using System;
using System.Collections.Generic;
using Top.Api.Util;


namespace Top.Api.Security
{
    /// <summary>
    /// 加、解密客户端(单例使用，不要初始化多个)
    /// </summary>
    public class SecurityClient : SecurityConstants
    {
        // 秘钥管理核心类
        private SecurityCore secretCore;
        private SecurityCounter securityCounter;

        /// <summary>
        /// 秘钥管理核心类
        /// </summary>
        /// <param name="topClientt"> serverUrl必须是https协议</param>
        /// <param name="randomNum">伪随机码</param>
        public SecurityClient(DefaultTopClient topClient, string randomNum): this(topClient, randomNum, false)
        {
        }

        /// <summary>
        /// 秘钥管理核心类
        /// </summary>
        /// <param name="topClientt"> serverUrl必须是https协议</param>
        /// <param name="randomNum">伪随机码</param>
        /// <param name="streetest">是否全链路压测</param>
        public SecurityClient(DefaultTopClient topClient, string randomNum, bool streetest)
        {
            securityCounter = new SecurityCounter(topClient.appKey);
            secretCore = new SecurityCore(topClient, randomNum, streetest);
        }

        /// <summary>
        ///  初始化秘钥（如果半小时内会调用加、解密方法，建议先初始化秘钥）。所有用户共用秘钥
        /// </summary>
        public void InitSecret()
        {
            secretCore.GetSecret(null, null);
        }

        public void SetRandomNum(string randomNum)
        {
            this.secretCore.SetRandomNum(randomNum);
        }

        /// <summary>
        /// 初始化秘钥（如果半小时内会调用加、解密方法，建议先初始化秘钥）。每个用户单独分配秘钥
        /// </summary>
        /// <param name="session"></param>
        public void InitSecret(string session)
        {
            secretCore.GetSecret(session, null);
        }

        /// <summary>
        /// 批量解密（所有用户共用秘钥）
        /// </summary>
        /// <param name="dataList"></param>
        /// <param name="type"></param>
        /// <returns></returns>
        public IDictionary<string, string> Decrypt(List<string> dataList, string type)
        {
            return Decrypt(dataList, type, null);
        }

        /// <summary>
        /// 批量解密（每个用户单独分配秘钥）
        /// </summary>
        /// <param name="dataList"></param>
        /// <param name="type"></param>
        /// <param name="session"></param>
        /// <returns>key=密文数据，value=明文数据</returns>
        public IDictionary<string, string> Decrypt(List<string> dataList, string type, string session)
        {
            if (dataList == null || dataList.Count == 0)
            {
                throw new SecretException("dataList can`t be empty");
            }
            IDictionary<string, string> resultMap = new Dictionary<string, string>();
            foreach (string data in dataList)
            {
                if (!resultMap.ContainsKey(data))
                {
                    string decryptValue = Decrypt(data, type, session);
                    resultMap.Add(data, decryptValue);
                }
            }
            return resultMap;
        }

        /// <summary>
        /// 解密（所有用户共用秘钥）
        /// </summary>
        /// <param name="data"></param>
        /// <param name="type"></param>
        /// <returns></returns>
        public string Decrypt(string data, string type)
        {
            return Decrypt(data, type, null);
        }

        /// <summary>
        /// 解密（每个用户单独分配秘钥）
        /// </summary>
        /// <param name="data">
        /// 密文数据 手机号码格式：$手机号码前3位明文$base64(encrypt(phone后8位))$111$
        /// simple格式：~base64(encrypt(nick))~111~
        /// </param>
        /// <param name="type">解密字段类型(例如：simple\phone)</param>
        /// <param name="session">用户身份,用户级加密必填</param>
        /// <returns></returns>
        public string Decrypt(string data, string type, string session)
        {
            if (string.IsNullOrEmpty(data) || data.Length < 4)
            {
                return data;
            }

            // 获取分隔符
            Nullable<char> charValue = null;
            SecurityBiz.GetSeparatorCharMap().TryGetValue(type, out charValue);

            if (charValue == null)
            {
                throw new SecretException("type error");
            }

            // 校验
            char separator = charValue.Value;
            if (!(data[0] == separator && data[data.Length - 1] == separator))
            {
                return data;
            }
            SecretData secretDataDO = null;
            if (data[data.Length - 2] == separator)
            {
                secretDataDO = SecurityBiz.GetIndexSecretData(data, separator);
            }
            else
            {
                secretDataDO = SecurityBiz.GetSecretData(data, separator);
            }

            // 非法密文
            if (secretDataDO == null)
            {
                return data;
            }

