package vpki;

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import vpki.core.HttpFactory;
import vpki.core.PkiFactory;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.*;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;

public class VpkiApplication {
  JSONObject jSONObject;
  String macAddress;
  String wmi;
  String iftid;
  String pubKeyHex;

  KeyPair keyPair;

  String hashedCsrStr;
  String pcid;

  public void init() throws Exception {
    keyPair = PkiFactory.generateKeyPair(ConfigureInfo.KEY_ALGORITHM);
    jSONObject = new JSONObject();

    macAddress = "9C36F800001E";
    wmi = "KMH";
    iftid = "ift01";

  }

  public JSONObject getCsr() throws Exception {


    ECPublicKey publicKey = (ECPublicKey) keyPair.getPublic();
    byte[] tmp = new byte[]{0x04};
    byte[] x = publicKey.getW().getAffineX().toByteArray(); //getQ().getXCoord().getEncoded();
    byte[] y = publicKey.getW().getAffineY().toByteArray(); //getQ().getYCoord().getEncoded();
    byte[] xy = new byte[x.length+y.length+1];

    System.out.println("Client PubKey: " + Base64.toBase64String(keyPair.getPublic().getEncoded()));
    System.out.println("PubKey x.length: " + x.length);
    System.out.println("PubKey y.length: " + y.length);
    System.out.println("Client PriKey: " + Base64.toBase64String(keyPair.getPrivate().getEncoded()));

    System.arraycopy(tmp, 0, xy, 0, 1);
    if(x.length > 32) {
      System.arraycopy(x, 1, xy, 1, 32);
    }else{
      System.arraycopy(x, 0, xy, 1, 32);
    }
    if(y.length > 32) {
      System.arraycopy(y, 1, xy, 33, 32);
    }else{
      System.arraycopy(y, 0, xy, 33, 32);
    }


    //hashed CSR Request
    jSONObject.put("iftid",iftid);
    jSONObject.put("macaddr",macAddress);
    jSONObject.put("publickey", Base64.toBase64String(xy));
    jSONObject.put("wmi",wmi);

    String hashedCSRReqStr = jSONObject.toJSONString();
    System.out.println(">> hashedCSR Request :" + hashedCSRReqStr);
    byte[] hashedCSRBytes = HttpFactory.sendPost(hashedCSRReqStr.getBytes(), HttpFactory.REQUESTTYPE.HASHEDCSR);
    System.out.println(">> hashedCSR Response :" + new String(hashedCSRBytes));

    JSONParser jsonParser = new JSONParser();
    jSONObject = (JSONObject) jsonParser.parse(new String(hashedCSRBytes));
    String status = (String) jSONObject.get("status");

    if(!status.equalsIgnoreCase("success")) {
      throw new Exception((String) jSONObject.get("message"));
    }

    return (JSONObject) jSONObject.get("data");
  }

  public JSONObject getCertificate() throws Exception {
    //Certificate Request
    byte[] signedCSRBytes = PkiFactory.signECDSAHashedValue(Base64.decode(hashedCsrStr), keyPair.getPrivate());
    boolean verify1 = PkiFactory.verifyECDSAHashedValue(Base64.decode(hashedCsrStr), keyPair.getPublic(), signedCSRBytes);

    byte[] rawSignData = getRawSignatureFromDEREncoding(signedCSRBytes);

    jSONObject = new JSONObject();
    jSONObject.put("iftid",iftid);
    jSONObject.put("csrsignature",Base64.toBase64String(rawSignData));

    String csrsignatureReqStr = jSONObject.toJSONString();
    System.out.println(">> CSRSignatureValue Request :" + csrsignatureReqStr);
    byte[] certificateBytes = HttpFactory.sendPost(csrsignatureReqStr.getBytes(), HttpFactory.REQUESTTYPE.CERTIFICATE);
    System.out.println(">> CSRSignatureValue Response :" + new String(certificateBytes));

    JSONParser jsonParser = new JSONParser();
    jSONObject = (JSONObject) jsonParser.parse(new String(certificateBytes));
    String status = (String) jSONObject.get("status");

    if(!status.equalsIgnoreCase("success")) {
      throw new Exception((String) jSONObject.get("message"));
    }

    return (JSONObject) jSONObject.get("data");
  }

  public static byte[] getRawSignatureFromDEREncoding(byte[] derEncodedSignature) {
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    byte[] r = new byte[32];
    byte[] s = new byte[32];

