use url::Url;

use crate::audit::PublicationPointAudit;
use crate::data_model::ta::TrustAnchor;
use crate::sync::rrdp::Fetcher;
use crate::validation::from_tal::{
    DiscoveredRootCaInstance, FromTalError, discover_root_ca_instance_from_tal_and_ta_der,
    discover_root_ca_instance_from_tal_url,
};
use crate::validation::tree::{
    CaInstanceHandle, TreeRunAuditOutput, TreeRunConfig, TreeRunError, TreeRunOutput,
    run_tree_serial, run_tree_serial_audit,
};
use crate::validation::tree_runner::Rpkiv1PublicationPointRunner;

#[derive(Clone, Debug, PartialEq, Eq)]
pub struct RunTreeFromTalOutput {
    pub discovery: DiscoveredRootCaInstance,
    pub tree: TreeRunOutput,
}

#[derive(Clone, Debug, PartialEq, Eq)]
pub struct RunTreeFromTalAuditOutput {
    pub discovery: DiscoveredRootCaInstance,
    pub tree: TreeRunOutput,
    pub publication_points: Vec<PublicationPointAudit>,
}

#[derive(Debug, thiserror::Error)]
pub enum RunTreeFromTalError {
    #[error("{0}")]
    FromTal(#[from] FromTalError),

    #[error("{0}")]
    Tree(#[from] TreeRunError),
}

pub fn root_handle_from_trust_anchor(
    trust_anchor: &TrustAnchor,
    ca_certificate_rsync_uri: Option<String>,
    ca_instance: &crate::validation::ca_instance::CaInstanceUris,
) -> CaInstanceHandle {
    let ta_rc = trust_anchor.ta_certificate.rc_ca.clone();
    CaInstanceHandle {
        depth: 0,
        ca_certificate_der: trust_anchor.ta_certificate.raw_der.clone(),
        ca_certificate_rsync_uri,
        effective_ip_resources: ta_rc.tbs.extensions.ip_resources.clone(),
        effective_as_resources: ta_rc.tbs.extensions.as_resources.clone(),
        rsync_base_uri: ca_instance.rsync_base_uri.clone(),
        manifest_rsync_uri: ca_instance.manifest_rsync_uri.clone(),
        publication_point_rsync_uri: ca_instance.publication_point_rsync_uri.clone(),
        rrdp_notification_uri: ca_instance.rrdp_notification_uri.clone(),
    }
}

pub fn run_tree_from_tal_url_serial(
    store: &crate::storage::RocksStore,
    policy: &crate::policy::Policy,
    tal_url: &str,
    http_fetcher: &dyn Fetcher,
    rsync_fetcher: &dyn crate::fetch::rsync::RsyncFetcher,
    validation_time: time::OffsetDateTime,
    config: &TreeRunConfig,
) -> Result<RunTreeFromTalOutput, RunTreeFromTalError> {
    let discovery = discover_root_ca_instance_from_tal_url(http_fetcher, tal_url)?;

    let runner = Rpkiv1PublicationPointRunner {
        store,
        policy,
        http_fetcher,
        rsync_fetcher,
        validation_time,
    };

    let root = root_handle_from_trust_anchor(&discovery.trust_anchor, None, &discovery.ca_instance);
    let tree = run_tree_serial(root, &runner, config)?;

    Ok(RunTreeFromTalOutput { discovery, tree })
}

pub fn run_tree_from_tal_url_serial_audit(
    store: &crate::storage::RocksStore,
    policy: &crate::policy::Policy,
    tal_url: &str,
    http_fetcher: &dyn Fetcher,
    rsync_fetcher: &dyn crate::fetch::rsync::RsyncFetcher,
    validation_time: time::OffsetDateTime,
    config: &TreeRunConfig,
) -> Result<RunTreeFromTalAuditOutput, RunTreeFromTalError> {
    let discovery = discover_root_ca_instance_from_tal_url(http_fetcher, tal_url)?;

    let runner = Rpkiv1PublicationPointRunner {
        store,
        policy,
        http_fetcher,
        rsync_fetcher,
        validation_time,
    };

    let root = root_handle_from_trust_anchor(&discovery.trust_anchor, None, &discovery.ca_instance);
    let TreeRunAuditOutput {
        tree,
        publication_points,
    } = run_tree_serial_audit(root, &runner, config)?;

    Ok(RunTreeFromTalAuditOutput {
        discovery,
        tree,
        publication_points,
    })
}

pub fn run_tree_from_tal_and_ta_der_serial(
    store: &crate::storage::RocksStore,
    policy: &crate::policy::Policy,
    tal_bytes: &[u8],
    ta_der: &[u8],
    resolved_ta_uri: Option<&Url>,
    http_fetcher: &dyn Fetcher,
    rsync_fetcher: &dyn crate::fetch::rsync::RsyncFetcher,
    validation_time: time::OffsetDateTime,
    config: &TreeRunConfig,
) -> Result<RunTreeFromTalOutput, RunTreeFromTalError> {
    let discovery =
        discover_root_ca_instance_from_tal_and_ta_der(tal_bytes, ta_der, resolved_ta_uri)?;

    let runner = Rpkiv1PublicationPointRunner {
        store,
        policy,
        http_fetcher,
        rsync_fetcher,
        validation_time,
    };

    let root = root_handle_from_trust_anchor(&discovery.trust_anchor, None, &discovery.ca_instance);
    let tree = run_tree_serial(root, &runner, config)?;

    Ok(RunTreeFromTalOutput { discovery, tree })
}

pub fn run_tree_from_tal_and_ta_der_serial_audit(
    store: &crate::storage::RocksStore,
    policy: &crate::policy::Policy,
    tal_bytes: &[u8],
    ta_der: &[u8],
    resolved_ta_uri: Option<&Url>,
    http_fetcher: &dyn Fetcher,
    rsync_fetcher: &dyn crate::fetch::rsync::RsyncFetcher,
    validation_time: time::OffsetDateTime,
    config: &TreeRunConfig,
) -> Result<RunTreeFromTalAuditOutput, RunTreeFromTalError> {
    let discovery =
        discover_root_ca_instance_from_tal_and_ta_der(tal_bytes, ta_der, resolved_ta_uri)?;

    let runner = Rpkiv1PublicationPointRunner {
        store,
        policy,
        http_fetcher,
        rsync_fetcher,
        validation_time,
    };

    let root = root_handle_from_trust_anchor(&discovery.trust_anchor, None, &discovery.ca_instance);
    let TreeRunAuditOutput {
        tree,
        publication_points,
    } = run_tree_serial_audit(root, &runner, config)?;

    Ok(RunTreeFromTalAuditOutput {
        discovery,
        tree,
        publication_points,
    })
}