using Disco.Data.Repository;
using Disco.Models.Services.Authorization;
using Disco.Models.Repository;
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Disco.Services.Interop.ActiveDirectory;

namespace Disco.Services.Authorization.Roles
{
    internal static class RoleCache
    {
        internal const int AdministratorsTokenId = -1;
        internal const int ComputerAccountTokenId = -200;
        internal const string ClaimsJsonEmpty = "null";
        internal static readonly string[] _RequiredAdministratorSubjectIds = new string[] { "Domain Admins" };

        private static List<RoleToken> _Cache;
        private static RoleToken _AdministratorToken;

        internal static void Initialize(DiscoDataContext Database)
        {
            _Cache = Database.AuthorizationRoles.ToList().Select(ar => RoleToken.FromAuthorizationRole(ar)).ToList();

            // Add System Roles
            AddSystemRoles(Database);
        }

        private static void AddSystemRoles(DiscoDataContext Database)
        {
            // Disco Administrators
            _AdministratorToken = RoleToken.FromAuthorizationRole(new AuthorizationRole()
            {
                Id = AdministratorsTokenId,
                Name = "Disco Administrators",
                SubjectIds = string.Join(",", GenerateAdministratorSubjectIds(Database))
            }, Claims.AdministratorClaims());
            _Cache.Add(_AdministratorToken);

            // Computer Accounts
            _Cache.Add(RoleToken.FromAuthorizationRole(new AuthorizationRole()
            {
                Id = ComputerAccountTokenId,
                Name = "Domain Computer Account"
            }, Claims.ComputerAccountClaims()));
        }

        private static IEnumerable<string> GenerateAdministratorSubjectIds(DiscoDataContext Database)
        {
            var domainNetBiosName = ActiveDirectory.Context.PrimaryDomain.NetBiosName;
            var configuredSubjectIds = Database.DiscoConfiguration.Administrators.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries).Select(s => s.Contains(@"\") ? s : string.Format(@"{0}\{1}", domainNetBiosName, s));

            return RequiredAdministratorSubjectIds
                .Concat(configuredSubjectIds)
                .Distinct(StringComparer.OrdinalIgnoreCase)
                .OrderBy(s => s);
        }
        public static IEnumerable<string> RequiredAdministratorSubjectIds
        {
            get
            {
                var domainNetBiosName = ActiveDirectory.Context.PrimaryDomain.NetBiosName;
                return _RequiredAdministratorSubjectIds.Select(s => string.Format(@"{0}\{1}", domainNetBiosName, s));
            }
        }
        public static IEnumerable<string> AdministratorSubjectIds
        {
            get
            {
                return _AdministratorToken.SubjectIds.ToList();
            }
        }

        public static void UpdateAdministratorSubjectIds(DiscoDataContext Database, IEnumerable<string> SubjectIds)
        {
            // Clean
            SubjectIds = SubjectIds
                .Where(s => !string.IsNullOrWhiteSpace(s))
                .Concat(RequiredAdministratorSubjectIds)
                .Distinct(StringComparer.OrdinalIgnoreCase)
                .OrderBy(s => s);

            var subjectIdsString = string.Join(",", SubjectIds);

            // Update Database
            Database.DiscoConfiguration.Administrators = subjectIdsString;
            Database.SaveChanges();

            // Update State
            _AdministratorToken.SubjectIds = SubjectIds.ToList();
            _AdministratorToken.SubjectIdHashes = new HashSet<string>(SubjectIds.Select(i => i.ToLower()));
        }

        /// <summary>
        /// Create a clone of an Authorization Role
        /// <para>Creates immutable clones to avoid side-effects</para>
        /// </summary>
        /// <param name="TemplateRole">Authorization Role to Clone</param>
        /// <returns>A copy of the Authorization Role</returns>
        private static AuthorizationRole CloneAuthoriationRole(AuthorizationRole TemplateRole)
        {
            return new AuthorizationRole()
            {
                Id = TemplateRole.Id,
                Name = TemplateRole.Name,
                ClaimsJson = TemplateRole.ClaimsJson,
                SubjectIds = TemplateRole.SubjectIds
            };
        }

        internal static RoleToken AddRole(AuthorizationRole Role)
        {
            var token = RoleToken.FromAuthorizationRole(CloneAuthoriationRole(Role));
            _Cache.Add(token);
            return token;
        }

        internal static void RemoveRole(AuthorizationRole Role)
        {
            var token = GetRoleToken(Role.Id);
            if (token != null)
                _Cache.Remove(token);
        }

        internal static RoleToken UpdateRole(AuthorizationRole Role)
        {
            RemoveRole(Role);
            return AddRole(Role);
        }

        internal static RoleToken GetRoleToken(int Id)
        {
            return _Cache.FirstOrDefault(t => t.Role.Id == Id);
        }
        internal static RoleToken GetRoleToken(string SecurityGroup)
        {
            return _Cache.FirstOrDefault(t => t.SubjectIdHashes.Contains(SecurityGroup));
        }
        internal static List<IRoleToken> GetRoleTokens(IEnumerable<string> SecurityGroup)
        {
            return _Cache.Where(t => SecurityGroup.Any(sg => t.SubjectIdHashes.Contains(sg))).Cast<IRoleToken>().ToList();
        }
        internal static List<IRoleToken> GetRoleTokens(IEnumerable<string> SecurityGroup, User User)
        {
            var subjectIds = SecurityGroup.Concat(new string[] { User.UserId });

            return _Cache.Where(t => subjectIds.Any(sg => t.SubjectIdHashes.Contains(sg))).Cast<IRoleToken>().ToList();
        }
    }
}