using System.Threading;
using System.Threading.Tasks;
using StellaOps.Cryptography;

namespace StellaOps.Cryptography.Plugin.SmRemote;

internal sealed class SmRemoteSigner : ICryptoSigner
{
    private readonly SmRemoteHttpClient client;
    private readonly string remoteKeyId;

    public SmRemoteSigner(SmRemoteHttpClient client, string remoteKeyId, string algorithmId)
    {
        this.client = client ?? throw new ArgumentNullException(nameof(client));
        this.remoteKeyId = remoteKeyId ?? throw new ArgumentNullException(nameof(remoteKeyId));
        AlgorithmId = algorithmId ?? throw new ArgumentNullException(nameof(algorithmId));
    }

    public string KeyId => remoteKeyId;
    public string AlgorithmId { get; }

    public async ValueTask<byte[]> SignAsync(ReadOnlyMemory<byte> data, CancellationToken cancellationToken = default)
    {
        var signatureBase64 = await client.SignAsync(remoteKeyId, AlgorithmId, data.ToArray(), cancellationToken).ConfigureAwait(false);
        return Convert.FromBase64String(signatureBase64);
    }

    public async ValueTask<bool> VerifyAsync(ReadOnlyMemory<byte> data, ReadOnlyMemory<byte> signature, CancellationToken cancellationToken = default)
    {
        var sigBase64 = Convert.ToBase64String(signature.ToArray());
        return await client.VerifyAsync(remoteKeyId, AlgorithmId, data.ToArray(), sigBase64, cancellationToken).ConfigureAwait(false);
    }

    public Microsoft.IdentityModel.Tokens.JsonWebKey ExportPublicJsonWebKey()
        => new() { Kid = remoteKeyId, Alg = AlgorithmId, Kty = "EC" };
}