using TEAMModelOS.SDK.Extension.JwtAuth.Models;
using IdentityModel;
using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Text;
using TEAMModelOS.SDK.Helper.Common.DateTimeHelper;

namespace TEAMModelOS.SDK.Extension.JwtAuth.JwtHelper
{
    public class JwtHelper
    {
        /// <summary>
        /// 颁发JWT Token
        /// </summary>
        /// <param name="claimModel"></param>
        /// <param name="tokenModel"></param>
        /// <returns></returns>
        public static JwtResponse IssueJWT(ClaimModel claimModel, JwtSetting setting)
        {
           // JwtClient jwtClient = null;

            JwtClient jwtClient= setting.JwtClient.Where(x => x.Name.Equals(claimModel.Scope)).First();
            //foreach (JwtClient client in setting.JwtClient) {
            //    if (claimModel.Scope.Equals(client.Name)) {
            //        jwtClient = client;
            //        break; 
            //    }
            //}
            List<Claim> claims = new List<Claim>();
            var dateTime = DateTimeHelper.ConvertToTimeStamp10(DateTime.Now);
            claims.AddRange(claimModel.Claims);
            claims.Add(new Claim(JwtClaimTypes.IssuedAt, dateTime + "", ClaimValueTypes.Integer64));
            claims.Add(new Claim(JwtClaimTypes.NotBefore, dateTime + "", ClaimValueTypes.Integer64));
            claims.Add(new Claim(JwtClaimTypes.Expiration, dateTime + jwtClient.Exp + "", ClaimValueTypes.Integer64));
            claims.Add(new Claim(JwtClaimTypes.Audience, setting.Audience));
            claims.Add(new Claim(JwtClaimTypes.Issuer, setting.Issuer));
            claims.Add(new Claim(JwtClaimTypes.Scope, claimModel.Scope));
            claims.AddRange(claimModel.Roles.ToArray().Select(s=>new Claim(JwtClaimTypes.Role,s)));
            var creds = new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(setting.SecurityKey)), SecurityAlgorithms.HmacSha512);
            var jwt = new JwtSecurityToken(
                claims:claims,
                signingCredentials:creds
                );
            var jwtHandler = new JwtSecurityTokenHandler();
              jwtHandler.WriteToken(jwt);


            return new JwtResponse {
                access_token = jwtHandler.WriteToken(jwt),
                scope = claimModel.Scope
            };
        }
        /// <summary>
        /// 解析jwt
        /// </summary>
        /// <param name="jwtStr"></param>
        /// <returns></returns>
        public static ClaimModel SerializeJWT(string jwtStr)
        {
            var jwtHandler = new JwtSecurityTokenHandler();
            JwtSecurityToken jwtToken = jwtHandler.ReadJwtToken(jwtStr);
            ClaimModel claimModel = new ClaimModel();
            object role = new object();
            claimModel.Claims = jwtToken.Claims.ToList();
            jwtToken.Payload.TryGetValue("role", out role);
            if(role!=null)claimModel.Roles=role.ToString().Split(",").ToList();
            return claimModel;
        }
    }
}