using Alipay.AopSdk.Core.Util;
using Alipay.EasySDK.Kernel;
using LifePayment.Domain.Shared;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Microsoft.Extensions.Primitives;
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Authentication;
using System.Security.Claims;
using System.Text;
using System.Text.Encodings.Web;
using System.Threading.Tasks;
using ZeroD.Util;

namespace LifePayment.Domain
{
    public class AliPayAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
    {
        private readonly IOptionsMonitor<Config> _optionsMonitor;
        private Config _config;

        public AliPayAuthenticationHandler(
               IOptionsMonitor<AuthenticationSchemeOptions> options,
               ILoggerFactory logger,
               UrlEncoder encoder,
               ISystemClock clock,
               IOptionsMonitor<Config> optionsMonitor) : base(options, logger, encoder, clock)
        {
            _optionsMonitor = optionsMonitor;
        }

        protected async override Task<AuthenticateResult> HandleAuthenticateAsync()
        {
            string str = string.Empty;
            Request.EnableBuffering();
            var bytes = new byte[Request.ContentLength ?? 0];
            var bt = 1;
            while (bt > 0)
            {
                bt = await Request.Body.ReadAsync(bytes, 0, (int)(Request.ContentLength ?? 0));
            }

            str = Encoding.Default.GetString(bytes);
            Logger.LogError("信任签回调验签{0}", str);
            Request.Body.Position = 0;
            if (!str.IsNullOrEmpty())
            {
                var endPoint = Request.HttpContext.GetEndpoint();
                if (endPoint?.Metadata.GetMetadata<IAllowAnonymous>() != null)
                {
                    return AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), AliPaySignAuthenticationDefaults.AuthenticationScheme));
                }

                StringValues app_id;
                var app_idSuccess = Request.Form.TryGetValue("app_id", out app_id);
                if (!app_idSuccess)
                {
                    return AuthenticateResult.Fail(new AuthenticationException("app_id不可为空"));
                }

                StringValues msg_method;
                var msg_methodSuccess = Request.Form.TryGetValue("msg_method", out msg_method);
                if (!msg_methodSuccess)
                {
                    return AuthenticateResult.Fail(new AuthenticationException("msg_method不可为空"));
                }

                switch (msg_method)
                {
                    case AliPayEcsignConstant.AliPayEcsignApiMethod.SignorderSigned:
                        _config = _optionsMonitor.Get(AliPayEcsignConstant.OptionsName);
                        break;
                    default:
                        _config = _optionsMonitor.CurrentValue;
                        break;
                }

                SortedDictionary<string, string> dic = new SortedDictionary<string, string>();
                Request.Form.ToList().ForEach(r =>
                {
                    if (!r.Value.FirstOrDefault().IsNullOrEmpty())
                    {
                        dic.Add(r.Key, r.Value);
                    }
                });

                Logger.LogError("信任签回调验签2{0}", dic.ObjectToJson());
                bool signVerified = AlipaySignature.RSACheckV1(dic, _config.AlipayPublicKey, "UTF-8", _config.SignType, false);
                if (signVerified)
                {
                    var claimIdentity = new ClaimsIdentity("AliPayIdentity");
                    claimIdentity.AddClaim(new Claim(nameof(app_id), app_id));
                    var principal = new ClaimsPrincipal(claimIdentity);
                    return AuthenticateResult.Success(new AuthenticationTicket(principal, AliPaySignAuthenticationDefaults.AuthenticationScheme));
                }
            }

            return AuthenticateResult.Fail(new AuthenticationException("验签失败"));
        }
    }
}