import os
import configparser
from typing import Dict

import aiofiles

from alibabacloud_credentials.provider import StaticAKCredentialsProvider, EcsRamRoleCredentialsProvider, \
    RamRoleArnCredentialsProvider, OIDCRoleArnCredentialsProvider, RsaKeyPairCredentialsProvider
from alibabacloud_credentials.provider.refreshable import Credentials
from alibabacloud_credentials_api import ICredentialsProvider
from alibabacloud_credentials.utils import auth_constant as ac
from alibabacloud_credentials.utils import auth_util as au
from alibabacloud_credentials.exceptions import CredentialException


async def _load_ini_async(file_path: str) -> Dict[str, Dict[str, str]]:
    config = configparser.ConfigParser()
    async with aiofiles.open(file_path, mode='r') as f:
        content = await f.read()
    config.read_string(content)
    ini_map = {}
    for section in config.sections():
        option = {}
        for key, value in config.items(section):
            if '#' in value:
                option[key] = value.split('#')[0].strip()
            else:
                option[key] = value.strip()
        ini_map[section] = option
    return ini_map


def _load_ini(file_path: str) -> Dict[str, Dict[str, str]]:
    config = configparser.ConfigParser()
    config.read(file_path, encoding='utf-8')
    ini_map = {}
    for section in config.sections():
        option = {}
        for key, value in config.items(section):
            if '#' in value:
                option[key] = value.split('#')[0].strip()
            else:
                option[key] = value.strip()
        ini_map[section] = option
    return ini_map


def _get_default_file() -> str:
    return os.path.join(ac.HOME, ".alibabacloud/credentials.ini")


class ProfileCredentialsProvider(ICredentialsProvider):

    def __init__(self, *,
                 profile_file: str = None,
                 profile_name: str = None):
        self._profile_file = profile_file or au.environment_credentials_file
        self._profile_name = profile_name or au.client_type
        self.__innerProvider = None

        if self._profile_file is None or self._profile_file == '':
            self._profile_file = _get_default_file()

    def _should_reload_credentials_provider(self) -> bool:
        if self.__innerProvider is None:
            return True
        return False

    def get_credentials(self) -> Credentials:
        if self._should_reload_credentials_provider():
            ini_map = _load_ini(self._profile_file)
            section = ini_map.get(self._profile_name)
            if section is None:
                raise CredentialException(f'failed to get credential from credentials file: ${self._profile_file}')
            self.__innerProvider = self._get_credentials_provider(section)

        cre = self.__innerProvider.get_credentials()
        credentials = Credentials(
            access_key_id=cre.get_access_key_id(),
            access_key_secret=cre.get_access_key_secret(),
            security_token=cre.get_security_token(),
            provider_name=f'{self.get_provider_name()}/{cre.get_provider_name()}'
        )
        return credentials

    async def get_credentials_async(self) -> Credentials:
        if self._should_reload_credentials_provider():
            ini_map = await _load_ini_async(self._profile_file)
            section = ini_map.get(self._profile_name)
            if section is None:
                raise CredentialException(f'failed to get credential from credentials file: ${self._profile_file}')
            self.__innerProvider = self._get_credentials_provider(section)

        cre = await self.__innerProvider.get_credentials_async()
        credentials = Credentials(
            access_key_id=cre.get_access_key_id(),
            access_key_secret=cre.get_access_key_secret(),
            security_token=cre.get_security_token(),
            provider_name=f'{self.get_provider_name()}/{cre.get_provider_name()}'
        )
        return credentials

    def _get_credentials_provider(self, section: Dict) -> ICredentialsProvider:

        config_type = section.get(ac.INI_TYPE)
        if 'access_key' == config_type:
            return StaticAKCredentialsProvider(
                access_key_id=section.get('access_key_id'),
                access_key_secret=section.get('access_key_secret')
            )
        elif 'ram_role_arn' == config_type:
            pre_provider = StaticAKCredentialsProvider(
                access_key_id=section.get('access_key_id'),
                access_key_secret=section.get('access_key_secret')
            )
            return RamRoleArnCredentialsProvider(
                credentials_provider=pre_provider,
                role_arn=section.get('role_arn'),
                role_session_name=section.get('role_session_name'),
                policy=section.get('policy')
            )
        elif 'oidc_role_arn' == config_type:
            return OIDCRoleArnCredentialsProvider(
                role_arn=section.get('role_arn'),
                oidc_provider_arn=section.get('oidc_provider_arn'),
                oidc_token_file_path=section.get('oidc_token_file_path'),
                role_session_name=section.get('role_session_name'),
                policy=section.get('policy')
            )
        elif 'ecs_ram_role' == config_type:
            return EcsRamRoleCredentialsProvider(
                role_name=section.get('role_name')
            )
        elif 'rsa_key_pair' == config_type:
            return RsaKeyPairCredentialsProvider(
                public_key_id=section.get('public_key_id'),
                private_key_file=section.get('private_key_file')
            )
        else:
            raise CredentialException(
                f'unsupported credential type {config_type} from credentials file {self._profile_file}')

    def get_provider_name(self) -> str:
        return 'profile'