package com.linecorp.linesdk.auth.internal;

import android.content.ActivityNotFoundException;
import android.content.Context;
import android.content.Intent;
import android.content.pm.ResolveInfo;
import android.net.Uri;
import android.os.Build;
import android.os.Bundle;
import android.os.Parcelable;
import android.text.TextUtils;

import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.VisibleForTesting;
import androidx.browser.customtabs.CustomTabsIntent;
import androidx.core.content.ContextCompat;

import com.linecorp.linesdk.BuildConfig;
import com.linecorp.linesdk.Constants;
import com.linecorp.linesdk.LineApiError;
import com.linecorp.linesdk.Scope;
import com.linecorp.linesdk.auth.LineAuthenticationConfig;
import com.linecorp.linesdk.auth.LineAuthenticationParams;
import com.linecorp.linesdk.internal.pkce.CodeChallengeMethod;
import com.linecorp.linesdk.internal.pkce.PKCECode;

import org.json.JSONException;
import org.json.JSONObject;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;

import static com.linecorp.linesdk.utils.StringUtils.createRandomAlphaNumeric;
import static com.linecorp.linesdk.utils.UriUtils.appendQueryParams;
import static com.linecorp.linesdk.utils.UriUtils.buildParams;

/**
 * Class represents the LINE authentication API for browser log-in.
 */
/* package */ class BrowserAuthenticationApi {
    private static final int LENGTH_OAUTH_STATE = 16;

    private static final int LENGTH_OPENID_NONCE = 16;

    static class Request {
        @NonNull
        private final Intent intent;
        @Nullable
        private final Bundle startActivityOptions;
        @NonNull
        private final String redirectUri;
        private final boolean isLineAppAuthentication;

        @VisibleForTesting
        Request(@NonNull Intent intent,
                @Nullable Bundle startActivityOptions,
                @NonNull String redirectUri,
                boolean isLineAppAuthentication) {
            this.intent = intent;
            this.startActivityOptions = startActivityOptions;
            this.redirectUri = redirectUri;
            this.isLineAppAuthentication = isLineAppAuthentication;
        }

        @NonNull
        Intent getIntent() {
            return intent;
        }

        @Nullable
        Bundle getStartActivityOptions() {
            return startActivityOptions;
        }

        @NonNull
        String getRedirectUri() {
            return redirectUri;
        }

        boolean isLineAppAuthentication() {
            return isLineAppAuthentication;
        }
    }

    private static final LineAppVersion AUTO_LOGIN_FOR_LINE_SDK_ENABLED_VERSION =
            new LineAppVersion(6, 9, 0);
    @NonNull
    private final LineAuthenticationStatus authenticationStatus;

    BrowserAuthenticationApi(@NonNull LineAuthenticationStatus authenticationStatus) {
        this.authenticationStatus = authenticationStatus;
    }

    @NonNull
    Request getRequest(
            @NonNull Context context,
            @NonNull LineAuthenticationConfig config,
            @NonNull PKCECode pkceCode,
            @NonNull LineAuthenticationParams params)
            throws ActivityNotFoundException {

        // "state" may be guessed easily but there is no problem as the follows.
        // In case of LINE SDK, the correctness of "redirect_uri" will be checked with using PKCE
        // instead of "state".
        final String oAuthState = createRandomAlphaNumeric(LENGTH_OAUTH_STATE);
        authenticationStatus.setOAuthState(oAuthState);

        final String openIdNonce;
        if (params.getScopes().contains(Scope.OPENID_CONNECT)) {
            if (!TextUtils.isEmpty(params.getNonce())) {
                openIdNonce = params.getNonce();
            } else {
                // generate a random string for it, if no `nonce` param specified
                openIdNonce = createRandomAlphaNumeric(LENGTH_OPENID_NONCE);
            }
        } else {
            openIdNonce = null;
        }
        authenticationStatus.setOpenIdNonce(openIdNonce);

        final String redirectUri = createRedirectUri(context);

        final Uri loginUri = createLoginUrl(config, pkceCode, params, oAuthState, openIdNonce, redirectUri);