            // 如果密文数据的版本号小于0代表公共秘钥
            if (secretDataDO.SecretVersion < 0)
            {
                secretDataDO.SecretVersion=Math.Abs(secretDataDO.SecretVersion.Value);
                session = null;
            }
            securityCounter.AddDecryptCount(type, session);// 计数器
            SecretContext secretContextDO = secretCore.GetSecret(session, secretDataDO.SecretVersion);
            string decryptValue = SecurityUtil.AESDecrypt(secretDataDO.OriginalBase64Value, secretContextDO.Secret);
            if (PHONE.Equals(type) && !secretDataDO.Search)
            {
                // 加上手机号前3位，手机号只加密了后8位
                return secretDataDO.OriginalValue + decryptValue;
            }
            return decryptValue;

        }

        /// <summary>
        /// 判断list元素是否全部为密文数据
        /// </summary>
        /// <param name="dataList"></param>
        /// <param name="type">加密字段类型(例如：simple\phone)</param>
        /// <returns></returns>
        public static bool IsEncryptData(List<string> dataList, string type)
        {
            if (dataList == null || dataList.Count == 0)
            {
                return false;
            }
            bool result = false;
            foreach (string data in dataList)
            {
                result = IsEncryptData(data, type);
                if (!result)
                {
                    return false;
                }
            }
            return result;
        }

        /// <summary>
        /// 判断list元素是否存在密文数据。只要有一个是密文，则返回true
        /// </summary>
        /// <param name="dataList"></param>
        /// <param name="type">加密字段类型(例如：simple\phone)</param>
        /// <returns></returns>
        public static bool IsPartEncryptData(List<String> dataList, String type) {
            if (dataList == null || dataList.Count == 0)
            {
                return false;
            }
            bool result = false;
            foreach (string data in dataList)
            {
                result = IsEncryptData(data, type);
                if (result)
                {
                    return true;
                }
            }
            return result;
        }

        /// <summary>
        /// 判断是否密文数据
        /// </summary>
        /// <param name="data"></param>
        /// <param name="type">加密字段类型(例如：simple\phone)</param>
        /// <returns></returns>
        public static bool IsEncryptData(string data, string type)
        {
            return SecurityBiz.IsEncryptData(data, type);
        }

        /// <summary>
        /// 加密（所有用户共用秘钥）
        /// </summary>
        /// <param name="data"></param>
        /// <param name="type"></param>
        /// <returns></returns>
        public string Encrypt(string data, string type)
        {
            return Encrypt(data, type, null, null);
        }

        /// <summary>
        /// 用老秘钥加密，只在秘钥升级时使用（所有用户共用秘钥）
        /// </summary>
        /// <param name="data"></param>
        /// <param name="type"></param>
        /// <returns></returns>
        public string EncryptPrevious(string data, string type)
        {
            return Encrypt(data, type, null, -1L);
        }

        /// <summary>
        /// 加密（每个用户单独分配秘钥）
        /// </summary>
        /// <param name="data"></param>
        /// <param name="type"></param>
        /// <param name="session"></param>
        /// <returns></returns>
        public string Encrypt(string data, string type, string session)
        {
            return Encrypt(data, type, session, null);
        }

        /// <summary>
        /// 用老秘钥加密，只在秘钥升级时使用（每个用户单独分配秘钥）
        /// </summary>
        /// <param name="data"></param>
        /// <param name="type"></param>
        /// <param name="session"></param>
        /// <returns></returns>
        public string EncryptPrevious(string data, string type, string session)
        {
            return Encrypt(data, type, session, -1L);
        }

        /// <summary>
        /// 密文检索（所有用户共用秘钥）
        /// </summary>
        /// <param name="data"></param>
        /// <param name="type"></param>
        /// <returns></returns>
        public string Search(string data, string type)
        {
            return Search(data, type, null, null);
        }

        /// <summary>
        /// 密文检索,在秘钥升级场景下兼容查询（所有用户共用秘钥）
        /// </summary>
        /// <param name="data"></param>
        /// <param name="type"></param>
        /// <returns></returns>
        public string SearchPrevious(string data, string type)
        {
            return Search(data, type, null, -1L);
        }

        /// <summary>
        /// 密文检索（每个用户单独分配秘钥）
        /// </summary>
        /// <param name="data"></param>
        /// <param name="type"></param>
        /// <param name="session"></param>
        /// <returns></returns>
        public string Search(string data, string type, string session)
        {
            return Search(data, type, session, null);
        }

        /// <summary>
        /// 密文检索,在秘钥升级场景下兼容查询（每个用户单独分配秘钥）
        /// </summary>
        /// <param name="data"></param>
        /// <param name="type"></param>
        /// <param name="session"></param>
        /// <returns></returns>
        public string SearchPrevious(string data, string type, string session)
        {
            return Search(data, type, session, -1L);
        }

        /// <summary>
        /// 密文检索。 手机号码格式：$base64(H-MAC(phone后4位))$ simple格式：base64(H-MAC(滑窗))
        /// </summary>
        /// <param name="data">明文数据</param>
        /// <param name="type">加密字段类型(例如：simple\phone)</param>
        /// <param name="session">用户身份,用户级加密必填</param>
        /// <param name="version">秘钥历史版本</param>
        /// <returns></returns>
        private string Search(string data, string type, string session, Nullable<Int64> version)
        {
            if (string.IsNullOrEmpty(data))
            {
                return data;
            }

