);
  const content = Uint8Array.fromBase64(payload.content);
  const sharedSecret = XWing.decapsulate(cipherText, secretKey);
  const cipher = xchacha20poly1305(sharedSecret, nonce);
  const decrypted = cipher.decrypt(content);
  const hash = sha3_512(decrypted);

  if (decrypted.byteLength !== payload.length) {
    throw new Error(
      `content lengths do not match: got ${decrypted.byteLength}, expected ${payload.length}`,
    );
  } else if (hash.toBase64() !== payload.hash) {
    throw new Error(
      `hashes do not match: got ${hash.toBase64()}, expected ${payload.hash}`,
    );
  }

  return new TextDecoder().decode(decrypted);
}