use std::collections::BTreeMap;
use std::str::FromStr;

use clap::{App, Arg, ArgMatches, SubCommand};
use rust_util::util_clap::{Command, CommandError};
use rust_util::util_msg;
use x509_parser::nom::AsBytes;
use yubikey::YubiKey;
use yubikey::piv::{AlgorithmId, RetiredSlotId, sign_data, SlotId};
use crate::digest::sha256;

pub struct CommandImpl;

impl Command for CommandImpl {
    fn name(&self) -> &str { "piv-ecsign" }

    fn subcommand<'a>(&self) -> App<'a, 'a> {
        SubCommand::with_name(self.name()).about("PIV EC Sign subcommand")
            .arg(Arg::with_name("pin").short("p").long("pin").takes_value(true).help("PIV card user pin"))
            .arg(Arg::with_name("slot").short("s").long("slot").takes_value(true).help("PIV slot, e.g. 82, 83 ..."))
            .arg(Arg::with_name("hash-hex").short("x").long("hash-hex").takes_value(true).help("Hash"))
            .arg(Arg::with_name("input").short("i").long("input").takes_value(true).help("Input"))
            .arg(Arg::with_name("json").long("json").help("JSON output"))
    }

    fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError {
        let json_output = sub_arg_matches.is_present("json");
        if json_output { util_msg::set_logger_std_out(false); }

        let mut json = BTreeMap::<&'_ str, String>::new();

        let pin_opt = sub_arg_matches.value_of("pin");

        let slot = opt_value_result!(sub_arg_matches.value_of("slot"), "--slot must assigned, e.g. 82, 83 ...");
        let hash_hex = if let Some(input) = sub_arg_matches.value_of("input") {
            hex::encode(sha256(input))
        } else {
            opt_value_result!(sub_arg_matches.value_of("hash-hex"), "--hash-hex must assigned").to_string()
        };

        let mut yk = opt_result!(YubiKey::open(), "YubiKey not found: {}");
        let retired_slot_id = opt_result!(RetiredSlotId::from_str(slot), "Slot not found: {}");
        debugging!("Slot id: {}", retired_slot_id);
        let slot_id = SlotId::Retired(retired_slot_id);

        if let Some(pin) = pin_opt {
            opt_result!(yk.verify_pin(pin.as_bytes()), "YubiKey verify pin failed: {}");
        }

        let hash_bytes = opt_result!(hex::decode(&hash_hex), "Parse epk failed: {}");

        let signed_data = opt_result!(sign_data(&mut yk, &hash_bytes, AlgorithmId::EccP256, slot_id), "Sign piv failed: {}");

        if json_output {
            json.insert("slot", slot.to_string());
            json.insert("hash_hex", hex::encode(&hash_bytes));
            json.insert("signed_data_hex", hex::encode(&signed_data.as_bytes()));
            json.insert("signed_data_base64", base64::encode(&signed_data.as_bytes()));
        } else {
            information!("Slot: {}", slot);
            information!("Hash hex: {}", hex::encode(&hash_bytes));
            information!("Signed data base64: {}", base64::encode(&signed_data.as_bytes()));
            information!("Signed data hex: {}", hex::encode(&signed_data.as_bytes()));
        }

        if json_output {
            println!("{}", serde_json::to_string_pretty(&json).unwrap());
        }
        Ok(None)
    }
}