require 'fileutils'
require 'fastlane_core/globals'
require 'fastlane_core/cert_checker'
require 'fastlane_core/keychain_importer'
require 'fastlane_core/print_table'
require 'spaceship'

require_relative 'module'

module Cert
  class Runner
    def launch
      run

      installed = FastlaneCore::CertChecker.installed?(ENV["CER_FILE_PATH"], in_keychain: ENV["CER_KEYCHAIN_PATH"])
      UI.message("Verifying the certificate is properly installed locally...")
      UI.user_error!("Could not find the newly generated certificate installed", show_github_issues: true) unless installed
      UI.success("Successfully installed certificate #{ENV['CER_CERTIFICATE_ID']}")
      return ENV["CER_FILE_PATH"]
    end

    def login
      if api_token
        UI.message("Creating authorization token for App Store Connect API")
        Spaceship::ConnectAPI.token = api_token
      else
        UI.message("Starting login with user '#{Cert.config[:username]}'")
        Spaceship::ConnectAPI.login(Cert.config[:username], nil, use_portal: true, use_tunes: false)
        UI.message("Successfully logged in")
      end
    end

    def api_token
      @api_token ||= Spaceship::ConnectAPI::Token.create(**Cert.config[:api_key]) if Cert.config[:api_key]
      @api_token ||= Spaceship::ConnectAPI::Token.from_json_file(Cert.config[:api_key_path]) if Cert.config[:api_key_path]
      return @api_token
    end

    def run
      FileUtils.mkdir_p(Cert.config[:output_path])

      FastlaneCore::PrintTable.print_values(config: Cert.config, hide_keys: [:output_path], title: "Summary for cert #{Fastlane::VERSION}")

      login

      should_create = Cert.config[:force]
      unless should_create
        cert_path = find_existing_cert
        should_create = cert_path.nil?
      end

      return unless should_create

      if create_certificate # no certificate here, creating a new one
        return # success
      else
        UI.user_error!("Something went wrong when trying to create a new certificate...")
      end
    end

    # Command method for the :revoke_expired sub-command
    def revoke_expired_certs!
      FastlaneCore::PrintTable.print_values(config: Cert.config, hide_keys: [:output_path], title: "Summary for cert #{Fastlane::VERSION}")

      login

      to_revoke = expired_certs

      if to_revoke.empty?
        UI.success("No expired certificates were found to revoke! 👍")
        return
      end

      revoke_count = 0

      to_revoke.each do |certificate|
        begin
          UI.message("#{certificate.id} #{certificate.display_name} has expired, revoking...")
          certificate.delete!
          revoke_count += 1
        rescue => e
          UI.error("An error occurred while revoking #{certificate.id} #{certificate.display_name}")
          UI.error("#{e.message}\n#{e.backtrace.join("\n")}") if FastlaneCore::Globals.verbose?
        end
      end

      UI.success("#{revoke_count} expired certificate#{'s' if revoke_count != 1} #{revoke_count == 1 ? 'has' : 'have'} been revoked! 👍")
    end

    def expired_certs
      certificates.reject(&:valid?)
    end

    def find_existing_cert
      certificates.each do |certificate|
        unless certificate.certificate_content
          next
        end

        path = store_certificate(certificate, Cert.config[:filename])
        private_key_path = File.expand_path(File.join(Cert.config[:output_path], "#{certificate.id}.p12"))

        # As keychain is specific to macOS, this will likely fail on non macOS systems.
        # See also: https://github.com/fastlane/fastlane/pull/14462
        keychain = File.expand_path(Cert.config[:keychain_path]) unless Cert.config[:keychain_path].nil?
        if FastlaneCore::CertChecker.installed?(path, in_keychain: keychain)
          # This certificate is installed on the local machine
          ENV["CER_CERTIFICATE_ID"] = certificate.id
          ENV["CER_FILE_PATH"] = path
          ENV["CER_KEYCHAIN_PATH"] = keychain

          UI.success("Found the certificate #{certificate.id} (#{certificate.display_name}) which is installed on the local machine. Using this one.")

          return path
        elsif File.exist?(private_key_path)
          password = Cert.config[:keychain_password]
          FastlaneCore::KeychainImporter.import_file(private_key_path, keychain, keychain_password: password, skip_set_partition_list: Cert.config[:skip_set_partition_list])
          FastlaneCore::KeychainImporter.import_file(path, keychain, keychain_password: password, skip_set_partition_list: Cert.config[:skip_set_partition_list])

          ENV["CER_CERTIFICATE_ID"] = certificate.id
          ENV["CER_FILE_PATH"] = path
          ENV["CER_KEYCHAIN_PATH"] = keychain

          UI.success("Found the cached certificate #{certificate.id} (#{certificate.display_name}). Using this one.")

          return path
        else
          UI.error("Certificate #{certificate.id} (#{certificate.display_name}) can't be found on your local computer")
        end

        File.delete(path) # as apparently this certificate is pretty useless without a private key
      end