    // Length of r is encoded in the fourth byte
    int lengthOfR = derEncodedSignature[3];

    // Length of r is encoded in the second byte AFTER r
    int lengthOfS = derEncodedSignature[lengthOfR + 5];

    // Length of r and s are either 33 bytes (including padding byte 0x00), 32 bytes (normal), or less (leftmost 0x00 bytes were removed)
    try {
      if (lengthOfR == 33) System.arraycopy(derEncodedSignature, 5, r, 0, lengthOfR - 1); // skip leftmost padding byte 0x00
      else if (lengthOfR == 32) System.arraycopy(derEncodedSignature, 4, r, 0, lengthOfR);
      else System.arraycopy(derEncodedSignature, 4, r, 32 - lengthOfR, lengthOfR); // destPos = number of leftmost 0x00 bytes

      if (lengthOfS == 33) System.arraycopy(derEncodedSignature, lengthOfR + 7, s, 0, lengthOfS - 1); // skip leftmost padding byte 0x00
      else if (lengthOfS == 32) System.arraycopy(derEncodedSignature, lengthOfR + 6, s, 0, lengthOfS);
      else System.arraycopy(derEncodedSignature, lengthOfR + 6, s, 32 - lengthOfS, lengthOfS); // destPos = number of leftmost 0x00 bytes
    } catch (ArrayIndexOutOfBoundsException e) {
    }

    try {
      baos.write(r);
      baos.write(s);
    } catch (IOException e) {
    }

    byte[] rawRAndS = baos.toByteArray();

    return rawRAndS;
  }

  public JSONObject verify() throws Exception {
    jSONObject = new JSONObject();
    jSONObject.put("iftid",iftid);
//    jSONObject.put("subjectdn",String.format(ConfigureInfo.revokeDN,pcid));
    jSONObject.put("pcid",pcid);
    jSONObject.put("result","fail");

    String verifyResultReqStr = jSONObject.toJSONString();
    System.out.println(">> VerifyResult Request :" + verifyResultReqStr);
    byte[] verifyResultRespBytes = HttpFactory.sendPost(verifyResultReqStr.getBytes(), HttpFactory.REQUESTTYPE.VERITYRESULT);
    System.out.println(">> VerifyResult Response :" + new String(verifyResultRespBytes));

    JSONParser jsonParser = new JSONParser();
    jSONObject = (JSONObject) jsonParser.parse(new String(verifyResultRespBytes));
    String status = (String) jSONObject.get("status");

    if(!status.equalsIgnoreCase("success")) {
      throw new Exception((String) jSONObject.get("message"));
    }

    return (JSONObject) jSONObject.get("data");
  }

  public static void main(String[] args) {
    VpkiApplication app = new VpkiApplication();
    try {

      app.init();

      JSONObject res1 = app.getCsr();
      app.hashedCsrStr = (String) res1.get("hashedtbscsr");
      app.pcid = (String) res1.get("pcid");
      System.out.println();

      JSONObject res2 = app.getCertificate();
      System.out.println();

      JSONObject res3 = app.verify();
      System.out.println();

