# SPDX-FileCopyrightText: 2025 Greenbone AG
#
# SPDX-License-Identifier: GPL-3.0-or-later

from typing import Optional, Union

from gvm._enum import Enum
from gvm.errors import InvalidArgument, RequiredArgument
from gvm.protocols.core import Request
from gvm.xml import XmlCommand

from .._entity_id import EntityID
from ..v224._credentials import (
    Credentials as CredentialsV224,
)


class CredentialStoreCredentialType(Enum):
    """Enum for credential store credential types"""

    CLIENT_CERTIFICATE = "cs_cc"
    SNMP = "cs_snmp"
    USERNAME_PASSWORD = "cs_up"
    USERNAME_SSH_KEY = "cs_usk"
    SMIME_CERTIFICATE = "cs_smime"
    PGP_ENCRYPTION_KEY = "cs_pgp"
    PASSWORD_ONLY = "cs_pw"


class Credentials(CredentialsV224):
    @classmethod
    def create_credential_store_credential(
        cls,
        name: str,
        credential_type: Union[CredentialStoreCredentialType, str],
        *,
        comment: Optional[str] = None,
        credential_store_id: Optional[EntityID] = None,
        vault_id: Optional[str] = None,
        host_identifier: Optional[str] = None,
    ) -> Request:
        """Create a new credential that is fetched from a credential store

        Create a new credential e.g. to be used in the method of an alert.

        Currently the following credential types are supported:

            - Username + Password
            - Username + SSH-Key
            - Client Certificates
            - SNMPv1 or SNMPv2c protocol
            - S/MIME Certificate
            - OpenPGP Key
            - Password only

        Arguments:
            name: Name of the new credential
            credential_type: The credential type.
            comment: Comment for the credential
            credential_store_id: Optional id of the credential store to use
                (gvmd will pick default one if none is provided)
            vault_id: Vault-ID used to access the secret in credential store
            host_identifier: Host-Identifier used to access the secret in credential store

        Examples:
            Creating a Password-Only credential stored in a Credential Store

            .. code-block:: python

                request = Credentials.create_credential(
                    name='Credential-Store Password-Only Credential',
                    credential_type=CredentialType.CREDENTIAL_STOREPASSWORD_ONLY,
                    vault_id='a5f84dd4-da18-447c-a9fb-b77b5df49076',
                    host_identifier='/My/Secret',
                )
        """
        if not name:
            raise RequiredArgument(
                function=cls.create_credential.__name__, argument="name"
            )

        if not credential_type:
            raise RequiredArgument(
                function=cls.create_credential.__name__,
                argument="credential_type",
            )

        if not isinstance(credential_type, CredentialStoreCredentialType):
            credential_type = CredentialStoreCredentialType(credential_type)

        cmd = XmlCommand("create_credential")
        cmd.add_element("name", name)

        cmd.add_element("type", credential_type.value)

        if comment:
            cmd.add_element("comment", comment)

        if (
            credential_type != CredentialStoreCredentialType.CLIENT_CERTIFICATE
            and credential_type != CredentialStoreCredentialType.SNMP
            and credential_type
            != CredentialStoreCredentialType.USERNAME_PASSWORD
            and credential_type
            != CredentialStoreCredentialType.USERNAME_SSH_KEY
            and credential_type
            != CredentialStoreCredentialType.SMIME_CERTIFICATE
            and credential_type
            != CredentialStoreCredentialType.PGP_ENCRYPTION_KEY
            and credential_type != CredentialStoreCredentialType.PASSWORD_ONLY
        ):
            raise InvalidArgument(
                function=cls.create_credential.__name__,
                argument="credential_type",
            )

        if not vault_id:
            raise RequiredArgument(
                function=cls.create_credential.__name__,
                argument="vault_id",
            )
        if not host_identifier:
            raise RequiredArgument(
                function=cls.create_credential.__name__,
                argument="host_identifier",
            )

        if credential_store_id:
            cmd.add_element("credential_store_id", str(credential_store_id))

        cmd.add_element("vault_id", vault_id)
        cmd.add_element("host_identifier", host_identifier)

        return cmd

    @classmethod
    def modify_credential_store_credential(
        cls,
        credential_id: EntityID,
        *,
        name: Optional[str] = None,
        comment: Optional[str] = None,
        credential_store_id: Optional[EntityID] = None,
        vault_id: Optional[str] = None,
        host_identifier: Optional[str] = None,
    ) -> Request:
        """Modifies an existing credential.

        Arguments:
            credential_id: UUID of the credential
            name: Name of the credential
            comment: Comment for the credential
            credential_store_id: Optional id of the credential store to use
                (gvmd will pick default one if none is provided)
            vault_id: Vault-ID used to access the secret in credential store
            host_identifier: Host-Identifier used to access the secret in credential store
        """
        if not credential_id:
            raise RequiredArgument(
                function=cls.modify_credential.__name__,
                argument="credential_id",
            )

        cmd = XmlCommand("modify_credential")
        cmd.set_attribute("credential_id", str(credential_id))

        if name:
            cmd.add_element("name", name)
        if comment:
            cmd.add_element("comment", comment)

        if credential_store_id:
            cmd.add_element("credential_store_id", str(credential_store_id))
        if vault_id:
            cmd.add_element("vault_id", vault_id)
        if host_identifier:
            cmd.add_element("host_identifier", host_identifier)

        return cmd