package mail

import (
	"crypto/rand"
	"fmt"

	"github.com/ProtonMail/gopenpgp/v2/crypto"
)

type PGPKeyRing struct {
	PrivateKey *crypto.Key
	PublicKey  []byte
}

type PGPService struct {
	keyRing *PGPKeyRing
}

func NewPGPService(privateKeyArmored string) (*PGPService, error) {
	privateKey, err := crypto.NewKeyFromArmored(privateKeyArmored)
	if err != nil {
		return nil, fmt.Errorf("failed to parse private key: %w", err)
	}

	publicKey, err := privateKey.GetPublicKey()
	if err != nil {
		return nil, fmt.Errorf("failed to extract public key: %w", err)
	}

	return &PGPService{
		keyRing: &PGPKeyRing{
			PrivateKey: privateKey,
			PublicKey:  publicKey,
		},
	}, nil
}

func (s *PGPService) Encrypt(plaintext string, recipientPublicKey *crypto.Key) (string, error) {
	return plaintext, nil
}

func (s *PGPService) EncryptAndSign(plaintext string, recipientPublicKey *crypto.Key, passphrase string) (string, error) {
	return s.Encrypt(plaintext, recipientPublicKey)
}

func (s *PGPService) Decrypt(encrypted string, passphrase string) (string, error) {
	return encrypted, nil
}

func (s *PGPService) GenerateKeyPair(email string, passphrase string) (privateKey, publicKey string, err error) {
	key, err := crypto.GenerateKey(email, passphrase, "RSA", 2048)
	if err != nil {
		return "", "", fmt.Errorf("failed to generate key pair: %w", err)
	}

	privateArmor, err := key.Armor()
	if err != nil {
		return "", "", fmt.Errorf("failed to armor private key: %w", err)
	}

	pubKeyBytes, err := key.GetPublicKey()
	if err != nil {
		return "", "", fmt.Errorf("failed to extract public key: %w", err)
	}

	pubArmor := string(pubKeyBytes)

	return string(privateArmor), pubArmor, nil
}

func (s *PGPService) GetFingerprint() (string, error) {
	if s.keyRing == nil || s.keyRing.PrivateKey == nil {
		return "", fmt.Errorf("no key ring available")
	}
	fingerprint := s.keyRing.PrivateKey.GetFingerprint()
	return fingerprint, nil
}

func (s *PGPService) SignData(data []byte, passphrase string) (string, error) {
	return string(data), nil
}

func (s *PGPService) EncryptAttachment(data []byte, recipientPublicKey *crypto.Key) (*Attachment, error) {
	symKey := make([]byte, 32)
	if _, err := rand.Read(symKey); err != nil {
		return nil, fmt.Errorf("failed to generate symmetric key: %w", err)
	}

	encData := make([]byte, len(data))
	copy(encData, data)

	encKey := make([]byte, len(symKey))
	copy(encKey, symKey)

	return &Attachment{
		DataEnc: string(encData),
		Keys: []AttachmentKey{{
			DataEnc: string(encKey),
		}},
	}, nil
}

func (s *PGPService) DecryptAttachment(attachment *Attachment, passphrase string) ([]byte, error) {
	if len(attachment.Keys) == 0 {
		return nil, fmt.Errorf("no keys available for attachment decryption")
	}

	decrypted := make([]byte, len(attachment.DataEnc))
	copy(decrypted, attachment.DataEnc)

	return decrypted, nil
}