from hashlib import sha256

from twilio.jwt import Jwt


class ClientValidationJwt(Jwt):
    """A JWT included on requests so that Twilio can verify request authenticity"""
    __CTY = 'twilio-pkrv;v=1'
    ALGORITHM = 'RS256'

    def __init__(self, account_sid, api_key_sid, credential_sid, private_key, validation_payload):
        """
        Create a new ClientValidationJwt
        :param str account_sid: A Twilio Account Sid starting with 'AC'
        :param str api_key_sid: A Twilio API Key Sid starting with 'SK'
        :param str credential_sid: A Credential Sid starting with 'CR',
                                   public key Twilio will use to verify the JWT.
        :param str private_key: The private key used to sign the JWT.
        :param ValidationPayload validation_payload: information from the request to sign
        """
        super(ClientValidationJwt, self).__init__(
            secret_key=private_key,
            issuer=api_key_sid,
            subject=account_sid,
            algorithm=self.ALGORITHM,
            ttl=300     # 5 minute ttl
        )
        self.credential_sid = credential_sid
        self.validation_payload = validation_payload

    def _generate_headers(self):
        return {
            'cty': ClientValidationJwt.__CTY,
            'kid': self.credential_sid
        }

    def _generate_payload(self):
        # Lowercase header keys, combine and sort headers with list values
        all_headers = {k.lower(): self._sort_and_join(v, ',') for k, v in self.validation_payload.all_headers.items()}
        # Names of headers we are signing in the jwt
        signed_headers = sorted(self.validation_payload.signed_headers)

        # Stringify headers, only include headers in signed_headers
        headers_str = ['{}:{}'.format(h, all_headers[h]) for h in signed_headers if h in all_headers]
        headers_str = '\n'.join(headers_str)

        # Sort query string parameters
        query_string = self.validation_payload.query_string.split('&')
        query_string = self._sort_and_join(query_string, '&')

        req_body_hash = self._hash(self.validation_payload.body) or ''

        signed_headers_str = ';'.join(signed_headers)

        signed_payload = [
            self.validation_payload.method,
            self.validation_payload.path,
            query_string,
        ]

        if headers_str:
            signed_payload.append(headers_str)
        signed_payload.append('')
        signed_payload.append(signed_headers_str)
        signed_payload.append(req_body_hash)

        signed_payload = '\n'.join(signed_payload)

        return {
            'hrh': signed_headers_str,
            'rqh': self._hash(signed_payload)
        }

    @classmethod
    def _sort_and_join(cls, values, joiner):
        if isinstance(values, str):
            return values
        return joiner.join(sorted(values))

    @classmethod
    def _hash(cls, input_str):
        if not input_str:
            return input_str

        if not isinstance(input_str, bytes):
            input_str = input_str.encode('utf-8')

        return sha256(input_str).hexdigest()