            SecretContext secretContext = secretCore.GetSecret(session, version);
            if (secretContext == null)
            {
                throw new SecretException("secretKey is null");
            }
            if (secretContext.Secret == null)
            {
                return data;
            }

            string separator = null;
            SecurityBiz.GetSeparatorMap().TryGetValue(type, out separator);
            if (separator == null)
            {
                throw new SecretException("type error");
            }

            // 公共秘钥版本号用负数区分
            if (session == null)
            {
                SecretContext publicSecretContext = new SecretContext();
                publicSecretContext.Secret = secretContext.Secret;
                publicSecretContext.SecretVersion = -secretContext.SecretVersion;
                secretContext = publicSecretContext;
            }

            securityCounter.AddSearchCount(type, session);// 计数器
            if (PHONE.Equals(type))
            {
                return SecurityBiz.SearchPhoneIndex(data, separator, secretContext);
            }
            else
            {
                int compressLen = secretCore.GetCompressLen();
                int slideSize = secretCore.GetSlideSize();
                return SecurityBiz.SearchNormalIndex(data, compressLen, slideSize, secretContext);
            }

        }

        /// <summary>
        /// 加密之后格式。 手机号码格式：$手机号码前3位明文$base64(encrypt(phone后8位))$111$ 
        /// simple格式：~base64(encrypt(nick))~111~
        /// </summary>
        /// <param name="data">明文数据</param>
        /// <param name="type">加密字段类型(例如：simple\phone)</param>
        /// <param name="session">用户身份,用户级加密必填</param>
        /// <param name="version">秘钥历史版本</param>
        /// <returns></returns>
        private string Encrypt(string data, string type, string session, Nullable<Int64> version)
        {
            if (string.IsNullOrEmpty(data))
            {
                return data;
            }
            SecretContext secretContext = secretCore.GetSecret(session, version);
            if (secretContext == null)
            {
                throw new SecretException("secretKey is null");
            }
            if (secretContext.Secret == null)
            {
                return data;
            }

            string separator = null;
            SecurityBiz.GetSeparatorMap().TryGetValue(type, out separator);
            if (separator == null)
            {
                throw new SecretException("type error");
            }

            // 公共秘钥版本号用负数区分
            if (session == null)
            {
                SecretContext publicSecretContext = new SecretContext();
                publicSecretContext.Secret = secretContext.Secret;
                publicSecretContext.SecretVersion = -secretContext.SecretVersion;
                secretContext = publicSecretContext;
            }

            securityCounter.AddEncryptCount(type, session);// 计数器
            bool isEncryptIndex = secretCore.IsIndexEncrypt(type, version);
            // 支持密文检索
            if (isEncryptIndex || SEARCH.Equals(type))
            {
                if (PHONE.Equals(type))
                {
                    return SecurityBiz.EncryptPhoneIndex(data, separator, secretContext);
                }
                else
                {
                    int compressLen = secretCore.GetCompressLen();
                    int slideSize = secretCore.GetSlideSize();
                    return SecurityBiz.EncryptNormalIndex(data, compressLen, slideSize, separator, secretContext);
                }
            }
            else
            {
                if (PHONE.Equals(type))
                {
                    return SecurityBiz.EncryptPhone(data, separator, secretContext);
                }
                else
                {
                    return SecurityBiz.EncryptNormal(data, separator, secretContext);
                }
            }

        }

        /// <summary>
        /// 批量加密（所有用户共用秘钥）
        /// </summary>
        /// <param name="dataList"></param>
        /// <param name="type"></param>
        /// <returns></returns>
        public IDictionary<string, string> Encrypt(List<string> dataList, string type)
        {
            return Encrypt(dataList, type, null);
        }

        /// <summary>
        /// 批量加密（每个用户单独分配秘钥）
        /// </summary>
        /// <param name="dataList"></param>
        /// <param name="type"></param>
        /// <param name="session"></param>
        /// <returns>key=明文数据，value=密文数据</returns>
        public IDictionary<string, string> Encrypt(List<string> dataList, string type, string session)
        {
            if (dataList == null || dataList.Count == 0)
            {
                throw new SecretException("dataList can`t be empty");
            }
            IDictionary<string, string> resultMap = new Dictionary<string, string>();
            foreach (string data in dataList)
            {
                if (!resultMap.ContainsKey(data))
                {
                    string encryptValue = Encrypt(data, type, session, null);
                    resultMap.Add(data, encryptValue);
                }
            }
            return resultMap;
        }

        /// <summary>
        /// 生成自定义session，提供给自主账号使用
        /// </summary>
        /// <param name="userId"></param>
        /// <returns></returns>
        public static string GenerateCustomerSession(long userId)
        {
            return UNDERLINE + userId;
        }

    }
}