        AuthenticationIntentHolder intentHolder = getAuthenticationIntentHolder(
                context, loginUri, config.isLineAppAuthenticationDisabled());

        return new Request(
                intentHolder.getIntent(),
                intentHolder.getStartActivityOptions(),
                redirectUri,
                intentHolder.isLineAppAuthentication);
    }

    @VisibleForTesting
    boolean isChromeCustomTabSupported() {
        return Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN;
    }

    @VisibleForTesting
    @NonNull
    Uri createLoginUrl(
            @NonNull LineAuthenticationConfig config,
            @NonNull PKCECode pkceCode,
            @NonNull LineAuthenticationParams params,
            @NonNull String oAuthState,
            @Nullable String openIdNonce,
            @NonNull String redirectUri) {
        final String baseReturnUri = "/oauth2/v2.1/authorize/consent";
        final Map<String, String> returnQueryParams = buildParams(
                "response_type", "code",
                "client_id", config.getChannelId(),
                "state", oAuthState,
                "code_challenge", pkceCode.getChallenge(),
                "code_challenge_method", CodeChallengeMethod.S256.getValue(),
                "redirect_uri", redirectUri,
                "sdk_ver", BuildConfig.VERSION_NAME,
                "scope", Scope.join(params.getScopes())
        );
        if (!TextUtils.isEmpty(openIdNonce)) {
            returnQueryParams.put("nonce", openIdNonce);
        }
        if (params.getBotPrompt() != null) {
            returnQueryParams.put("bot_prompt", params.getBotPrompt().name().toLowerCase());
        }

        final String returnUri = appendQueryParams(baseReturnUri, returnQueryParams)
                .toString();

        final Map<String, String> loginQueryParams = buildParams(
                "returnUri", returnUri,
                "loginChannelId", config.getChannelId()
        );
        if (params.getUILocale() != null) {
            loginQueryParams.put("ui_locales", params.getUILocale().toString());
        }
        return appendQueryParams(config.getWebLoginPageUrl(), loginQueryParams);
    }

    @VisibleForTesting
    @NonNull
    String createRedirectUri(@NonNull Context context) {
        // A host name must be set even if it is not used because a browser regards as an opaque uri.
        // If a browser redirects with an opaque uri, we can not parse query parameters by using
        // Uri class.
        return "intent://result#Intent;package=" + context.getPackageName() + ";scheme=lineauth;end";
    }

    /**
     * Returns {@link AuthenticationIntentHolder} that holds information to start authentication.
     * If the following conditions are satisfied, this returns an intent to launch LINE
     * application. Otherwise returns an intent to launch an application other than LINE
     * application such as browser.
     * - LINE application is installed.
     * - LINE application version is 6.9.0 or more.
     * (LINE auto login feature is available before 6.9.0 but "scope" and "otpId" are not available
     * on the versions.)
     * - The method parameter value of 'isLineAppAuthDisabled' is false.
     * If the above conditions are satisfied, the return intent launches LINE application even if
     * the current user sets an external browser as the auto login page launching setting.
     */
    @VisibleForTesting
    @NonNull
    AuthenticationIntentHolder getAuthenticationIntentHolder(
            @NonNull Context context, @NonNull Uri loginUri, boolean isLineAppAuthDisabled)
            throws ActivityNotFoundException {

        Intent intent;
        Bundle startActivityOptions;
        if (isChromeCustomTabSupported()) {
            CustomTabsIntent customTabsIntent = new CustomTabsIntent.Builder()
                    .setToolbarColor(ContextCompat.getColor(context, android.R.color.white))
                    .build();
            intent = customTabsIntent.intent.setData(loginUri);
            startActivityOptions = customTabsIntent.startAnimationBundle;
        } else {
            intent = new Intent(Intent.ACTION_VIEW).setData(loginUri);
            startActivityOptions = null;
        }