    } catch (Exception e) {
      e.printStackTrace();
    }
  }
//  public static void main(String[] args) {
//    //Parameter
//    String macAddress = "abcd0123456";
//    String wmi = "KMH";
//    String iftid = "ift01";
//
//    String pubKeyHex = "04BB751403B9E7D6C5132292DBED87F2D739C4811BA5B9ED185D26544C90E4A3CE03308AE2D6744AE83A3762B58BF864BE66373338DC8775F507F96AAE4C487A5C";
//    String signedDataHex = "B23F130B068AB4FA88057AFA87225A7BC481E33BF91941FB561535D75868A593E7C82B04B50A0E975B6F92659D41B83082981DAE3FB9708560BE91622CFE3076";
//
//    try {
//      Security.addProvider(new BouncyCastleProvider());
//      System.out.println("KMH CMS Test Application");
//
//      byte[] pubKeyBytes = hexStringToByteArray(pubKeyHex);
//      byte[] signBytes = hexStringToByteArray(signedDataHex);
//      System.out.println("Test Pub Key : " + Base64.toBase64String(pubKeyBytes));
//      System.out.println("Test signature : " + Base64.toBase64String((signBytes)));
//
//      int EC_POINTSIZE = 32;
//      byte[] processedXData = new byte[EC_POINTSIZE];
//      byte[] processedYData = new byte[EC_POINTSIZE];
//      System.arraycopy(pubKeyBytes, 1, processedXData, 0, EC_POINTSIZE);
//      System.arraycopy(pubKeyBytes, EC_POINTSIZE + 1, processedYData, 0, EC_POINTSIZE);
//
//      ECPoint pubPoint = new ECPoint(new BigInteger(1, processedXData), new BigInteger(1, processedYData));
//      AlgorithmParameters params = AlgorithmParameters.getInstance("EC", "BC");
//      params.init(new ECGenParameterSpec("prime256v1"));
//      ECParameterSpec ecParameters = params.getParameterSpec(ECParameterSpec.class);
//      ECPublicKeySpec pubECSpec = new ECPublicKeySpec(pubPoint, ecParameters);
//      ECPublicKey publicKey = (ECPublicKey) KeyFactory.getInstance("EC", "BC").generatePublic(pubECSpec);
//
//      System.out.println("Test Pub Key : " + Base64.toBase64String(publicKey.getEncoded()));
//
//      //Create Key Pair
//      KeyPair keyPair = PkiFactory.generateKeyPair(ConfigureInfo.KEY_ALGORITHM);
//      String b64PubKey = Base64.toBase64String(keyPair.getPublic().getEncoded());
//      String b64PriKey = Base64.toBase64String(keyPair.getPrivate().getEncoded());
//
//      System.out.println("PublicKey :" + b64PubKey);
//      System.out.println("PrivateKey :" + b64PriKey);
//
//      //hashed CSR Request
//      JSONObject jSONObject = new JSONObject();
//      jSONObject.put("iftid",iftid);
//      jSONObject.put("macaddr",macAddress);
//      jSONObject.put("publickey",b64PubKey);
//      jSONObject.put("wmi",wmi);
//      String hashedCSRReqStr = jSONObject.toJSONString();
//      System.out.println("hashedCSR Request :" + hashedCSRReqStr);
//      byte[] hashedCSRBytes = HttpFactory.sendPost(hashedCSRReqStr.getBytes(), HttpFactory.REQUESTTYPE.HASHEDCSR);
//      System.out.println("hashedCSR Response :" + new String(hashedCSRBytes));
//
//      JSONParser jsonParser = new JSONParser();
//      jSONObject = (JSONObject) jsonParser.parse(new String(hashedCSRBytes));
//      JSONObject jSONObjectData = (JSONObject) jSONObject.get("data");
//      String hashedCsrStr = (String) jSONObjectData.get("hashedtbscsr");
//      String pcid = (String) jSONObjectData.get("pcid");
//
//      //Certificate Request
//      byte[] signedCSRBytes = PkiFactory.signECDSAHashedValue(Base64.decode(hashedCsrStr), keyPair.getPrivate());
//      jSONObject = new JSONObject();
//      jSONObject.put("iftid",iftid);
//      jSONObject.put("csrsignature",Base64.toBase64String(signedCSRBytes));
//      String csrsignatureReqStr = jSONObject.toJSONString();
//      System.out.println("CSRSignatureValue Request :" + csrsignatureReqStr);
//      byte[] certificateBytes = HttpFactory.sendPost(csrsignatureReqStr.getBytes(), HttpFactory.REQUESTTYPE.CERTIFICATE);
//      System.out.println("CSRSignatureValue Response :" + new String(certificateBytes));
//
//      //VerifyResult Request
//      jSONObject = new JSONObject();
//      jSONObject.put("iftid",iftid);
//      jSONObject.put("subjectdn",String.format(ConfigureInfo.revokeDN,pcid));
//      jSONObject.put("result","fail");
//      String verifyResultReqStr = jSONObject.toJSONString();
//      System.out.println("VerifyResult Request :" + verifyResultReqStr);
//      byte[] verifyResultRespBytes = HttpFactory.sendPost(verifyResultReqStr.getBytes(), HttpFactory.REQUESTTYPE.VERITYRESULT);
//      System.out.println("VerifyResult Response :" + new String(verifyResultRespBytes));
//
//      System.out.println("end");
//    } catch (Exception e) {
//      e.printStackTrace();
//    }
//  }

  public static byte[] hexStringToByteArray(String s) {
    int len = s.length();
    byte[] data = new byte[len / 2];
    for (int i = 0; i < len; i += 2) {
      data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
        + Character.digit(s.charAt(i+1), 16));
    }
    return data;
  }
}