using System.Security.Cryptography;
using IdentityShroud.Core.Contracts;

namespace IdentityShroud.Core.Services;

/// <summary>
/// 
/// </summary>
public class EncryptionService : IEncryptionService
{
    private record struct AlgVersion(int NonceSize, int TagSize);

    private AlgVersion[] _versions = 
    [
        new(0, 0), // version 0 does not realy exist
        new (12, 16), // version 1
    ];
    
    // Note this array is expected to have one item in it most of the during key rotation it will have two
    // until it is ensured the old key can safely be removed. More then two will work but is not really expected.
    private readonly EncryptionKey[] _encryptionKeys;

    private EncryptionKey ActiveKey => _encryptionKeys.Single(k => k.Active);
    private EncryptionKey GetKey(string keyId) => _encryptionKeys.Single(k => k.Id == keyId);

    public EncryptionService(ISecretProvider secretProvider)
    {
        _encryptionKeys = secretProvider.GetKeys("master");
        // if (_encryptionKey.Length != 32) // 256‑bit key
        //     throw new Exception("Key must be 256 bits (32 bytes) for AES‑256‑GCM.");
    }

    public EncryptedValue Encrypt(ReadOnlyMemory<byte> plaintext)
    {
        const int versionNumber = 1; 
        AlgVersion versionParams = _versions[versionNumber];

        int resultSize = 1 + versionParams.NonceSize + versionParams.TagSize + plaintext.Length;
        // allocate buffer for complete response 
        var result = new byte[resultSize];
        
        result[0] = (byte)versionNumber;

        // make the spans that point to the parts of the result where their data is located
        var nonce = result.AsSpan(1, versionParams.NonceSize); 
        var tag = result.AsSpan(1 + versionParams.NonceSize, versionParams.TagSize);
        var cipher = result.AsSpan(1 + versionParams.NonceSize + versionParams.TagSize);

        // use the spans to place the data directly in its place
        RandomNumberGenerator.Fill(nonce);
        var encryptionKey = ActiveKey;
        using var aes = new AesGcm(encryptionKey.Key, versionParams.TagSize);
        aes.Encrypt(nonce, plaintext.Span, cipher, tag);

        return new (encryptionKey.Id, result);
    }

    public byte[] Decrypt(EncryptedValue input)
    {
        var encryptionKey = GetKey(input.KeyId);
        
        var payload = input.Value.AsSpan();
        int versionNumber = (int)payload[0];
        if (versionNumber != 1)
            throw new ArgumentException("Invalid payload");
        
        AlgVersion versionParams = _versions[versionNumber];
        
        
        if (payload.Length < 1 + versionParams.NonceSize + versionParams.TagSize)
            throw new ArgumentException("Payload is too short to contain nonce, ciphertext, and tag.", nameof(payload));

        ReadOnlySpan<byte> nonce = payload.Slice(1, versionParams.NonceSize);
        ReadOnlySpan<byte> tag = payload.Slice(1 + versionParams.NonceSize, versionParams.TagSize);
        ReadOnlySpan<byte> cipher = payload.Slice(1 + versionParams.NonceSize + versionParams.TagSize);

        byte[] plaintext = new byte[cipher.Length];

        using var aes = new AesGcm(encryptionKey.Key, versionParams.TagSize);
        try
        {
            aes.Decrypt(nonce, cipher, tag, plaintext);
        }
        catch (CryptographicException ex)
        {
            // Tag verification failed → tampering or wrong key/nonce.
            throw new InvalidOperationException("Decryption failed – authentication tag mismatch.", ex);
        }

        return plaintext;
    }
}