/*
 *
 * (c) Copyright Ascensio System Limited 2010-2021
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * http://www.apache.org/licenses/LICENSE-2.0
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
*/


using System.Text;

using ASC.ActiveDirectory.Base.Data;
using ASC.ActiveDirectory.Base.Expressions;
using ASC.ActiveDirectory.Base.Settings;
using ASC.Common;
using ASC.Common.Logging;
using ASC.Security.Cryptography;

using Microsoft.Extensions.Options;

namespace ASC.ActiveDirectory.Base
{
    [Scope]
    public abstract class LdapHelper : IDisposable
    {
        public LdapSettings Settings { get; private set; }

        private InstanceCrypto InstanceCrypto { get; }
        public abstract bool IsConnected { get; }

        protected readonly ILog Log;

        protected LdapHelper(
            IOptionsMonitor<ILog> option,
            InstanceCrypto instanceCrypto)
        {
            Log = option.Get("ASC");
            InstanceCrypto = instanceCrypto;
        }

        public void Init(LdapSettings settings)
        {
            Settings = settings;
        }

        public abstract void Connect();

        public abstract Dictionary<string, string[]> GetCapabilities();

        public abstract string SearchDomain();

        public abstract void CheckCredentials(string login, string password, string server, int portNumber,
            bool startTls, bool ssl, bool acceptCertificate, string acceptCertificateHash);

        public abstract bool CheckUserDn(string userDn);

        public abstract List<LdapObject> GetUsers(string filter = null, int limit = -1);

        public abstract LdapObject GetUserBySid(string sid);

        public abstract bool CheckGroupDn(string groupDn);

        public abstract List<LdapObject> GetGroups(Criteria criteria = null);

        public bool UserExistsInGroup(LdapObject domainGroup, LdapObject domainUser, LdapSettings settings) // string memberString, string groupAttribute, string primaryGroupId)
        {
            try
            {
                if (domainGroup == null || domainUser == null)
                    return false;

                var memberString = domainUser.GetValue(Settings.UserAttribute) as string;
                if (string.IsNullOrEmpty(memberString))
                    return false;

                var groupAttribute = settings.GroupAttribute;
                if (string.IsNullOrEmpty(groupAttribute))
                    return false;

                var userPrimaryGroupId = domainUser.GetValue(LdapConstants.ADSchemaAttributes.PRIMARY_GROUP_ID) as string;

                if (!string.IsNullOrEmpty(userPrimaryGroupId) && domainGroup.Sid.EndsWith("-" + userPrimaryGroupId))
                {
                    // Domain Users found
                    return true;
                }
                else
                {
                    var members = domainGroup.GetValues(groupAttribute);

                    if (members.Count == 0)
                        return false;

                    if (members.Any(member => memberString.Equals(member, StringComparison.InvariantCultureIgnoreCase)
                        || member.Equals(domainUser.DistinguishedName, StringComparison.InvariantCultureIgnoreCase)))
                        return true;
                }
            }
            catch (Exception e)
            {
                Log.ErrorFormat("UserExistsInGroup() failed. Error: {0}", e);
            }

            return false;
        }

        public string GetPassword(byte[] passwordBytes)
        {
            if (passwordBytes == null || passwordBytes.Length == 0)
                return string.Empty;

            string password;
            try
            {
                password = InstanceCrypto.Decrypt(passwordBytes);
            }
            catch (Exception)
            {
                password = string.Empty;
            }
            return password;
        }

        public byte[] GetPasswordBytes(string password)
        {
            byte[] passwordBytes;

            try
            {
                passwordBytes = InstanceCrypto.Encrypt(new UnicodeEncoding().GetBytes(password));
            }
            catch (Exception)
            {
                passwordBytes = Array.Empty<byte>();
            }

            return passwordBytes;
        }

        public abstract void Dispose();
    }
}