use crate::cmd_decrypt::try_decrypt_key;
use crate::config::TinyEncryptConfig;
use crate::consts::TINY_ENC_CONFIG_FILE;
use crate::spec::TinyEncryptEnvelop;
use crate::{cmd_encrypt, crypto_cryptor, util, util_env};
use base64::engine::general_purpose::{STANDARD, URL_SAFE_NO_PAD};
use base64::Engine;
use clap::Args;
use rust_util::{debugging, opt_result, simple_error, XResult};
use serde::Serialize;
use std::process::exit;

// Reference: https://git.hatter.ink/hatter/tiny-encrypt-rs/issues/3
const SIMPLE_ENCRYPTION_HEADER: &str = "tinyencrypt-dir";
const SIMPLE_ENCRYPTION_DOT: &str = ".";

#[derive(Debug, Args)]
pub struct CmdSimpleEncrypt {
    /// Encryption profile (use default when --key-filter is assigned)
    #[arg(long, short = 'p')]
    pub profile: Option<String>,

    /// Encryption key filter (key_id or type:TYPE(e.g. ecdh, pgp, ecdh-p384, pgp-ed25519), multiple joined by ',', ALL for all)
    #[arg(long, short = 'k')]
    pub key_filter: Option<String>,

    /// Encrypt value from stdin
    #[arg(long)]
    pub value_stdin: bool,

    /// Encrypt value
    #[arg(long, short = 'v')]
    pub value: Option<String>,

    /// Encrypt value in bse64
    #[arg(long)]
    pub value_base64: Option<String>,

    /// Encrypt value in hex
    #[arg(long)]
    pub value_hex: Option<String>,
}

#[derive(Debug, Args)]
pub struct CmdSimpleDecrypt {
    /// PGP or PIV PIN
    #[arg(long, short = 'p')]
    pub pin: Option<String>,

    /// Decrypt key ID
    #[arg(long, short = 'k')]
    pub key_id: Option<String>,

    /// PIV slot
    #[arg(long, short = 's')]
    pub slot: Option<String>,

    /// Decrypt value from stdin
    #[arg(long)]
    pub value_stdin: bool,

    /// Decrypt value
    #[arg(long, short = 'v')]
    pub value: Option<String>,

    /// Decrypt result output type (plain, hex, bse64)
    #[arg(long, short = 'o')]
    pub output_type: Option<String>,
}

impl CmdSimpleEncrypt {
    pub fn get_value(&self) -> XResult<Option<Vec<u8>>> {
        if self.value_stdin {
            return Ok(Some(util::read_stdin()?));
        }
        if let Some(value) = &self.value {
            return Ok(Some(value.as_bytes().to_vec()));
        }
        if let Some(value_base64) = &self.value_base64 {
            return Ok(Some(opt_result!(STANDARD.decode(value_base64), "Parse value base64 failed: {}")));
        }
        if let Some(value_hex) = &self.value_hex {
            return Ok(Some(opt_result!(hex::decode(value_hex), "Parse value hex failed: {}")));
        }
        Ok(None)
    }
}

impl CmdSimpleDecrypt {
    pub fn get_value(&self) -> XResult<Option<String>> {
        if self.value_stdin {
            return Ok(Some(opt_result!(String::from_utf8(util::read_stdin()?), "Read stdin value failed: {}")));
        }
        Ok(self.value.clone())
    }
}

#[derive(Serialize)]
pub struct CmdResult {
    pub code: i32,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub message: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub result: Option<String>,
}

impl CmdResult {
    pub fn fail(code: i32, message: &str) -> Self {
        Self {
            code,
            message: Some(message.to_string()),
            result: None,
        }
    }

    pub fn success(result: &str) -> Self {
        Self {
            code: 0,
            message: None,
            result: Some(result.to_string()),
        }
    }

    pub fn print_exit(&self) -> ! {
        let result = serde_json::to_string_pretty(self).unwrap();
        println!("{}", result);
        exit(self.code)
    }
}

pub fn simple_encrypt(cmd_simple_encrypt: CmdSimpleEncrypt) -> XResult<()> {
    if let Err(inner_result_error) = inner_simple_encrypt(cmd_simple_encrypt) {
        CmdResult::fail(-1, &format!("{}", inner_result_error)).print_exit();
    }
    Ok(())
}

