using Azure;
using Azure.Security.KeyVault.Secrets;

namespace Core.Blueprint.KeyVault
{
    /// <summary>
    /// Provides operations for managing secrets in Azure Key Vault.
    /// </summary>
    public sealed class KeyVaultProvider(SecretClient keyVaultProvider): IKeyVaultProvider
    {
        /// <summary>
        /// Creates a new secret in Azure Key Vault.
        /// </summary>
        /// <param name="keyVaultRequest">The request containing the name and value of the secret.</param>
        /// <param name="cancellationToken">The cancellation token to cancel the operation.</param>
        /// <returns>A <see cref="KeyVaultResponse"/> containing the details of the created secret.</returns>
        public async ValueTask<KeyVaultResponse> CreateSecretAsync(KeyVaultRequest keyVaultRequest, CancellationToken cancellationToken)
        {
            KeyVaultResponse _response = new();
            KeyVaultSecret azureResponse = await keyVaultProvider.SetSecretAsync(new KeyVaultSecret(keyVaultRequest.Name, keyVaultRequest.Value), cancellationToken);

            _response.Value = azureResponse.Value;
            _response.Name = azureResponse.Name;

            return _response;
        }

        /// <summary>
        /// Deletes a secret from Azure Key Vault if it exists.
        /// </summary>
        /// <param name="secretName">The name of the secret to delete.</param>
        /// <param name="cancellationToken">The cancellation token to cancel the operation.</param>
        /// <returns>
        /// A <see cref="Tuple"/> containing a status message and a boolean indicating whether the secret was successfully deleted.
        /// </returns>
        public async ValueTask<Tuple<string, bool>> DeleteSecretAsync(string secretName, CancellationToken cancellationToken)
        {
            var existingSecret = await this.GetSecretAsync(secretName, cancellationToken);
            if (existingSecret != null)
            {
                await keyVaultProvider.StartDeleteSecretAsync(secretName, cancellationToken);
                return new("Key Deleted", true);
            }

            return new("Key Not Found", false);
        }

        /// <summary>
        /// Retrieves a secret from Azure Key Vault.
        /// </summary>
        /// <param name="secretName">The name of the secret to retrieve.</param>
        /// <param name="cancellationToken">The cancellation token to cancel the operation.</param>
        /// <returns>
        /// A <see cref="Tuple"/> containing the <see cref="KeyVaultResponse"/> with secret details 
        /// and an optional error message if the secret was not found.
        /// </returns>
        public async ValueTask<Tuple<KeyVaultResponse, string?>> GetSecretAsync(string secretName, CancellationToken cancellationToken)
        {
            KeyVaultSecret azureResponse = await keyVaultProvider.GetSecretAsync(secretName, cancellationToken: cancellationToken);

            if (azureResponse == null)
            {
                return new(new KeyVaultResponse(), "Key Not Found");
            }

            return new(new KeyVaultResponse { Name = secretName, Value = azureResponse.Value }, string.Empty);
        }

        /// <summary>
        /// Updates an existing secret in Azure Key Vault. If the secret does not exist, an error is returned.
        /// </summary>
        /// <param name="newSecret">The updated secret information.</param>
        /// <param name="cancellationToken">The cancellation token to cancel the operation.</param>
        /// <returns>
        /// A <see cref="Tuple"/> containing the updated <see cref="KeyVaultResponse"/> and an optional error message if the secret was not found.
        /// </returns>
        public async ValueTask<Tuple<KeyVaultResponse, string>> UpdateSecretAsync(KeyVaultRequest newSecret, CancellationToken cancellationToken)
        {
            KeyVaultResponse _response = new();
            var existingSecret = await this.GetSecretAsync(newSecret.Name, cancellationToken);
            if (existingSecret == null)
            {
                return new(new KeyVaultResponse(), "Key Not Found");
            }
            KeyVaultSecret azureResponse = await keyVaultProvider.SetSecretAsync(new KeyVaultSecret(newSecret.Name, newSecret.Value), cancellationToken);

            _response.Value = azureResponse.Value;
            _response.Name = azureResponse.Name;

            return new(new KeyVaultResponse { Name = newSecret.Name, Value = azureResponse.Value }, string.Empty);
        }
    }
}