using System;
using System.Linq;
using System.Security.Cryptography;
using System.Text;

namespace IOL.Helpers
{
	public static class CryptographyHelpers
	{
		// https://github.com/DuendeSoftware/IdentityServer/blob/main/src/IdentityServer/Extensions/HashExtensions.cs

		private const int AES_BLOCK_BYTE_SIZE = 128 / 8;
		private static readonly RandomNumberGenerator _random = RandomNumberGenerator.Create();

		/// <summary>
		/// Creates a MD5 hash of the specified input.
		/// </summary>
		/// <returns>A hash</returns>
		public static string Md5(this string input, string salt = default) {
			if (input.IsNullOrWhiteSpace()) return string.Empty;

			var hmacMd5 = salt.HasValue() ? new HMACMD5(Encoding.UTF8.GetBytes(salt ?? "")) : new HMACMD5();
			var saltedHash = hmacMd5.ComputeHash(Encoding.UTF8.GetBytes(input));
			return Convert.ToBase64String(saltedHash);
		}


		/// <summary>
		/// Method to perform a very simple (and classical) encryption for a string. This is NOT at 
		/// all secure, it is only intended to make the string value non-obvious at a first glance.
		///
		/// The shiftOrUnshift argument is an arbitrary "key value", and must be a non-zero integer 
		/// between -65535 and 65535 (inclusive). To decrypt the encrypted string you use the negative 
		/// value. For example, if you encrypt with -42, then you decrypt with +42, or vice-versa.
		///
		/// This is inspired by, and largely based on, this:
		/// https://stackoverflow.com/a/13026595/253938
		/// </summary>
		/// <param name="inputString">string to be encrypted or decrypted, must not be null</param>
		/// <param name="shiftOrUnshift">see above</param>
		/// <returns>encrypted or decrypted string</returns>
		public static string CaesarCipher(string inputString, int shiftOrUnshift) {
			const int C64_K = ushort.MaxValue + 1;
			if (inputString == null) throw new ArgumentException("Must not be null.", nameof(inputString));
			switch (shiftOrUnshift) {
				case 0: throw new ArgumentException("Must not be zero.", nameof(shiftOrUnshift));
				case <= -C64_K:
				case >= C64_K: throw new ArgumentException("Out of range.", nameof(shiftOrUnshift));
			}

			// Perform the Caesar cipher shifting, using modulo operator to provide wrap-around
			var charArray = new char[inputString.Length];
			for (var i = 0; i < inputString.Length; i++) {
				charArray[i] =
					Convert.ToChar((Convert.ToInt32(inputString[i]) + shiftOrUnshift + C64_K) % C64_K);
			}

			return new string(charArray);
		}

		//https://tomrucki.com/posts/aes-encryption-in-csharp/
		public static string EncryptWithAes(this string toEncrypt, string password) {
			var key = GetKey(password);

			using var aes = CreateAes();
			var iv = GenerateRandomBytes(AES_BLOCK_BYTE_SIZE);
			var plainText = Encoding.UTF8.GetBytes(toEncrypt);

			using var encryptor = aes.CreateEncryptor(key, iv);
			var cipherText = encryptor
				.TransformFinalBlock(plainText, 0, plainText.Length);

			var result = new byte[iv.Length + cipherText.Length];
			iv.CopyTo(result, 0);
			cipherText.CopyTo(result, iv.Length);

			return Convert.ToBase64String(result);
		}

		private static Aes CreateAes() {
			var aes = Aes.Create();
			aes.Mode = CipherMode.CBC;
			aes.Padding = PaddingMode.PKCS7;
			return aes;
		}

		public static string DecryptWithAes(this string input, string password) {
			var key = GetKey(password);
			var encryptedData = Convert.FromBase64String(input);

			using var aes = CreateAes();
			var iv = encryptedData.Take(AES_BLOCK_BYTE_SIZE).ToArray();
			var cipherText = encryptedData.Skip(AES_BLOCK_BYTE_SIZE).ToArray();

			using var decryptor = aes.CreateDecryptor(key, iv);
			var decryptedBytes = decryptor
				.TransformFinalBlock(cipherText, 0, cipherText.Length);
			return Encoding.UTF8.GetString(decryptedBytes);
		}

		private static byte[] GetKey(string password) {
			var keyBytes = Encoding.UTF8.GetBytes(password);
			using var md5 = MD5.Create();
			return md5.ComputeHash(keyBytes);
		}

		private static byte[] GenerateRandomBytes(int numberOfBytes) {
			var randomBytes = new byte[numberOfBytes];
			_random.GetBytes(randomBytes);
			return randomBytes;
		}


		/// <summary>
		/// Creates a SHA256 hash of the specified input.
		/// </summary>
		/// <param name="input">The input.</param>
		/// <returns>A hash</returns>
		public static string Sha256(this string input) {
			if (input.IsNullOrWhiteSpace()) return string.Empty;

			using var sha = SHA256.Create();
			var bytes = Encoding.UTF8.GetBytes(input);
			var hash = sha.ComputeHash(bytes);

			return Convert.ToBase64String(hash);
		}

		/// <summary>
		/// Creates a SHA256 hash of the specified input.
		/// </summary>
		/// <param name="input">The input.</param>
		/// <returns>A hash.</returns>
		public static byte[] Sha256(this byte[] input) {
			if (input == null) {
				return null;
			}

			using var sha = SHA256.Create();
			return sha.ComputeHash(input);
		}

		/// <summary>
		/// Creates a SHA512 hash of the specified input.
		/// </summary>
		/// <param name="input">The input.</param>
		/// <returns>A hash</returns>
		public static string Sha512(this string input) {
			if (input.IsNullOrWhiteSpace()) return string.Empty;

			using var sha = SHA512.Create();
			var bytes = Encoding.UTF8.GetBytes(input);
			var hash = sha.ComputeHash(bytes);

			return Convert.ToBase64String(hash);
		}


		/// <summary>
		/// Creates a SHA256 hash of the specified input.
		/// </summary>
		/// <param name="input">The input.</param>
		/// <returns>A hash.</returns>
		public static byte[] Sha512(this byte[] input) {
			if (input == null) {
				return null;
			}

			using var sha = SHA512.Create();
			return sha.ComputeHash(input);
		}
	}
}