package com.rnbiometrics;

import android.util.Base64;

import androidx.annotation.NonNull;
import androidx.biometric.BiometricPrompt;

import com.facebook.react.bridge.Promise;
import com.facebook.react.bridge.WritableMap;
import com.facebook.react.bridge.WritableNativeMap;
import com.rnbiometrics.security.pkcs.PKCS10;
import com.rnbiometrics.security.x509.X500Name;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.Signature;
import java.security.PrivateKey;

public class CreateCsrCallback extends BiometricPrompt.AuthenticationCallback {
    private final Promise promise;
    private final String cn;
    private final String ou;
    private final String o;
    private final String l;
    private final String st;
    private final String c;
    private final PublicKey publicKey;
    private final Signature signature;
    public CreateCsrCallback(Promise promise, PublicKey publicKey,Signature signature,
                             String cn, String ou, String o, String l, String st, String c) {
        this.promise = promise;
        this.cn = cn;
        this.ou = ou;
        this.o = o;
        this.l = l;
        this.st = st;
        this.c = c;
        this.publicKey = publicKey;
        this.signature= signature;
    }

    @Override
    public void onAuthenticationError(int errorCode, @NonNull CharSequence errString) {
        super.onAuthenticationError(errorCode, errString);
        WritableMap resultMap = new WritableNativeMap();
        resultMap.putBoolean("success", false);
        resultMap.putString("message", errString.toString());
        resultMap.putInt("code", errorCode);
        promise.resolve(resultMap);
    }

    @Override
    public void onAuthenticationSucceeded(@NonNull BiometricPrompt.AuthenticationResult result) {
        super.onAuthenticationSucceeded(result);

        Signature signature = null;
        if (result.getCryptoObject() != null) {
            signature = result.getCryptoObject().getSignature();
        }

        if (signature == null) {
            // Người dùng dùng passcode ⇒ KHÔNG hỗ trợ ký local bằng AndroidKeyStore
            WritableMap resultMap = new WritableNativeMap();
            resultMap.putBoolean("success", false);
            resultMap.putString("message", "Local signing not supported when using device passcode");
            resultMap.putInt("code", -26); // hoặc mã lỗi riêng bạn muốn
            promise.resolve(resultMap);
            return;
        }

        try {
            // Dùng signature như bình thường
            X500Name x500Name = new X500Name(cn, ou, o, l, st, c);
            PKCS10 pkcs10 = new PKCS10(publicKey);
            pkcs10.encodeAndSign(x500Name, signature);

            String csr = Base64.encodeToString(pkcs10.getEncoded(), Base64.NO_WRAP);

            WritableMap resultMap = new WritableNativeMap();
            resultMap.putBoolean("success", true);
            resultMap.putString("csr", csr);
            promise.resolve(resultMap);
        } catch (Exception e) {
            WritableMap resultMap = new WritableNativeMap();
            resultMap.putBoolean("success", false);
            resultMap.putString("message", "CSR signing failed: " + e.getMessage());
            promise.resolve(resultMap);
        }
    }



}
