/*
 *  Copyright 2022 Anyware Services
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package org.ametys.core.util;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.time.ZonedDateTime;
import java.util.Base64;

import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;

import org.apache.avalon.framework.component.Component;
import org.apache.avalon.framework.configuration.Configurable;
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.commons.codec.digest.Sha2Crypt;
import org.apache.commons.lang3.StringUtils;

import org.ametys.runtime.plugin.component.AbstractLogEnabled;
import org.ametys.runtime.util.AmetysHomeHelper;

/**
 *  Helper to encrypt/decrypt some text
 */
public class CryptoHelper extends AbstractLogEnabled implements Component, Configurable
{
    private static final String CIPHER_ALGORITHM = "AES";
    private static final String KEY_ALGORITHM = "AES";
    private static final String PASS_HASH_ALGORITHM = "SHA-256";

    private String _cryptoKey;
    
    private String _filename;
    
    public void configure(Configuration configuration) throws ConfigurationException
    {
        _filename = configuration.getChild("filename").getValue();
    }
    
    /**
     * Decrypt a string (base64) using the selected key
     * @param encryptedValue the encrypted value
     * @param key The key used to decrypt value
     * @return the decrypted String
     * @throws WrongKeyException If the key is not the right one
     */
    public String decrypt(String encryptedValue, String key) throws WrongKeyException
    {
        if (encryptedValue == null)
        {
            return null;
        }
        
        Cipher cipher;
        try
        {
            cipher = _buildCipher(key, Cipher.DECRYPT_MODE);
        }
        catch (Exception e)
        {
            throw new RuntimeException(e);
        }
        
        byte[] encryptedData = Base64.getDecoder().decode(encryptedValue);
        byte[] data;
        
        try
        {
            data = cipher.doFinal(encryptedData);
        }
        catch (Exception e)
        {
            throw new WrongKeyException(e);
        }
        
        return new String(data, StandardCharsets.UTF_8);
    }

    /**
     * Decrypt a string (base64) using the generated key
     * @param encryptedValue the encrypted value
     * @return the decrypted String
     */
    public String decrypt(String encryptedValue)
    {
        String key = getCryptoKey();
        return decrypt(encryptedValue, key);
    }

    /**
     * Encrypt (base64) a string using the selected key
     * @param data input data
     * @param key the key used to encrypt
     * @return the base64 value of the encrypted data
     */
    public String encrypt(String data, String key)
    {
        if (data == null)
        {
            return null;
        }
        try
        {
            Cipher cipher = _buildCipher(key, Cipher.ENCRYPT_MODE);
            byte[] dataToSend = data.getBytes(StandardCharsets.UTF_8);
            byte[] encryptedData = cipher.doFinal(dataToSend);
            return Base64.getEncoder().encodeToString(encryptedData);

        }
        catch (Exception e)
        {
            throw new RuntimeException(e);
        }
    }

    /**
     * Encrypt (base64) a string using the generated key
     * @param data input data
     * @return the base64 value of the encrypted data
     */
    public String encrypt(String data)
    {
        String key = getCryptoKey();
        return encrypt(data, key);
    }

    /**
     * Get the generated crypto key
     * @return the generated crypto key
     */
    public String getCryptoKey()
    {
        if (_cryptoKey == null)
        {
            File cryptoFile = new File(AmetysHomeHelper.getAmetysHomeConfig(), _filename);
            if (cryptoFile.exists())
            {
                if (cryptoFile.canRead())
                {
                    try (BufferedReader reader = new BufferedReader(new FileReader(cryptoFile)))
                    {
                        String line = reader.readLine();
                        if (!StringUtils.isEmpty(line))
                        {
                            _cryptoKey = line.trim();
                        }
                        else
                        {
                            _cryptoKey = _writeKeyInFile(cryptoFile);
                        }
                    }
                    catch (IOException e)
                    {
                        getLogger().error("Unable to read the crypto key from file {}", cryptoFile.getAbsolutePath(), e);
                    }
                }
                else
                {
                    getLogger().error("Unable to read the crypto key from file {}", cryptoFile.getAbsolutePath());
                }
            }
            else
            {
                try
                {
                    _cryptoKey = _writeKeyInFile(cryptoFile);
                }
                catch (IOException e)
                {
                    getLogger().error("Unable to write the crypto key in file {}", cryptoFile.getAbsolutePath(), e);
                }
            }
        }
        return _cryptoKey;
    }

    /**
     * Will create a new random key based on a sha256 hash of the current time, and write it to a file
     * @param file file where to write
     * @return the generated password
     * @throws IOException if something went wrong when writting the file
     */
    private String _writeKeyInFile(File file) throws IOException
    {
        try (FileWriter fw = new FileWriter(file))
        {
            String basePassword = ZonedDateTime.now().toString();
            String key = Sha2Crypt.sha256Crypt(basePassword.getBytes());
            fw.write(key);
            return key;
        }
    }

    private Cipher _buildCipher(String password, int mode) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException
    {
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
        Key key = _buildKey(password);
        cipher.init(mode, key);
        return cipher;
    }

    private Key _buildKey(String password) throws NoSuchAlgorithmException
    {
        MessageDigest digester = MessageDigest.getInstance(PASS_HASH_ALGORITHM);
        digester.update(String.valueOf(password).getBytes(StandardCharsets.UTF_8));
        byte[] key = digester.digest();
        return new SecretKeySpec(key, KEY_ALGORITHM);
    }

    /**
     * Exception when the decrypt key has not worked
     */
    public static class WrongKeyException extends RuntimeException
    {
        WrongKeyException(Exception e)
        {
            super(e);
        }
    }
}