using IdentityShroud.Core.Contracts;
using IdentityShroud.Core.Messages;
using IdentityShroud.Core.Model;
using IdentityShroud.Core.Security.Keys;

namespace IdentityShroud.Core.Services;

public class KeyService(
    IEncryptionService cryptor,
    IKeyProviderFactory keyProviderFactory,
    IClock clock) : IKeyService
{
    public RealmKey CreateKey(KeyPolicy policy)
    {
        IKeyProvider provider = keyProviderFactory.CreateProvider(policy.KeyType);
        var plainKey = provider.CreateKey(policy);

        return CreateKey(policy.KeyType, plainKey);
    }

    public JsonWebKey? CreateJsonWebKey(RealmKey realmKey)
    {
        JsonWebKey jwk = new()
        {
            KeyId = realmKey.Id.ToString(),
            KeyType = realmKey.KeyType,
            Use = "sig",
        };
        
        IKeyProvider provider = keyProviderFactory.CreateProvider(realmKey.KeyType);
        provider.SetJwkParameters(
            cryptor.Decrypt(realmKey.KeyDataEncrypted),
            jwk);

        return jwk;
    }

    private RealmKey CreateKey(string keyType, byte[] plainKey) =>
        new RealmKey(
            Guid.NewGuid(),
            keyType,
            cryptor.Encrypt(plainKey),
            clock.UtcNow());

    // public byte[] GetPrivateKey(IEncryptionService encryptionService)
    // {
    //     if (_privateKeyDecrypted.Length == 0 && PrivateKeyEncrypted.Length > 0)
    //         _privateKeyDecrypted = encryptionService.Decrypt(PrivateKeyEncrypted);
    //     return _privateKeyDecrypted;
    // }
}