using System;
using System.Security.Cryptography;
using System.Text;
using System.Linq;
using ln.types;
namespace ln.identities
{
    public class SeededPassword : SecureAttribute
    {
        public byte[] Seed { get; }

        byte[] secretBytes;

        private SeededPassword() { }

        public SeededPassword(byte[] seed,byte[] secretBytes)
            :base("Passwort")
        {
            this.Seed = seed;
            this.secretBytes = secretBytes;
        }
        public SeededPassword(string password)
            :base("Passwort")
        {
            Seed = new byte[32];
            Random.NextBytes(Seed);

            using (SHA256 sha256 = SHA256.Create())
            {
                byte[] passwordBytes = Encoding.UTF8.GetBytes(password);

                sha256.TransformBlock(Seed, 0, Seed.Length, null, 0);
                sha256.TransformBlock(passwordBytes, 0, passwordBytes.Length, null, 0);
                sha256.TransformFinalBlock(Seed, 0, Seed.Length);

                secretBytes = sha256.Hash;
            }
        }

        public override bool Authenticate(byte[] challenge,byte[] prove)
        {
            if (!Challenge.AreEqual(challenge))
                return false;

            using (SHA256 sha256 = SHA256.Create())
            {
                sha256.TransformBlock(Challenge, 0, Challenge.Length, null, 0);
                sha256.TransformBlock(secretBytes, 0, secretBytes.Length, null, 0);
                sha256.TransformFinalBlock(Challenge, 0, Challenge.Length);

                byte[] myProve = sha256.Hash;
                return myProve.AreEqual(prove);
            }
        }

        public override string GetAuthenticationParameters() => Seed.ToHexString();
    }
}