using System;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using Microsoft.IdentityModel.Tokens;

namespace BlueWest.WebApi.Context.Users;

public class JwtTokenHandler : IJwtTokenHandler
{
    private readonly JwtSecurityTokenHandler _jwtSecurityTokenHandler;

    /// <summary>
    /// JwtTokenHandler
    /// </summary>
    public JwtTokenHandler()
    {
        _jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
    }

    /// <summary>
    /// Write token
    /// </summary>
    /// <param name="jwt"></param>
    /// <returns></returns>
    public string WriteToken(JwtSecurityToken jwt)
    {
        return _jwtSecurityTokenHandler.WriteToken(jwt);
    }

    /// <summary>
    /// Validate Token
    /// </summary>
    /// <param name="token"></param>
    /// <param name="tokenValidationParameters"></param>
    /// <returns></returns>
    /// <exception cref="SecurityTokenException"></exception>
    public ClaimsPrincipal ValidateToken(string token, TokenValidationParameters tokenValidationParameters)
    {
        try
        {
            var principal = _jwtSecurityTokenHandler.ValidateToken(token, tokenValidationParameters, out var securityToken);

            if (!(securityToken is JwtSecurityToken jwtSecurityToken) || !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase))
                throw new SecurityTokenException("Invalid token");

            return principal;
        }
        catch (Exception e)
        {
            return null;
        }
    }
}