using DigitalData.Core.Security.Config;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;

namespace DigitalData.Core.Security
{
    public class JwtSignatureService<TPrincipal> : JwtSecurityTokenHandler
    {
        private readonly ClaimDescriptor<TPrincipal> _claimDescriptor;

        private readonly TokenDescriptorProvider _descriptorProvider;

        public JwtSignatureService(IOptions<ClaimDescriptor<TPrincipal>> claimDescriptorOptions, TokenDescriptorProvider descriptorProvider)
        {
            _claimDescriptor = claimDescriptorOptions.Value;
            _descriptorProvider = descriptorProvider;
        }

        public SecurityToken CreateToken(TPrincipal subject, TokenDescription description)
        {
            var descriptor = _descriptorProvider.Create(description: description);
            descriptor.Claims = _claimDescriptor.CreateClaims?.Invoke(subject);
            descriptor.Subject = _claimDescriptor.CreateSubject?.Invoke(subject);
            return CreateToken(descriptor);
        }

        public string CreateAndWriteToken(TPrincipal subject, TokenDescription description) => WriteToken(CreateToken(subject, description));
    }
}