#include <chrono>
#include <iostream>
#include <optional>
#include <stdint.h>
#include <string>
#include <vector>

#include <sodium.h>

#include "cpp-base64/base64.h"
#include "json.hpp"

#include "string_helpers.h"
#include "time_helpers.h"

using namespace std;
using nlohmann::json;

using namespace BareMinimumCrypto;

struct ExpiringSignature {
	string cert_s;
	vector <uint8_t> sig;
	
	// C++ nonsense
	bool operator == (const ExpiringSignature & o) const {
		return
			cert_s == o.cert_s &&
			sig == o.sig
		;
	}
	
	bool operator != (const ExpiringSignature & o) const {
		return ! (*this == o);
	}
};

void try_sodium_init () {
	if (sodium_init () < 0) {
		throw std::runtime_error ("Can't initialize libsodium");
	}
}

bool is_pubkey_length (const vector <uint8_t> & v) {
	return v.size () == crypto_sign_PUBLICKEYBYTES;
}

optional <vector <uint8_t>> try_verify_signed_data (
	const ExpiringSignature & sig,
	const vector <uint8_t> & pubkey,
	int64_t now
) {
	try_sodium_init ();
	
	if (! is_pubkey_length (pubkey)) {
		return nullopt;
	}
	
	if (crypto_sign_verify_detached (
		sig.sig.data (),
		(const uint8_t *)sig.cert_s.data (),
		sig.cert_s.size (),
		pubkey.data ()
	) != 0) {
		return nullopt;
	}
	
	const json j = json::parse (sig.cert_s);
	
	const int64_t not_before = j ["not_before"];
	const int64_t not_after = j ["not_after"];
	
	if (now < not_before) {
		return nullopt;
	}
	if (now > not_after) {
		return nullopt;
	}
	
	const string payload_b64 = j ["payload_b64"];
	const auto payload = std::move (*BareMinimumCrypto::base64_decode (payload_b64));
	
	return payload;
}

optional <vector <uint8_t>> verify_signed_data (
	const ExpiringSignature & sig,
	const vector <uint8_t> & pubkey,
	int64_t now
) {
	try {
		return try_verify_signed_data (sig, pubkey, now);
	}
	catch (json::exception &) {
		return nullopt;
	}
}

optional <vector <uint8_t>> verify_cert_and_data (
	const ExpiringSignature & signed_cert,
	const ExpiringSignature & signed_data,
	const vector <uint8_t> & root_pubkey,
	int64_t now
) {
	auto subkey_opt = verify_signed_data (signed_cert, root_pubkey, now);
	if (! subkey_opt) {
		return nullopt;
	}
	const auto subkey = std::move (*subkey_opt);
	
	return verify_signed_data (signed_data, subkey, now);
}

optional <vector <uint8_t>> verify_cert_and_data (
	const ExpiringSignature & signed_cert,
	const ExpiringSignature & signed_data,
	const vector <uint8_t> & root_pubkey
) {
	return verify_cert_and_data (signed_cert, signed_data, root_pubkey, get_seconds_since_epoch ());
}

optional <vector <uint8_t>> verify_signed_data (
	const ExpiringSignature & sig,
	const vector <uint8_t> & pubkey
) {
	return verify_signed_data (sig, pubkey, get_seconds_since_epoch ());
}

class SigningKey {
	vector <uint8_t> pk;
	vector <uint8_t> sk;
	
public:
	SigningKey () {
		try_sodium_init ();
		
		pk.resize (crypto_sign_PUBLICKEYBYTES);
		sk.resize (crypto_sign_SECRETKEYBYTES);
		
		crypto_sign_keypair (pk.data (), sk.data ());
	}
	
	vector <uint8_t> pubkey () const {
		return pk;
	}
	
	string pub_to_base64 () const {
		return base64_encode (pk);
	}
	
	optional <ExpiringSignature> sign_base64 (
		const string & payload_b64,
		int64_t duration,
		int64_t now
	) const {
		try_sodium_init ();
		
		if (duration > about_1_year) {
			return nullopt;
		}
		
		const auto not_after = now + duration;
		
		const json j {
			{"not_before", now},
			{"not_after", not_after},
			{"payload_b64", payload_b64},
		};
		
		const auto cert_s = j.dump ();
		
		vector <uint8_t> sig;
		sig.resize (crypto_sign_BYTES);
		
		crypto_sign_detached (sig.data (), nullptr, (const uint8_t *)cert_s.data (), cert_s.size (), sk.data ());
		
		return ExpiringSignature {
			cert_s,
			sig,
		};
	}
	
	optional <ExpiringSignature> sign_key (const SigningKey & k, int64_t now) const 
	{
		return sign_base64 (k.pub_to_base64 (), about_3_months, now);
	}
	
	optional <ExpiringSignature> sign_data (const vector <uint8_t> & v, int64_t now) const 
	{
		return sign_base64 (base64_encode (v), about_1_week, now);
	}
};



int happy_path () {
	// We generate a root key and keep it somewhere safe
	// (offline, hopefully)
	SigningKey root_key;
	cerr << "Root pub key " << root_key.pub_to_base64 () << endl;
	
	if (test_time () != 0) {
		return 1;
	}
	
	// The server generates a signing key
	SigningKey signing_key;
	cerr << "Signing key " << signing_key.pub_to_base64 () << endl;
	
	const auto now = get_seconds_since_epoch ();
	
	// That signing key signs some important data
	const auto important_data = copy_to_bytes ("Nikolai, Anna, Ivan, Mikhail, Ivan, Nikolai, Anna. 7 4 1 4 3 5 7 4");
	const ExpiringSignature signed_data = std::move (*signing_key.sign_data (important_data, now));
	
	// The server signs our temporary signing key
	const ExpiringSignature cert = std::move (*root_key.sign_key (signing_key, now));
	
	{
		// Check that a different time results in a different cert
		const auto cert_2 = std::move (*root_key.sign_key (signing_key, now));
		const auto cert_3 = std::move (*root_key.sign_key (signing_key, now + 1));
		
		if (cert != cert_2) {
			cerr << "Certs should have been identical" << endl;
			return 1;
		}
		
		if (cert == cert_3) {
			cerr << "Certs should have been different" << endl;
			return 1;
		}
		
		if (cert == cert_3) {
			cerr << "Signatures should have been different" << endl;
			return 1;
		}
	}
	
	{
		cerr << "Cert:" << endl;
		cerr << cert.cert_s << endl;
		cerr << base64_encode (cert.sig) << endl;
	}
	
	// The receiver verifies the data by the root public key,
	// even though the receiver has never seen the sub-key.
	
	const auto root_pubkey = root_key.pubkey ();
	auto verified_opt = verify_cert_and_data (cert, signed_data, root_pubkey);
	if (! verified_opt) {
		cerr << "Receiver couldn't verify cert and data" << endl;
		return 1;
	}
	const auto verified = std::move (*verified_opt);
	
	if (verified != important_data) {
		cerr << "Verified payload did not match expected payload" << endl;
		return 1;
	}
	
	return 0;
}

int main () {
	if (test_base64 () != 0) {
		return 1;
	}
	
	if (happy_path () != 0) {
		return 1;
	}
	
	cerr << "All good." << endl;
	return 0;
}