# coding=utf-8
# --------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# --------------------------------------------------------------------------------------------
# Dev note - think of this as a controller

import base64
from typing import List, Optional

from azext_iot.constants import CENTRAL_ENDPOINT
from azext_iot.central.providers import CentralEnrollmentGroupProvider
from azext_iot.common.certops import open_certificate
from azext_iot.central.common import API_VERSION
from azext_iot.central.models.ga_2022_07_31 import EnrollmentGroupGa


def get_enrollment_group(
    cmd,
    app_id: str,
    group_id: str,
    certificate_entry: Optional[str] = None,
    token: Optional[str] = None,
    central_dns_suffix=CENTRAL_ENDPOINT,
    api_version=API_VERSION,
) -> EnrollmentGroupGa:
    provider = CentralEnrollmentGroupProvider(
        cmd=cmd, app_id=app_id, token=token, api_version=api_version
    )

    response = provider.get_enrollment_group(
        group_id=group_id,
        central_dns_suffix=central_dns_suffix,
    )

    if certificate_entry:
        response["x509"] = get_x509(
            cmd=cmd,
            app_id=app_id,
            group_id=group_id,
            certificate_entry=certificate_entry,
            token=token,
            central_dns_suffix=central_dns_suffix,
            api_version=api_version,
        )

    return response


def list_enrollment_groups(
    cmd,
    app_id: str,
    token=None,
    central_dns_suffix=CENTRAL_ENDPOINT,
    api_version=API_VERSION,
) -> List[EnrollmentGroupGa]:
    provider = CentralEnrollmentGroupProvider(
        cmd=cmd, app_id=app_id, token=token, api_version=api_version
    )

    return provider.list_enrollment_groups(central_dns_suffix=central_dns_suffix)


def create_enrollment_group(
    cmd,
    app_id: str,
    attestation: str,
    display_name: str,
    type: str,
    group_id: str,
    enabled: Optional[str] = 'enabled',
    primary_key: Optional[str] = None,
    secondary_key: Optional[str] = None,
    primary_cert_path: Optional[str] = None,
    secondary_cert_path: Optional[str] = None,
    etag: Optional[str] = None,
    token: Optional[str] = None,
    central_dns_suffix=CENTRAL_ENDPOINT,
    api_version=API_VERSION,
) -> EnrollmentGroupGa:
    provider = CentralEnrollmentGroupProvider(
        cmd=cmd, app_id=app_id, token=token, api_version=api_version
    )
    response = provider.create_enrollment_group(
        group_id=group_id,
        attestation=attestation,
        primary_key=primary_key,
        secondary_key=secondary_key,
        display_name=display_name,
        type=type,
        enabled=(enabled == 'enabled'),
        etag=etag,
        central_dns_suffix=central_dns_suffix,
    )

    # For x509 we need to call a separate API
    primary_cert = None
    secondary_cert = None

    if attestation == 'x509':
        if primary_cert_path:
            primary_cert = open_certificate(primary_cert_path)
            if primary_cert_path.endswith(".pem"):
                primary_cert = base64.encodebytes((primary_cert.replace('\r', '') + '\n').encode()).decode().replace('\n', '')

        if secondary_cert_path:
            secondary_cert = open_certificate(secondary_cert_path)
            if secondary_cert_path.endswith(".pem"):
                secondary_cert = base64.encodebytes((secondary_cert.replace('\r', '') + '\n').encode()).decode().replace('\n', '')

        if primary_cert_path or secondary_cert_path:
            response["x509"] = create_x509(
                cmd=cmd,
                app_id=app_id,
                group_id=group_id,
                primary_cert=primary_cert,
                secondary_cert=secondary_cert,
                etag=etag,
                token=token,
                central_dns_suffix=central_dns_suffix,
                api_version=api_version,
            )

    return response


def update_enrollment_group(
    cmd,
    app_id: str,
    group_id: str,
    display_name: Optional[str] = None,
    type: Optional[str] = None,
    remove_x509: Optional[bool] = None,
    enabled: Optional[str] = 'enabled',
    primary_cert_path: Optional[str] = None,
    secondary_cert_path: Optional[str] = None,
    certificate_entry: Optional[str] = None,
    etag: Optional[str] = None,
    token: Optional[str] = None,
    central_dns_suffix=CENTRAL_ENDPOINT,
    api_version=API_VERSION,
):
    provider = CentralEnrollmentGroupProvider(
        cmd=cmd, app_id=app_id, token=token, api_version=api_version
    )

    response = provider.update_enrollment_group(
        group_id=group_id,
        display_name=display_name,
        type=type,
        enabled=(enabled == 'enabled'),
        etag=etag,
        central_dns_suffix=central_dns_suffix,
    )

