/**
 * Encoding helpers shared by the setup, request, and guardian modules.
 * Kept as a tiny standalone module so individual flows don't carry
 * private base64 helpers; consistent encoding across send/receive
 * sides.
 */

/** Base64url (no padding) — used for both `recoveryKey → passphrase` and arbitrary share bytes. */
export function bytesToBase64Url(bytes: Uint8Array): string {
  let bin = '';
  for (let i = 0; i < bytes.length; i++) bin += String.fromCharCode(bytes[i]!);
  return btoa(bin).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
}

export function base64UrlToBytes(s: string): Uint8Array {
  const padded = s.replace(/-/g, '+').replace(/_/g, '/');
  const padding = padded.length % 4 === 0 ? 0 : 4 - (padded.length % 4);
  const bin = atob(padded + '='.repeat(padding));
  const out = new Uint8Array(bin.length);
  for (let i = 0; i < bin.length; i++) out[i] = bin.charCodeAt(i);
  return out;
}

/**
 * Convert a `recoveryKey` (32 random bytes) to the passphrase that
 * `Shade.exportBackup` / `Shade.importBackup` expect. We use base64url
 * because:
 *  - it's a string, satisfying the export/import API,
 *  - 32 bytes encodes to 43 characters, comfortably above the 12-char
 *    minimum the exportBackup helper enforces,
 *  - the encoding is deterministic so split + reconstruct + decode
 *    yields the identical passphrase the original device used.
 *
 * The HKDF inside `exportBackup` is a deterministic KDF that's
 * cryptographically appropriate for a 32-byte uniformly-random IKM
 * (this is exactly the standard HKDF use case). The fact that the
 * passphrase API was designed for human-typed passwords does not
 * weaken the construction here.
 */
export function recoveryKeyToBackupPassphrase(key: Uint8Array): string {
  if (key.length !== 32) {
    throw new Error(`recoveryKey must be 32 bytes (got ${key.length})`);
  }
  return `shade-rk:${bytesToBase64Url(key)}`;
}