using IdentityShroud.Core.Contracts;
using IdentityShroud.Core.Messages;
using IdentityShroud.Core.Model;
using IdentityShroud.Core.Security.Keys;

namespace IdentityShroud.Core.Services;

public class KeyService(
    IEncryptionService cryptor,
    IKeyProviderFactory keyProviderFactory,
    IClock clock) : IKeyService
{
    public RealmKey CreateKey(KeyPolicy policy)
    {
        IKeyProvider provider = keyProviderFactory.CreateProvider(policy.KeyType);
        var plainKey = provider.CreateKey(policy);

        return CreateKey(policy.KeyType, plainKey);
    }

    public JsonWebKey? CreateJsonWebKey(RealmKey realmKey)
    {
        JsonWebKey jwk = new()
        {
            KeyId = realmKey.Id.ToString(),
            KeyType = realmKey.KeyType,
            Use = "sig",
        };
        
        IKeyProvider provider = keyProviderFactory.CreateProvider(realmKey.KeyType);
        provider.SetJwkParameters(
            cryptor.Decrypt(realmKey.Key),
            jwk);

        return jwk;
    }

    private RealmKey CreateKey(string keyType, byte[] plainKey) =>
        new RealmKey()
            {
                Id = Guid.NewGuid(),
                KeyType = keyType,
                Key = cryptor.Encrypt(plainKey),
                CreatedAt = clock.UtcNow(),
            };
}