pub fn simple_decrypt(cmd_simple_decrypt: CmdSimpleDecrypt) -> XResult<()> {
    if let Err(inner_result_error) = inner_simple_decrypt(cmd_simple_decrypt) {
        CmdResult::fail(-1, &format!("{}", inner_result_error)).print_exit();
    }
    Ok(())
}

pub fn inner_simple_encrypt(cmd_simple_encrypt: CmdSimpleEncrypt) -> XResult<()> {
    let config = TinyEncryptConfig::load(TINY_ENC_CONFIG_FILE)?;
    debugging!("Found tiny encrypt config: {:?}", config);
    let envelops = config.find_envelops(&cmd_simple_encrypt.profile, &cmd_simple_encrypt.key_filter)?;
    if envelops.is_empty() { return simple_error!("Cannot find any valid envelops"); }
    debugging!("Found envelops: {:?}", envelops);
    let envelop_tkids: Vec<_> = envelops.iter()
        .map(|e| format!("{}:{}", e.r#type.get_name(), e.kid))
        .collect();
    debugging!("Matched {} envelop(s): \n- {}", envelops.len(), envelop_tkids.join("\n- "));

    if envelop_tkids.is_empty() {
        return simple_error!("no matched envelops found");
    }

    let value = match cmd_simple_encrypt.get_value()? {
        None => return simple_error!("--value-stdin/value/value-base64/value-hex must assign one"),
        Some(value) => value,
    };

    let cryptor = crypto_cryptor::get_cryptor_by_encryption_algorithm(&None)?;
    let envelops = cmd_encrypt::encrypt_envelops(cryptor, &value, &envelops)?;

    let envelops_json = serde_json::to_string(&envelops)?;
    let simple_encrypt_result = format!("{}.{}",
                                        SIMPLE_ENCRYPTION_HEADER,
                                        URL_SAFE_NO_PAD.encode(envelops_json.as_bytes())
    );

    CmdResult::success(&simple_encrypt_result).print_exit();
}

pub fn inner_simple_decrypt(cmd_simple_decrypt: CmdSimpleDecrypt) -> XResult<()> {
    let config = TinyEncryptConfig::load(TINY_ENC_CONFIG_FILE).ok();

    let pin = cmd_simple_decrypt.pin.clone().or_else(util_env::get_pin);
    let slot = cmd_simple_decrypt.slot.clone();

    let output_type = cmd_simple_decrypt.output_type.as_deref().unwrap_or("plain");
    match output_type {
        "plain" | "hex" | "base64" => (),
        _ => return simple_error!("not supported output type: {}", output_type),
    };

    let value = match cmd_simple_decrypt.get_value()? {
        None => return simple_error!("--value-stdin/value must assign one"),
        Some(value) => value,
    };
    let value_parts = value.trim().split(SIMPLE_ENCRYPTION_DOT).collect::<Vec<_>>();
    if value_parts.len() != 2 {
        return simple_error!("bad value format: {}", value);
    }
    if value_parts[0] != SIMPLE_ENCRYPTION_HEADER {
        return simple_error!("bad value format: {}", value);
    }
    let envelopes_json = opt_result!(URL_SAFE_NO_PAD.decode(&value_parts[1]), "bad value format: {}");
    let envelops: Vec<TinyEncryptEnvelop> = match serde_json::from_slice(&envelopes_json) {
        Err(_) => return simple_error!("bad value format: {}", value),
        Ok(value) => value,
    };

    let filter_envelops = envelops.iter().filter(|e| {
        match &cmd_simple_decrypt.key_id {
            None => true,
            Some(key_id) => &e.kid == key_id,
        }
    }).collect::<Vec<_>>();
    if filter_envelops.is_empty() {
        return simple_error!("no envelops found: {:?}", cmd_simple_decrypt.key_id);
    }
    if filter_envelops.len() > 1 {
        return simple_error!("too many envelops: {:?}, len: {}", cmd_simple_decrypt.key_id, filter_envelops.len());
    }
    let value = try_decrypt_key(&config, filter_envelops[0], &pin, &slot, false)?;
    let value = match output_type {
        "plain" => opt_result!(String::from_utf8(value), "bad value encoding: {}"),
        "hex" => hex::encode(&value),
        "base64" => STANDARD.encode(&value),
        _ => return simple_error!("not supported output type: {}", output_type),
    };
    CmdResult::success(&value).print_exit();
}