package sigcred

import (
	"dehub.dev/src/dehub.git/fs"
	"dehub.dev/src/dehub.git/typeobj"
)

// Signifier reprsents a single signing method being defined in the Config. Only
// one field should be set on each Signifier.
type Signifier struct {
	PGPPublicKey     *SignifierPGP     `type:"pgp_public_key"`
	PGPPublicKeyFile *SignifierPGPFile `type:"pgp_public_key_file"`
}

// MarshalYAML implements the yaml.Marshaler interface.
func (s Signifier) MarshalYAML() (interface{}, error) {
	return typeobj.MarshalYAML(s)
}

// UnmarshalYAML implements the yaml.Unmarshaler interface.
func (s *Signifier) UnmarshalYAML(unmarshal func(interface{}) error) error {
	return typeobj.UnmarshalYAML(s, unmarshal)
}

// Interface returns the SignifierInterface instance encapsulated by this
// Signifier object.
//
// accountID is given so as to automatically fill the AccountID field of
// Credentials returned from Sign, since the underlying implementation doesn't
// know what account it's signing for.
func (s Signifier) Interface(accountID string) (SignifierInterface, error) {
	el, _, err := typeobj.Element(s)
	if err != nil {
		return nil, err
	}
	return accountSignifier{accountID, el.(SignifierInterface)}, nil
}

// SignifierInterface describes the methods that all Signifiers must implement.
type SignifierInterface interface {
	// Sign returns a Credential containing a signature of the given data.
	//
	// tree can be used to find the Signifier at a particular snapshot.
	Sign(fs fs.FS, data []byte) (Credential, error)

	// Signed returns true if the Signifier was used to sign the Credential.
	Signed(fs fs.FS, cred Credential) (bool, error)

	// Verify asserts that the Signifier produced the given Credential for the
	// given data set, or returns an error.
	//
	// tree can be used to find the Signifier at a particular snapshot.
	Verify(fs fs.FS, data []byte, cred Credential) error
}

// accountSignifier wraps a SignifierInterface to always set the accountID field
// on Credentials it produces via the Sign method.
//
// TODO accountSignifier shouldn't be necessary, it's very ugly. Which indicates
// that Credential probably shouldn't have AccountID on it, which makes sense.
// Some refactoring is required here.
type accountSignifier struct {
	accountID string
	SignifierInterface
}

func (as accountSignifier) Sign(fs fs.FS, data []byte) (Credential, error) {
	cred, err := as.SignifierInterface.Sign(fs, data)
	cred.AccountID = as.accountID
	return cred, err
}