using Dalion.HttpMessageSigning;
using Dalion.HttpMessageSigning.Signing;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Tokens;
using Newtonsoft.Json;
using System;
using System.Net.Http;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using WVG.Utilities.Async;

namespace WVG.Utilities.Utils
{
    public static class WebUtils
    {
        private static string WrapCertificateInJWK(X509Certificate2 certificate, string keyName)
        {
            var x509SigningKey = new X509SigningCredentials(certificate);
            var x509Key = new X509SecurityKey(certificate);
            var cert64 = Convert.ToBase64String(x509Key.Certificate.RawData);

            var pubKey = x509Key.PublicKey as RSA;

            var parameters = pubKey.ExportParameters(false);
            var exponent = Convert.ToBase64String(parameters.Exponent);
            var modulus = Convert.ToBase64String(parameters.Modulus);
            var webKey = new JsonWebKey
            {
                Kty = "RSA",
                Use = "sig",
                Kid = keyName,
                X5t = x509Key.Certificate.Thumbprint,
                E = exponent,
                N = modulus,
                Alg = x509SigningKey.Algorithm
            };
            webKey.X5c.Add(cert64);
            return JsonConvert.SerializeObject(webKey, new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore });
        }

        public static void SignRequest(HttpRequestMessage request, X509Certificate2 certificate, string keyName)
        {
            var jsonWebKey = WrapCertificateInJWK(certificate, keyName);
            request.Headers.Add("Signature-public-key", jsonWebKey);
            using (var signatureAlgorithm = SignatureAlgorithm.CreateForSigning(certificate, HashAlgorithmName.SHA512))
            {
                var services = new ServiceCollection().AddHttpMessageSigning().Services;
                using (var provider = services.BuildServiceProvider())
                {
                    using (var signerFactory = provider.GetRequiredService<IRequestSignerFactory>())
                    {
                        using (var requestSigner = signerFactory.Create(keyName, new SigningSettings
                        {
                            SignatureAlgorithm = signatureAlgorithm,
                            DigestHashAlgorithm = HashAlgorithmName.SHA512,
                            EnableNonce = false,
                            Headers = new[]
                            {
                                (HeaderName) "Signature-public-key"
                            },
                            UseDeprecatedAlgorithmParameter = true
                        }))
                        {
                            AsyncHelpers.RunSync(() => requestSigner.Sign(request));
                        }
                    }
                }
                request.Headers.Add("Signature", request.Headers.Authorization.Parameter);
            }
        }

    }
}