        LineAppVersion lineAppVersion = LineAppVersion.getLineAppVersion(context);
        if (lineAppVersion == null) {
            return new AuthenticationIntentHolder(
                    intent, startActivityOptions, false /* isLineAppAuthentication */);
        }

        boolean shouldLaunchLineApp = !isLineAppAuthDisabled
                && lineAppVersion.isEqualOrGreaterThan(AUTO_LOGIN_FOR_LINE_SDK_ENABLED_VERSION);
        if (shouldLaunchLineApp) {
            Intent lineAppIntent = new Intent(Intent.ACTION_VIEW);
            lineAppIntent.setData(loginUri);
            lineAppIntent.setPackage(Constants.LINE_APP_PACKAGE_NAME);
            return new AuthenticationIntentHolder(
                    lineAppIntent, startActivityOptions, true /* isLineAppAuthentication */);
        }

        Intent browserIntent = new Intent(Intent.ACTION_VIEW, Uri.parse("http://"));
        List<ResolveInfo> resolveInfoList =
                context.getPackageManager().queryIntentActivities(browserIntent, 0 /* flags */);
        List<Intent> targetIntents
                = convertToIntents(loginUri, resolveInfoList, intent.getExtras());

        int targetIntentCount = targetIntents.size();
        if (targetIntentCount == 0) {
            throw new ActivityNotFoundException(
                    "Activity for LINE log-in is not found. uri=" + loginUri);
        }
        if (targetIntentCount == 1) {
            return new AuthenticationIntentHolder(
                    targetIntents.get(0), startActivityOptions, false /* isLineAppAuthentication */);
        }

        Intent chooserIntent = Intent.createChooser(targetIntents.remove(0), null /* title */);
        chooserIntent.putExtra(
                Intent.EXTRA_INITIAL_INTENTS,
                targetIntents.toArray(new Parcelable[targetIntents.size()]));
        return new AuthenticationIntentHolder(
                chooserIntent, startActivityOptions, false /* isLineAppAuthentication */);
    }

    @NonNull
    private static List<Intent> convertToIntents(
            @NonNull Uri data,
            @NonNull Collection<ResolveInfo> resolveInfoList,
            @Nullable Bundle extras) {
        List<Intent> targetIntents = new ArrayList<>(resolveInfoList.size());
        for (ResolveInfo resolveInfo : resolveInfoList) {
            Intent targetIntent = new Intent(Intent.ACTION_VIEW);
            targetIntent.setData(data);
            targetIntent.setPackage(resolveInfo.activityInfo.packageName);
            if (extras != null) {
                targetIntent.putExtras(extras);
            }
            targetIntents.add(targetIntent);
        }
        return targetIntents;
    }

    @NonNull
    Result getAuthenticationResultFrom(@NonNull Intent resultIntent) {
        Uri resultDataUri = resultIntent.getData();
        if (resultDataUri == null) {
            return Result.createAsInternalError(
                    "Illegal redirection from external application.");
        }
        String sentState = authenticationStatus.getOAuthState();
        String receivedState = resultDataUri.getQueryParameter("state");
        if (sentState == null || !sentState.equals(receivedState)) {
            return Result.createAsInternalError(
                    "Illegal parameter value of 'state'.");
        }
        String requestToken = resultDataUri.getQueryParameter("code");
        String friendshipStatusChangedStr = resultDataUri.getQueryParameter("friendship_status_changed");
        Boolean friendshipStatusChanged = null;
        if (!TextUtils.isEmpty(friendshipStatusChangedStr)) {
            friendshipStatusChanged = Boolean.parseBoolean(friendshipStatusChangedStr);
        }

        return !TextUtils.isEmpty(requestToken)
               ? Result.createAsSuccess(requestToken, friendshipStatusChanged)
               : Result.createAsAuthenticationAgentError(
                resultDataUri.getQueryParameter("error"),
                resultDataUri.getQueryParameter("error_description"));
    }

