use std::fmt::Debug;

use rsa::{
    pkcs1::DecodeRsaPrivateKey,
    pss::SigningKey,
    sha2::Sha256,
    signature::{RandomizedSigner, SignatureEncoding},
    RsaPrivateKey,
};
use serde::{Deserialize, Serialize};
use serde_json::Value;

use crate::{
    instance::Instance,
    message::GiteratedMessage,
    object::{AnyObject, GiteratedObject},
    operation::{AnyOperation, GiteratedOperation},
    user::User,
};

#[derive(Debug, Serialize, Deserialize)]
pub struct UserTokenMetadata {
    pub user: User,
    pub generated_for: Instance,
    pub exp: u64,
}

#[derive(Debug)]
pub struct Authenticated<O: GiteratedObject, D: GiteratedOperation<O>> {
    pub source: Vec<Box<dyn AuthenticationSourceProvider + Send + Sync>>,
    pub message: GiteratedMessage<O, D>,
}

#[derive(Debug, Clone, Hash, PartialEq, Eq, Serialize, Deserialize)]
pub struct AuthenticatedPayload {
    pub source: Vec<AuthenticationSource>,
    pub object: String,
    pub operation: String,
    pub payload: Vec<u8>,
}

impl AuthenticatedPayload {
    pub fn into_message(self) -> GiteratedMessage<AnyObject, AnyOperation> {
        let payload = serde_json::from_slice::<Value>(&self.payload).unwrap();
        GiteratedMessage {
            object: AnyObject(self.object),
            operation: self.operation,
            payload: AnyOperation(payload),
        }
    }
}

pub trait AuthenticationSourceProvider: Debug {
    fn authenticate(&self, payload: &Vec<u8>) -> AuthenticationSource;
}

pub trait AuthenticationSourceProviders: Debug {
    fn authenticate_all(&self, payload: &Vec<u8>) -> Vec<AuthenticationSource>;
}

impl<A> AuthenticationSourceProviders for A
where
    A: AuthenticationSourceProvider,
{
    fn authenticate_all(&self, payload: &Vec<u8>) -> Vec<AuthenticationSource> {
        vec![self.authenticate(payload)]
    }
}

impl<A, B> AuthenticationSourceProviders for (A, B)
where
    A: AuthenticationSourceProvider,
    B: AuthenticationSourceProvider,
{
    fn authenticate_all(&self, payload: &Vec<u8>) -> Vec<AuthenticationSource> {
        let (first, second) = self;

        vec![first.authenticate(payload), second.authenticate(payload)]
    }
}

impl<O: GiteratedObject, D: GiteratedOperation<O>> Authenticated<O, D> {
    pub fn new(message: GiteratedMessage<O, D>) -> Self {
        Self {
            source: vec![],
            message,
        }
    }

    pub fn append_authentication<P: AuthenticationSourceProvider + 'static + Send + Sync>(
        &mut self,
        authentication: P,
    ) {
        self.source
            .push(Box::new(authentication) as Box<dyn AuthenticationSourceProvider + Send + Sync>);
    }

    pub fn into_payload(mut self) -> AuthenticatedPayload {
        let payload = serde_json::to_vec(&self.message.payload).unwrap();

        AuthenticatedPayload {
            object: self.message.object.to_string(),
            operation: self.message.operation,
            source: self
                .source
                .drain(..)
                .map(|provider| provider.as_ref().authenticate(&payload))
                .collect::<Vec<_>>(),
            payload,
        }
    }
}

mod verified {}

#[derive(Clone, Debug)]
pub struct UserAuthenticator {
    pub user: User,
    pub token: UserAuthenticationToken,
}

impl AuthenticationSourceProvider for UserAuthenticator {
    fn authenticate(&self, _payload: &Vec<u8>) -> AuthenticationSource {
        AuthenticationSource::User {
            user: self.user.clone(),
            token: self.token.clone(),
        }
    }
}

#[derive(Debug, Clone)]
pub struct InstanceAuthenticator {
    pub instance: Instance,
    pub private_key: String,
}

impl AuthenticationSourceProvider for InstanceAuthenticator {
    fn authenticate(&self, payload: &Vec<u8>) -> AuthenticationSource {
        let mut rng = rand::thread_rng();

        let private_key = RsaPrivateKey::from_pkcs1_pem(&self.private_key).unwrap();
        let signing_key = SigningKey::<Sha256>::new(private_key);
        let signature = signing_key.sign_with_rng(&mut rng, payload);

        AuthenticationSource::Instance {
            instance: self.instance.clone(),
            // TODO: Actually parse signature from private key
            signature: InstanceSignature(signature.to_bytes().into_vec()),
        }
    }
}

#[repr(transparent)]
#[derive(Clone, Debug, Hash, PartialEq, Eq, Serialize, Deserialize)]
pub struct UserAuthenticationToken(String);

impl From<String> for UserAuthenticationToken {
    fn from(value: String) -> Self {
        Self(value)
    }
}

impl ToString for UserAuthenticationToken {
    fn to_string(&self) -> String {
        self.0.clone()
    }
}

impl AsRef<str> for UserAuthenticationToken {
    fn as_ref(&self) -> &str {
        &self.0
    }
}

#[derive(Clone, Debug, Hash, PartialEq, Eq, Serialize, Deserialize)]
pub struct InstanceSignature(Vec<u8>);

impl AsRef<[u8]> for InstanceSignature {
    fn as_ref(&self) -> &[u8] {
        &self.0
    }
}

#[derive(Clone, Debug, Hash, PartialEq, Eq, Serialize, Deserialize)]
pub enum AuthenticationSource {
    User {
        user: User,
        token: UserAuthenticationToken,
    },
    Instance {
        instance: Instance,
        signature: InstanceSignature,
    },
}