package layer

import (
	"crypto/rand"
	"crypto/rsa"

	"github.com/klauspost/compress/zstd"
	"github.com/nspcc-dev/neofs-api-go/service"
	"github.com/pkg/errors"
)

type KeyPair struct {
	PrivateKey *rsa.PrivateKey
	PublicKey  *rsa.PublicKey
}

type AuthCenter struct {
	gatewayKeys KeyPair
}

func NewAuthCenter() (*AuthCenter, error) {
	var kp KeyPair
	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		return nil, err
	}
	kp.PrivateKey = privateKey
	kp.PublicKey = &privateKey.PublicKey
	ac := &AuthCenter{
		gatewayKeys: kp,
	}
	return ac, nil
}

func (ac *AuthCenter) PackBearerToken(bt service.BearerToken) ([]byte, error) {
	// TODO
	panic("unimplemented method")
}

func (ac *AuthCenter) UnpackBearerToken(packedCredentials []byte) (service.BearerToken, error) {
	zstdDecoder, _ := zstd.NewReader(nil)
	// secretHash := packedCredentials[:32]
	_ = packedCredentials[:32]
	compressedKeyID := packedCredentials[32:]
	// Get an encrypted key.
	var encryptedKeyID []byte
	if _, err := zstdDecoder.DecodeAll(compressedKeyID, encryptedKeyID); err != nil {
		return nil, errors.Wrap(err, "failed to decompress key ID")
	}
	// TODO: Decrypt the key ID.
	var keyID []byte
	bearerToken := new(service.BearerTokenMsg)
	if err := bearerToken.Unmarshal(keyID); err != nil {
		return nil, errors.Wrap(err, "failed to unmarshal embedded bearer token")
	}
	return bearerToken, nil
}