package eacl

import (
	"bytes"
	"crypto/sha256"

	v2acl "github.com/nspcc-dev/neofs-api-go/v2/acl"
	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
	"github.com/nspcc-dev/neofs-sdk-go/session"
	"github.com/nspcc-dev/neofs-sdk-go/signature"
	"github.com/nspcc-dev/neofs-sdk-go/version"
)

// Table is a group of ContainerEACL records for single container.
//
// Table is compatible with v2 acl.EACLTable message.
type Table struct {
	version version.Version
	cid     *cid.ID
	token   *session.Token
	sig     *signature.Signature
	records []Record
}

// CID returns identifier of the container that should use given access control rules.
func (t Table) CID() *cid.ID {
	return t.cid
}

// SetCID sets identifier of the container that should use given access control rules.
func (t *Table) SetCID(cid *cid.ID) {
	t.cid = cid
}

// Version returns version of eACL format.
func (t Table) Version() version.Version {
	return t.version
}

// SetVersion sets version of eACL format.
func (t *Table) SetVersion(version version.Version) {
	t.version = version
}

// Records returns list of extended ACL rules.
func (t Table) Records() []Record {
	return t.records
}

// AddRecord adds single eACL rule.
func (t *Table) AddRecord(r *Record) {
	if r != nil {
		t.records = append(t.records, *r)
	}
}

// SessionToken returns token of the session
// within which Table was set.
func (t Table) SessionToken() *session.Token {
	return t.token
}

// SetSessionToken sets token of the session
// within which Table was set.
func (t *Table) SetSessionToken(tok *session.Token) {
	t.token = tok
}

// Signature returns Table signature.
func (t Table) Signature() *signature.Signature {
	return t.sig
}

// SetSignature sets Table signature.
func (t *Table) SetSignature(sig *signature.Signature) {
	t.sig = sig
}

// ToV2 converts Table to v2 acl.EACLTable message.
//
// Nil Table converts to nil.
func (t *Table) ToV2() *v2acl.Table {
	if t == nil {
		return nil
	}

	v2 := new(v2acl.Table)

	if t.cid != nil {
		v2.SetContainerID(t.cid.ToV2())
	}

	if t.records != nil {
		records := make([]v2acl.Record, len(t.records))
		for i := range t.records {
			records[i] = *t.records[i].ToV2()
		}

		v2.SetRecords(records)
	}

	v2.SetVersion(t.version.ToV2())

	return v2
}

// NewTable creates, initializes and returns blank Table instance.
//
// Defaults:
//  - version: version.Current();
//  - container ID: nil;
//  - records: nil;
//  - session token: nil;
//  - signature: nil.
func NewTable() *Table {
	t := new(Table)
	t.SetVersion(*version.Current())

	return t
}

// CreateTable creates, initializes with parameters and returns Table instance.
func CreateTable(cid cid.ID) *Table {
	t := NewTable()
	t.SetCID(&cid)

	return t
}

// NewTableFromV2 converts v2 acl.EACLTable message to Table.
func NewTableFromV2(table *v2acl.Table) *Table {
	t := new(Table)

	if table == nil {
		return t
	}

	// set version
	if v := table.GetVersion(); v != nil {
		ver := version.Version{}
		ver.SetMajor(v.GetMajor())
		ver.SetMinor(v.GetMinor())

		t.SetVersion(ver)
	}

	// set container id
	if id := table.GetContainerID(); id != nil {
		if t.cid == nil {
			t.cid = new(cid.ID)
		}

		var h [sha256.Size]byte

		copy(h[:], id.GetValue())
		t.cid.SetSHA256(h)
	}

	// set eacl records
	v2records := table.GetRecords()
	t.records = make([]Record, len(v2records))

	for i := range v2records {
		t.records[i] = *NewRecordFromV2(&v2records[i])
	}

	return t
}

// Marshal marshals Table into a protobuf binary form.
func (t *Table) Marshal() ([]byte, error) {
	return t.ToV2().StableMarshal(nil)
}

// Unmarshal unmarshals protobuf binary representation of Table.
func (t *Table) Unmarshal(data []byte) error {
	fV2 := new(v2acl.Table)
	if err := fV2.Unmarshal(data); err != nil {
		return err
	}

	*t = *NewTableFromV2(fV2)

	return nil
}

// MarshalJSON encodes Table to protobuf JSON format.
func (t *Table) MarshalJSON() ([]byte, error) {
	return t.ToV2().MarshalJSON()
}

// UnmarshalJSON decodes Table from protobuf JSON format.
func (t *Table) UnmarshalJSON(data []byte) error {
	tV2 := new(v2acl.Table)
	if err := tV2.UnmarshalJSON(data); err != nil {
		return err
	}

	*t = *NewTableFromV2(tV2)

	return nil
}

// EqualTo compares Table between each other.
func (t *Table) EqualTo(table *Table) bool {
	if t == nil || table == nil {
		return false
	}

	if !t.cid.Equal(table.cid) {
		return false
	}

	if len(t.records) != len(table.records) {
		return false
	}

	for i := 0; i < len(t.records); i++ {
		tRec, tableRec := t.records[i], table.records[i]
		if tRec.operation != tableRec.operation ||
			tRec.action != tableRec.action {
			return false
		}

		if len(tRec.filters) != len(tableRec.filters) ||
			len(tRec.targets) != len(tableRec.targets) {
			return false
		}

		for j := 0; j < len(tRec.filters); j++ {
			if tRec.filters[j].from != tableRec.filters[j].from ||
				tRec.filters[j].matcher != tableRec.filters[j].matcher ||
				tRec.filters[j].Value() != tableRec.filters[j].Value() ||
				tRec.filters[j].key.typ != tableRec.filters[j].key.typ ||
				tRec.filters[j].key.str != tableRec.filters[j].key.str {
				return false
			}
		}

		for j := 0; j < len(tRec.targets); j++ {
			if tRec.targets[j].role != tableRec.targets[j].role {
				return false
			}

			if len(tRec.targets[j].keys) != len(tableRec.targets[j].keys) {
				return false
			}

			tKeys, tableKeys := tRec.targets[j].keys, tableRec.targets[j].keys
			for k := 0; k < len(tKeys); k++ {
				if !bytes.Equal(tKeys[k], tableKeys[k]) {
					return false
				}
			}
		}
	}

	return true
}