from datetime import timedelta
from typing import Any, Dict, Iterable, Union

from pyhanko.config import api
from pyhanko.config.errors import ConfigurationError
from pyhanko.keys import load_certs_from_pemder

__all__ = ['init_validation_context_kwargs', 'parse_trust_config']


def init_validation_context_kwargs(
    *,
    trust: Union[Iterable[str], str],
    trust_replace: bool,
    other_certs: Union[Iterable[str], str],
    retroactive_revinfo: bool = False,
    time_tolerance: Union[timedelta, int, None] = None,
) -> Dict[str, Any]:
    if not isinstance(time_tolerance, timedelta):
        if time_tolerance is None:
            time_tolerance = DEFAULT_TIME_TOLERANCE
        elif isinstance(time_tolerance, int):
            time_tolerance = timedelta(seconds=time_tolerance)
        else:
            raise ConfigurationError(
                "time-tolerance parameter must be specified in seconds"
            )
    vc_kwargs: Dict[str, Any] = {'time_tolerance': time_tolerance}
    if retroactive_revinfo:
        vc_kwargs['retroactive_revinfo'] = True
    if trust:
        if isinstance(trust, str):
            trust = (trust,)
        # add trust roots to the validation context, or replace them
        trust_certs = list(load_certs_from_pemder(trust))
        if trust_replace:
            vc_kwargs['trust_roots'] = trust_certs
        else:
            vc_kwargs['extra_trust_roots'] = trust_certs
    if other_certs:
        if isinstance(other_certs, str):
            other_certs = (other_certs,)
        vc_kwargs['other_certs'] = list(load_certs_from_pemder(other_certs))
    return vc_kwargs


def parse_trust_config(
    trust_config, time_tolerance, retroactive_revinfo
) -> dict:
    api.check_config_keys(
        'ValidationContext',
        (
            'trust',
            'trust-replace',
            'other-certs',
            'time-tolerance',
            'retroactive-revinfo',
            'signer-key-usage',
            'signer-extd-key-usage',
            'signer-key-usage-policy',
        ),
        trust_config,
    )
    return init_validation_context_kwargs(
        trust=trust_config.get('trust'),
        trust_replace=trust_config.get('trust-replace', False),
        other_certs=trust_config.get('other-certs'),
        time_tolerance=trust_config.get('time-tolerance', time_tolerance),
        retroactive_revinfo=trust_config.get(
            'retroactive-revinfo', retroactive_revinfo
        ),
    )


DEFAULT_TIME_TOLERANCE: timedelta = timedelta(seconds=30)