#include <chrono>
#include <fstream>
#include <iostream>
#include <optional>
#include <stdint.h>
#include <string>
#include <vector>

#include "cxxopts.hpp"
#include "json.hpp"

#include "expiring_signature.h"
#include "receiver.h"
#include "sender.h"
#include "signing_key.h"
#include "sodium_helpers.h"
#include "string_helpers.h"
#include "time_helpers.h"

using namespace std;
using nlohmann::json;
using namespace BareMinimumCrypto;

int file (const string & file_path) {
	cout << "Reading `" << file_path << "`" << endl;
	ifstream f;
	f.open (file_path, ifstream::binary);
	if (! f.is_open ()) {
		cerr << "Can't open file." << endl;
		return 1;
	}
	
	f.seekg (0, ifstream::end);
	const auto len = f.tellg ();
	f.seekg (0, ifstream::beg);
	
	vector <uint8_t> bytes;
	bytes.resize (len);
	
	f.read ((char *)bytes.data (), bytes.size ());
	
	// All our files are msgpack, so parse it first.
	
	const auto j = json::from_msgpack (bytes);
	
	const string schema = j ["schema"];
	
	cout << "Schema: " << schema << endl;
	
	if (schema == "3T6XF5DZ") {
		cout << "File is a passphrase-protected secret key" << endl;
		
		const Instant time_created (j ["time_created"]);
		const auto pubkey = j ["pubkey"].get_binary ();
		const string key_machine_id = j ["machine_id"];
		
		const auto our_machine_id = get_machine_id ();
		const auto now = Instant::now ();
		
		cout << "Generated at Unix time " << time_created.x 
		<< " (" << now.x - time_created.x << " seconds ago)"
		<< endl;
		cout << "Generated on machine ID " << key_machine_id << endl;
		cout << "Claims to have Base64 pubkey " << base64_encode (pubkey) << endl;
		
		if (now.x < time_created.x) {
			cout << "The key was generated in the past. Someone's clock is wrong." << endl;
		}
		if (our_machine_id != key_machine_id) {
			cout << "The key was generated on another machine. You should report this." << endl;
		}
	}
	else {
		cout << "Unknown schema. Maybe this file is from a newer version of BMC?" << endl;
	}
	
	return 0;
}

int test () {
	if (test_base64 () != 0) {
		return 1;
	}
	
	// We generate a root key and keep it somewhere safe
	// (offline, hopefully)
	
	SigningKey root_key;
	cerr << "Root pub key " << base64_encode (root_key.pubkey ()) << endl;
	
	if (test_time () != 0) {
		return 1;
	}
	
	const auto now = Instant::now ();
	
	// The sender generates a key
	SigningKey sender_key;
	cerr << "Sender key " << base64_encode (sender_key.pubkey ()) << endl;
	
	// The root signs the sender key
	const ExpiringSignature sender_cert = std::move (*root_key.sign_key (sender_key, now));
	
	const auto sender = std::move (*Sender::create (sender_key, sender_cert));
	
	// The sender signs some important data
	const auto important_data = copy_to_bytes ("Nikolai, Anna, Ivan, Mikhail, Ivan, Nikolai, Anna. 7 4 1 4 3 5 7 4");
	const auto signed_data = std::move (*sender.sign (important_data));
	
	// The receiver verifies the data by the root public key,
	// even though the receiver has never seen the sender-key.
	
	auto verified_opt = Receiver::verify_cert_and_data (root_key.pubkey (), signed_data);
	if (! verified_opt) {
		cerr << "Receiver couldn't verify cert and data" << endl;
		return 1;
	}
	const auto verified = std::move (*verified_opt);
	
	if (verified != important_data) {
		cerr << "Verified payload did not match expected payload" << endl;
		return 1;
	}
	
	return 0;
}

int main (int argc, char ** argv) {
	cxxopts::Options options ("BareMinimumCrypto", "Simple crypto things you might need.");
	options.add_options ()
		("generate-ca-key", "Generate a passphrase-protected certificate authority key", cxxopts::value <string> ())
		("file", "Print info about any file generated by BMC", cxxopts::value <string> ())
		("test", "Run self-test")
		("help", "Print usage")
	;
	
	auto result = options.parse (argc, argv);
	
	if (result.count ("help")) {
		cout << options.help () << endl;
	}
	else if (result.count ("generate-ca-key")) {
		const auto file_path = result ["generate-ca-key"].as <string> ();
		cout << "Type passphrase (it will be visible in the console)" << endl;
		string passphrase;
		cin >> passphrase;
		
		auto key_opt = SigningKey::generate_to_file (file_path, passphrase);
		if (! key_opt) {
			cerr << "Error. Key was not generated" << endl;
			return 1;
		}
		cout << "The pubkey is `" << base64_encode (key_opt->pubkey ()) << "`" << endl;
	}
	else if (result.count ("file")) {
		const auto file_path = result ["file"].as <string> ();
		return file (file_path);
	}
	else if (result.count ("test")) {
		if (test () != 0) {
			return 1;
		}
		
		cerr << "All good." << endl;
	}
	return 0;
}