package control

import (
	"crypto/rand"
	"encoding/base64"
	"encoding/hex"
	"fmt"
	"strings"

	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
)

const defaultRealityServerName = "www.nokia.com"

func ensureRealityProfile(protocol *ProtocolProfile) error {
	if protocol == nil || protocol.Type != "vless-reality" {
		return nil
	}
	if protocol.Reality == nil {
		protocol.Reality = &VLESSRealityProfile{}
	}
	if strings.TrimSpace(protocol.Reality.ServerName) == "" {
		protocol.Reality.ServerName = defaultRealityServerName
	}
	if protocol.Reality.ServerPort == 0 {
		protocol.Reality.ServerPort = 443
	}
	if strings.TrimSpace(protocol.Reality.Fingerprint) == "" {
		protocol.Reality.Fingerprint = "chrome"
	}
	if strings.TrimSpace(protocol.Reality.PrivateKey) == "" || strings.TrimSpace(protocol.Reality.PublicKey) == "" {
		privateKey, publicKey, err := generateRealityKeyPair()
		if err != nil {
			return err
		}
		protocol.Reality.PrivateKey = privateKey
		protocol.Reality.PublicKey = publicKey
	}
	if strings.TrimSpace(protocol.Reality.ShortID) == "" {
		shortID, err := generateRealityShortID()
		if err != nil {
			return err
		}
		protocol.Reality.ShortID = shortID
	}
	return nil
}

func generateRealityKeyPair() (privateKey string, publicKey string, err error) {
	privateKeyPair, err := wgtypes.GeneratePrivateKey()
	if err != nil {
		return "", "", err
	}
	publicKeyPair := privateKeyPair.PublicKey()
	return base64.RawURLEncoding.EncodeToString(privateKeyPair[:]), base64.RawURLEncoding.EncodeToString(publicKeyPair[:]), nil
}

func generateRealityShortID() (string, error) {
	var raw [8]byte
	if _, err := rand.Read(raw[:]); err != nil {
		return "", fmt.Errorf("generate reality short id: %w", err)
	}
	return hex.EncodeToString(raw[:]), nil
}