    /* package */ static class Result {
        @Nullable
        private final String requestToken;
        @Nullable
        private final Boolean friendshipStatusChanged;
        @Nullable
        private final String serverErrorCode;
        @Nullable
        private final String serverErrorDescription;
        @Nullable
        private final String internalErrorMessage;

        private Result(
                @Nullable String requestToken,
                @Nullable Boolean friendshipStatusChanged,
                @Nullable String serverErrorCode,
                @Nullable String serverErrorDescription,
                @Nullable String internalErrorMessage) {
            this.requestToken = requestToken;
            this.friendshipStatusChanged = friendshipStatusChanged;
            this.serverErrorCode = serverErrorCode;
            this.serverErrorDescription = serverErrorDescription;
            this.internalErrorMessage = internalErrorMessage;
        }

        @VisibleForTesting
        @NonNull
        static Result createAsSuccess(@NonNull String requestToken, @Nullable Boolean friendshipStatusChanged) {
            return new Result(
                    requestToken,
                    friendshipStatusChanged,
                    null /* serverErrorCode */,
                    null /* serverErrorDescription */,
                    null /* internalErrorMessage */);
        }

        @VisibleForTesting
        @NonNull
        static Result createAsAuthenticationAgentError(
                @NonNull String error, @NonNull String errorDescription) {
            return new Result(
                    null /* requestToken */,
                    null, /* friendshipStatusChanged */
                    error /* serverErrorCode */,
                    errorDescription /* serverErrorDescription */,
                    null /* internalErrorMessage */);
        }

        @VisibleForTesting
        @NonNull
        static Result createAsInternalError(
                @NonNull String errorMessage) {
            return new Result(
                    null /* requestToken */,
                    null, /* friendshipStatusChanged */
                    null /* serverErrorCode */,
                    null /* serverErrorDescription */,
                    errorMessage);
        }

        boolean isSuccess() {
            return !TextUtils.isEmpty(requestToken);
        }

        boolean isAuthenticationAgentError() {
            return TextUtils.isEmpty(internalErrorMessage) && !isSuccess();
        }

        private void checkRequestToken() {
            if (TextUtils.isEmpty(requestToken)) {
                throw new UnsupportedOperationException(
                        "requestToken is null. Please check result by isSuccess before.");
            }
        }

        @NonNull
        String getRequestToken() {
            checkRequestToken();
            return requestToken;
        }

        @Nullable
        Boolean getFriendshipStatusChanged() {
            checkRequestToken();
            return friendshipStatusChanged;
        }

        @NonNull
        LineApiError getLineApiError() {
            if (isAuthenticationAgentError()) {
                try {
                    return new LineApiError(
                            new JSONObject()
                                    .putOpt("error", serverErrorCode)
                                    .putOpt("error_description", serverErrorDescription)
                                    .toString());
                } catch (JSONException e) {
                    return new LineApiError(e);
                }
            }
            return new LineApiError(internalErrorMessage);
        }
    }

    @VisibleForTesting
    static class AuthenticationIntentHolder {
        @NonNull
        private final Intent intent;
        @Nullable
        private final Bundle startActivityOptions;
        private final boolean isLineAppAuthentication;

        AuthenticationIntentHolder(
                @NonNull Intent intent,
                @Nullable Bundle startActivityOptions,
                boolean isLineAppAuthentication) {
            this.intent = intent;
            this.startActivityOptions = startActivityOptions;
            this.isLineAppAuthentication = isLineAppAuthentication;
        }

        @NonNull
        public Intent getIntent() {
            return intent;
        }

        @Nullable
        public Bundle getStartActivityOptions() {
            return startActivityOptions;
        }

        public boolean isLineAppAuthentication() {
            return isLineAppAuthentication;
        }
    }
}