var CryptoJS = require('crypto-js')
var crypto = require('crypto')
var secureRandom = require('secure-random')

var DEFAULT_WORDLIST = require('./wordlists/en.json')

function BIP39(wordlist) {
  this.wordlist = wordlist || DEFAULT_WORDLIST
}

BIP39.prototype.mnemonicToSeed = function(mnemonic, password) {
  var options = {iterations: 2048, hasher: CryptoJS.algo.SHA512, keySize: 512/32}
  return CryptoJS.PBKDF2(mnemonic, salt(password), options).toString(CryptoJS.enc.Hex)
}

BIP39.prototype.entropyToMnemonic = function(entropy) {
  var entropyBuffer = new Buffer(entropy, 'hex')
  var entropyBits = bytesToBinary([].slice.call(entropyBuffer))
  var checksum = checksumBits(entropyBuffer)

  var bits = entropyBits + checksum
  var chunks = bits.match(/(.{1,11})/g)

  var words = chunks.map(function(binary) {
    var index = parseInt(binary, 2)

    return this.wordlist[index]
  }, this)

  return words.join(' ')
}

BIP39.prototype.generateMnemonic = function(strength, rng) {
  strength = strength || 128
  rng = rng || secureRandom.randomBuffer

  var hex = rng(strength / 8).toString('hex')
  return this.entropyToMnemonic(hex, this.wordlist)
}

BIP39.prototype.validate = function(mnemonic) {
  var words = mnemonic.split(' ')

  if (words.length % 3 !== 0) return false

  var wordlist = this.wordlist
  var belongToList = words.every(function(word) {
    return wordlist.indexOf(word) > -1
  })

  if (!belongToList) return false

  // convert word indices to 11 bit binary strings
  var bits = words.map(function(word) {
    var index = wordlist.indexOf(word)
    return lpad(index.toString(2), '0', 11)
  }).join('')

  // split the binary string into ENT/CS
  var dividerIndex = Math.floor(bits.length / 33) * 32
  var entropy = bits.slice(0, dividerIndex)
  var checksum = bits.slice(dividerIndex)

  // calculate the checksum and compare
  var entropyBytes = entropy.match(/(.{1,8})/g).map(function(bin) {
    return parseInt(bin, 2)
  })
  var entropyBuffer = new Buffer(entropyBytes)
  var newChecksum = checksumBits(entropyBuffer)

  return newChecksum === checksum
}

function checksumBits(entropyBuffer) {
  var hash = crypto.createHash('sha256').update(entropyBuffer).digest()

  // Calculated constants from BIP39
  var ENT = entropyBuffer.length * 8
  var CS = ENT / 32

  return bytesToBinary([].slice.call(hash)).slice(0, CS)
}

function salt(password) {
  return encode_utf8('mnemonic' + (password || ''))
}

function encode_utf8(s) {
  return unescape(encodeURIComponent(s))
}

//=========== helper methods from bitcoinjs-lib ========

function bytesToBinary(bytes) {
  return bytes.map(function(x) {
    return lpad(x.toString(2), '0', 8)
  }).join('');
}

function lpad(str, padString, length) {
  while (str.length < length) str = padString + str;
  return str;
}

module.exports = BIP39