    # Still can create/remove x509 during update
    primary_cert = None
    secondary_cert = None

    if primary_cert_path:
        primary_cert = open_certificate(primary_cert_path)
        if primary_cert_path.endswith(".pem"):
            primary_cert = base64.encodebytes((primary_cert.replace('\r', '') + '\n').encode()).decode().replace('\n', '')

    if secondary_cert_path:
        secondary_cert = open_certificate(secondary_cert_path)
        if secondary_cert_path.endswith(".pem"):
            secondary_cert = base64.encodebytes((secondary_cert.replace('\r', '') + '\n').encode()).decode().replace('\n', '')

    if primary_cert_path or secondary_cert_path:
        response["x509"] = create_x509(
            cmd=cmd,
            app_id=app_id,
            group_id=group_id,
            primary_cert=primary_cert,
            secondary_cert=secondary_cert,
            etag=etag,
            token=token,
            central_dns_suffix=central_dns_suffix,
            api_version=api_version,
        )
    elif remove_x509 is True and certificate_entry:
        # We need to remove x509 from the group
        response["x509"] = {
            "remove": delete_x509(
                cmd=cmd,
                app_id=app_id,
                group_id=group_id,
                certificate_entry=certificate_entry,
                token=token,
                central_dns_suffix=central_dns_suffix,
                api_version=api_version,
            )
        }

    return response


def delete_enrollment_group(
    cmd,
    app_id: str,
    group_id: str,
    token=None,
    central_dns_suffix=CENTRAL_ENDPOINT,
    api_version=API_VERSION,
) -> dict:
    provider = CentralEnrollmentGroupProvider(
        cmd=cmd, app_id=app_id, token=token, api_version=api_version
    )

    return provider.delete_enrollment_group(
        group_id=group_id,
        central_dns_suffix=central_dns_suffix,
    )


def create_x509(
    cmd,
    app_id: str,
    group_id: str,
    primary_cert: Optional[str] = None,
    secondary_cert: Optional[str] = None,
    etag: Optional[str] = None,
    token: Optional[str] = None,
    central_dns_suffix=CENTRAL_ENDPOINT,
    api_version=API_VERSION,
) -> dict:
    provider = CentralEnrollmentGroupProvider(
        cmd=cmd, app_id=app_id, token=token, api_version=api_version
    )

    return provider.create_x509(
        group_id=group_id,
        primary_cert=primary_cert,
        secondary_cert=secondary_cert,
        etag=etag,
        central_dns_suffix=central_dns_suffix,
    )


def verify_x509(
    cmd,
    app_id: str,
    group_id: str,
    primary_cert_path: Optional[str] = None,
    secondary_cert_path: Optional[str] = None,
    token: Optional[str] = None,
    central_dns_suffix=CENTRAL_ENDPOINT,
    api_version=API_VERSION,
) -> dict:
    provider = CentralEnrollmentGroupProvider(
        cmd=cmd, app_id=app_id, token=token, api_version=api_version
    )

    primary_cert = None
    secondary_cert = None

    if primary_cert_path:
        primary_cert = open_certificate(primary_cert_path)
        if primary_cert_path.endswith(".pem"):
            primary_cert = base64.encodebytes((primary_cert.replace('\r', '') + '\n').encode()).decode().replace('\n', '')

    if secondary_cert_path:
        secondary_cert = open_certificate(secondary_cert_path)
        if secondary_cert_path.endswith(".pem"):
            secondary_cert = base64.encodebytes((secondary_cert.replace('\r', '') + '\n').encode()).decode().replace('\n', '')

    return provider.verify_x509(
        group_id=group_id,
        primary_cert=primary_cert,
        secondary_cert=secondary_cert,
        central_dns_suffix=central_dns_suffix,
    )


def get_x509(
    cmd,
    app_id: str,
    group_id: str,
    certificate_entry: Optional[str] = None,
    token: Optional[str] = None,
    central_dns_suffix=CENTRAL_ENDPOINT,
    api_version=API_VERSION,
) -> dict:
    provider = CentralEnrollmentGroupProvider(
        cmd=cmd, app_id=app_id, token=token, api_version=api_version
    )

    return provider.get_x509(
        group_id=group_id,
        certificate_entry=certificate_entry,
        central_dns_suffix=central_dns_suffix,
    )


def delete_x509(
    cmd,
    app_id: str,
    group_id: str,
    certificate_entry: Optional[str] = None,
    token: Optional[str] = None,
    central_dns_suffix=CENTRAL_ENDPOINT,
    api_version=API_VERSION,
) -> dict:
    provider = CentralEnrollmentGroupProvider(
        cmd=cmd, app_id=app_id, token=token, api_version=api_version
    )

    return provider.delete_x509(
        group_id=group_id,
        certificate_entry=certificate_entry,
        central_dns_suffix=central_dns_suffix,
    )


def generate_verification_code(
    cmd,
    app_id: str,
    group_id: str,
    certificate_entry: Optional[str] = None,
    token: Optional[str] = None,
    central_dns_suffix=CENTRAL_ENDPOINT,
    api_version=API_VERSION,
) -> dict:
    provider = CentralEnrollmentGroupProvider(
        cmd=cmd, app_id=app_id, token=token, api_version=api_version
    )
    return provider.generate_verification_code(
        group_id=group_id,
        certificate_entry=certificate_entry,
        central_dns_suffix=central_dns_suffix,
    )