import { IAgentContext, IDIDManager, IIdentifier, IKeyManager, IResolver, TKeyType } from '@veramo/core-types'
import { ECDH, JWE } from 'did-jwt'
import { DIDResolutionOptions, parse as parseDidUrl } from 'did-resolver'

import Debug from 'debug'
import {
  _ExtendedVerificationMethod,
  bytesToHex,
  decodeJoseBlob,
  extractPublicKeyHex,
  hexToBytes,
  isDefined,
  mapIdentifierKeysToDoc,
  resolveDidOrThrow,
} from '@veramo/utils'
import { x25519 } from '@noble/curves/ed25519'

const debug = Debug('veramo:did-comm:action-handler')

export function createEcdhWrapper(secretKeyRef: string, context: IAgentContext<IKeyManager>): ECDH {
  return async (theirPublicKey: Uint8Array): Promise<Uint8Array> => {
    if (theirPublicKey.length !== 32) {
      throw new Error('invalid_argument: incorrect publicKey key length for X25519')
    }
    const publicKey = { type: <TKeyType>'X25519', publicKeyHex: bytesToHex(theirPublicKey) }
    const shared = await context.agent.keyManagerSharedSecret({ secretKeyRef, publicKey })
    return hexToBytes(shared)
  }
}

export async function extractSenderEncryptionKey(
  jwe: JWE,
  context: IAgentContext<IResolver>,
  resolutionOptions?: DIDResolutionOptions,
): Promise<Uint8Array | null> {
  let senderKey: Uint8Array | null = null
  const protectedHeader = decodeJoseBlob(jwe.protected)
  if (typeof protectedHeader.skid === 'string') {
    const senderDoc = await resolveDidOrThrow(protectedHeader.skid, context, resolutionOptions)
    const sKey = (await context.agent.getDIDComponentById({
      didDocument: senderDoc,
      didUrl: protectedHeader.skid,
      section: 'keyAgreement',
    })) as _ExtendedVerificationMethod
    let { publicKeyHex, keyType } = extractPublicKeyHex(sKey, true)
    if (keyType !== 'X25519') {
      throw new Error(`not_supported: sender key of type ${sKey.type} is not supported`)
    }
    senderKey = hexToBytes(publicKeyHex)
  }
  return senderKey
}

export async function extractManagedRecipients(
  jwe: JWE,
  context: IAgentContext<IDIDManager>,
): Promise<{ recipient: any; kid: string; identifier: IIdentifier }[]> {
  const parsedDIDs = (jwe.recipients || [])
    .map((recipient) => {
      const kid = recipient?.header?.kid
      const did = parseDidUrl(kid || '')?.did as string
      if (kid && did) {
        return { recipient, kid, did }
      } else {
        return null
      }
    })
    .filter(isDefined)

  let managedRecipients = (
    await Promise.all(
      parsedDIDs.map(async ({ recipient, kid, did }) => {
        try {
          const identifier = await context.agent.didManagerGet({ did })
          return { recipient, kid, identifier }
        } catch (e) {
          // identifier not found, skip it
          return null
        }
      }),
    )
  ).filter(isDefined)
  return managedRecipients
}

export async function mapRecipientsToLocalKeys(
  managedKeys: { recipient: any; kid: string; identifier: IIdentifier }[],
  context: IAgentContext<IResolver>,
  resolutionOptions?: DIDResolutionOptions,
): Promise<{ localKeyRef: string; recipient: any }[]> {
  const potentialKeys = await Promise.all(
    managedKeys.map(async ({ recipient, kid, identifier }) => {
      // TODO: use caching, since all recipients are supposed to belong to the same identifier
      const identifierKeys = await mapIdentifierKeysToDoc(
        identifier,
        'keyAgreement',
        context,
        resolutionOptions,
      )
      const localKey = identifierKeys.find((key) => key.meta.verificationMethod.id === kid)
      if (localKey) {
        return { localKeyRef: localKey.kid, recipient }
      } else {
        return null
      }
    }),
  )
  const localKeys = potentialKeys.filter(isDefined)
  return localKeys
}

/**
 * Generate private-public x25519 key pair
 */
export function generateX25519KeyPair(): { secretKey: Uint8Array; publicKey: Uint8Array } {
  const secretKey = x25519.utils.randomPrivateKey()
  return generateX25519KeyPairFromSeed(secretKey)
}

/**
 * Generate private-public x25519 key pair from a 32 byte secret.
 */
export function generateX25519KeyPairFromSeed(seed: Uint8Array): {
  secretKey: Uint8Array
  publicKey: Uint8Array
} {
  if (seed.length !== 32) {
    throw new Error(`x25519: seed must be 32 bytes`)
  }
  return {
    publicKey: x25519.getPublicKey(seed),
    secretKey: seed,
  }
}