using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using Taloyhtio.GeneralSSO.Server.CodeFiles.Common;

namespace Taloyhtio.GeneralSSO.Server.CodeFiles.Infrastructure.OAuth
{
    // Create access token:
    // 1. Authorization server: signs token with auth server's private key (cert contains both private and public key)
    // 2. Authorization server: encrypts token with resource server's public key only (cert contains public key only)
    // 3. Resource server: decrypts token with resource server's private key (cert contains both private and public key)
    // 4. Resource server: validates token with auth server's public key (cert contains public key only)
    // In all-in-one server environments auth and res certificates contain both private and public keys
    public static class Cert
    {
        private static X509Certificate2 authServerSigningCertificate;
        private static X509Certificate2 resourceServerEncryptionCertificate;

        static Cert()
        {
            authServerSigningCertificate = getSigningCert();
            if (authServerSigningCertificate == null)
            {
                throw new Exception("Authorization server signing certificate is null");
            }
            resourceServerEncryptionCertificate = getEncryptionCert();
            if (resourceServerEncryptionCertificate == null)
            {
                throw new Exception("Resource server encryption certificate is null");
            }
        }

        public static X509Certificate2 AuthServerSigningCertificate
        {
            get
            {
                return authServerSigningCertificate;
            }
        }

        public static X509Certificate2 ResourceServerEncyptionCertificate
        {
            get
            {
                return resourceServerEncryptionCertificate;
            }
        }

        private static X509Certificate2 getSigningCert()
        {
            var subjName = ConfigurationManager.AppSettings["AuthServerSigningCert_SubjectName"];
            var storeName = (StoreName)Enum.Parse(typeof(StoreName), ConfigurationManager.AppSettings["AuthServerSigningCert_StoreName"]);
            var storeLocation = (StoreLocation)Enum.Parse(typeof(StoreLocation), ConfigurationManager.AppSettings["AuthServerSigningCert_StoreLocation"]);
            return Utils.GetCert(subjName, storeName, storeLocation);
        }

        private static X509Certificate2 getEncryptionCert()
        {
            var subjName = ConfigurationManager.AppSettings["ResourceServerEncryptionCert_SubjectName"];
            var storeName = (StoreName)Enum.Parse(typeof(StoreName), ConfigurationManager.AppSettings["ResourceServerEncryptionCert_StoreName"]);
            var storeLocation = (StoreLocation)Enum.Parse(typeof(StoreLocation), ConfigurationManager.AppSettings["ResourceServerEncryptionCert_StoreLocation"]);
            return Utils.GetCert(subjName, storeName, storeLocation);
        }
    }
}