using System.Security.Cryptography;
using System.Text;
using Microsoft.AspNetCore.WebUtilities;

namespace IdentityShroud.Core;

public static class JwtSignatureGenerator
{
    /// <summary>
    /// Generates a JWT signature using RS256 algorithm
    /// </summary>
    /// <param name="headerBase64Url">Base64Url encoded header</param>
    /// <param name="payloadBase64Url">Base64Url encoded payload</param>
    /// <param name="privateKey">RSA private key (PEM format or RSA parameters)</param>
    /// <returns>Base64Url encoded signature</returns>
    public static string GenerateRS256Signature(string headerBase64Url, string payloadBase64Url, RSA privateKey)
    {
        // Combine header and payload with a period
        string dataToSign = $"{headerBase64Url}.{payloadBase64Url}";

        // Convert to bytes
        byte[] dataBytes = Encoding.UTF8.GetBytes(dataToSign);

        // Sign the data using RSA-SHA256
        byte[] signatureBytes = privateKey.SignData(dataBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);

        // Convert signature to Base64Url encoding
        string signature = WebEncoders.Base64UrlEncode(signatureBytes);

        return signature;
    }
    
    public static string GenerateCompleteJwt(string headerBase64Url, string payloadBase64Url, RSA privateKey)
    {
        string signature = GenerateRS256Signature(headerBase64Url, payloadBase64Url, privateKey);
        return $"{headerBase64Url}.{payloadBase64Url}.{signature}";
    }    
}