      UI.important("Couldn't find an existing certificate... creating a new one")
      return nil
    end

    # All certificates of this type
    def certificates
      filter = {
        certificateType: certificate_type
      }
      return Spaceship::ConnectAPI::Certificate.all(filter: filter)
    end

    # The kind of certificate we're interested in
    def certificate_type
      if Cert.config[:type]
        case Cert.config[:type].to_sym
        when :mac_installer_distribution
          return Spaceship::ConnectAPI::Certificate::CertificateType::MAC_INSTALLER_DISTRIBUTION
        when :developer_id_application
          return Spaceship::ConnectAPI::Certificate::CertificateType::DEVELOPER_ID_APPLICATION
        when :developer_id_kext
          return Spaceship::ConnectAPI::Certificate::CertificateType::DEVELOPER_ID_KEXT
        when :developer_id_installer
          raise "Cannot do with ASC API?"
          # return Spaceship.certificate.developer_id_installer
        else
          UI.user_error("Unaccepted value for :type - #{Cert.config[:type]}")
        end
      end

      # Check if apple certs (Xcode 11 and later) should be used
      if Cert.config[:generate_apple_certs]
        cert_type = Spaceship::ConnectAPI::Certificate::CertificateType::DISTRIBUTION
        cert_type = Spaceship::ConnectAPI::Certificate::CertificateType::IOS_DISTRIBUTION if Spaceship::ConnectAPI.client.in_house? # Enterprise doesn't use Apple Distribution
        cert_type = Spaceship::ConnectAPI::Certificate::CertificateType::DEVELOPMENT if Cert.config[:development]
      else
        case Cert.config[:platform].to_s
        when 'ios', 'tvos'
          cert_type = Spaceship::ConnectAPI::Certificate::CertificateType::IOS_DISTRIBUTION
          cert_type = Spaceship::ConnectAPI::Certificate::CertificateType::IOS_DISTRIBUTION if Spaceship::ConnectAPI.client.in_house?
          cert_type = Spaceship::ConnectAPI::Certificate::CertificateType::IOS_DEVELOPMENT if Cert.config[:development]

        when 'macos'
          cert_type = Spaceship::ConnectAPI::Certificate::CertificateType::MAC_APP_DISTRIBUTION
          cert_type = Spaceship::ConnectAPI::Certificate::CertificateType::MAC_APP_DEVELOPMENT if Cert.config[:development]
        end
      end

      return cert_type
    end

    def create_certificate
      # Create a new certificate signing request
      csr, pkey = Spaceship::ConnectAPI::Certificate.create_certificate_signing_request

      # Use the signing request to create a new (development|distribution) certificate
      begin
        certificate = Spaceship::ConnectAPI::Certificate.create(
          certificate_type: certificate_type,
          csr_content: csr.to_pem
        )
      rescue => ex
        type_name = (Cert.config[:development] ? "Development" : "Distribution")
        if ex.to_s.include?("You already have a current")
          UI.user_error!("Could not create another #{type_name} certificate, reached the maximum number of available #{type_name} certificates.", show_github_issues: true)
        elsif ex.to_s.include?("You are not allowed to perform this operation.") && type_name == "Distribution"
          UI.user_error!("You do not have permission to create this certificate. Only Team Admins can create Distribution certificates\n 🔍 See https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/ManagingYourTeam/ManagingYourTeam.html for more information.")
        end
        raise ex
      end

      # Store all that onto the filesystem

      request_path = File.expand_path(File.join(Cert.config[:output_path], "#{certificate.id}.certSigningRequest"))
      File.write(request_path, csr.to_pem)

      private_key_path = File.expand_path(File.join(Cert.config[:output_path], "#{certificate.id}.p12"))
      File.write(private_key_path, pkey)

      cert_path = store_certificate(certificate, Cert.config[:filename])

      # Import all the things into the Keychain
      keychain = File.expand_path(Cert.config[:keychain_path])
      password = Cert.config[:keychain_password]
      FastlaneCore::KeychainImporter.import_file(private_key_path, keychain, keychain_password: password, skip_set_partition_list: Cert.config[:skip_set_partition_list])
      FastlaneCore::KeychainImporter.import_file(cert_path, keychain, keychain_password: password, skip_set_partition_list: Cert.config[:skip_set_partition_list])

      # Environment variables for the fastlane action
      ENV["CER_CERTIFICATE_ID"] = certificate.id
      ENV["CER_FILE_PATH"] = cert_path

      UI.success("Successfully generated #{certificate.id} which was imported to the local machine.")

      return cert_path
    end

    def store_certificate(certificate, filename = nil)
      cert_name = filename ? filename : certificate.id
      cert_name = "#{cert_name}.cer" unless File.extname(cert_name) == ".cer"
      path = File.expand_path(File.join(Cert.config[:output_path], cert_name))
      raw_data = Base64.decode64(certificate.certificate_content)
      File.write(path, raw_data.force_encoding("UTF-8"))
      return path
    end
  end
end