import type { AsymmetricKeyConverter } from './key-converter.js';
import type { AsymmetricKeyGenerator } from './key-generator.js';
import type { Cipher } from './cipher.js';
import type { Hasher } from './hasher.js';
import type { Jwk } from '../jose/jwk.js';
import type { KeyIdentifier } from './identifier.js';
import type { KeyWrapper } from './key-wrapper.js';
import type { Signer } from './signer.js';
import type {
  BytesToPrivateKeyParams,
  BytesToPublicKeyParams,
  CipherParams,
  DeriveKeyBytesParams,
  DeriveKeyFromBytesParams,
  DigestParams,
  GenerateKeyParams,
  GetPublicKeyParams,
  PrivateKeyToBytesParams,
  PublicKeyToBytesParams,
  SignParams,
  UnwrapKeyParams,
  VerifyParams,
  WrapKeyParams,
} from './params-direct.js';
import type { KeyBytesDeriver, SimpleKeyDeriver } from './key-deriver.js';
import type {
  KmsCipherParams,
  KmsDigestParams,
  KmsGenerateKeyParams,
  KmsGetKeyUriParams,
  KmsGetPublicKeyParams,
  KmsSignParams,
  KmsVerifyParams,
} from './params-kms.js';

/**
 * The `DsaApi` interface integrates key generation, hashing, and signing functionalities,
 * designed for use with a Key Management System (KMS). It extends `AsymmetricKeyGenerator` for
 * generating asymmetric keys, `Hasher` for hash digest computations, and `Signer` for signing and
 * verifying operations.
 *
 * Concrete implementations of this interface are intended to be used with a KMS, which is
 * responsible for generating and storing cryptographic keys. The KMS is also responsible for
 * performing cryptographic operations using the keys it manages. The KMS is typically a cloud
 * service, but it can also be a hardware device or software application.
 *
 * Guidelines for implementing this interface:
 * - Must use JSON Web Keys ({@link Jwk | JWK}) as the key format.
 * - Must IANA registered JSON Object Signing and Encryption
 *   {@ link https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms | (JOSE)}
 *   names for algorithm, curves, etc. whenever possible.
 * - All I/O that interacts with private or secret keys must be done via reference using a
 *   {@link KeyIdentifier | `KeyIdentifier`}. Implementations can use any string as the key
 *   identifier (e.g. JWK thumbprint, UUID generated by hosted KMS, etc.).
 * - Must support key generation, hashing, signing, and verifying operations.
 * - May be extended to support other cryptographic operations.
 * - Implementations of the `DsaApi` interface can be passed as an argument to the public API
 *   methods of Web5 libraries that involve key material (e.g., DID creation, VC signing, arbitrary
 *   data signing/verification, etc.).
 */
export interface DsaApi<
  GenerateKeyInput = KmsGenerateKeyParams,
  GenerateKeyOutput = KeyIdentifier,
  GetPublicKeyInput = KmsGetPublicKeyParams,
  DigestInput = KmsDigestParams,
  SignInput = KmsSignParams,
  VerifyInput = KmsVerifyParams
 > extends AsymmetricKeyGenerator<GenerateKeyInput, GenerateKeyOutput, GetPublicKeyInput>,
          Hasher<DigestInput>,
          Signer<SignInput, VerifyInput> {}

/**
 * The `CryptoApi` interface extends {@link DsaApi} with encryption, key conversion,
 * key derivation, and key wrapping capabilities.
 *
 * This is the full-featured cryptographic API used by agent-level code that needs direct-key
 * cipher, key conversion, and key derivation operations beyond what the base `DsaApi` provides.
 */
export interface CryptoApi<
  GenerateKeyInput = GenerateKeyParams,
  GenerateKeyOutput = Jwk,
  GetPublicKeyInput = GetPublicKeyParams,
  DigestInput = DigestParams,
  SignInput = SignParams,
  VerifyInput = VerifyParams,
  EncryptInput = CipherParams,
  DecryptInput = CipherParams,
  BytesToPublicKeyInput = BytesToPublicKeyParams,
  PublicKeyToBytesInput = PublicKeyToBytesParams,
  BytesToPrivateKeyInput = BytesToPrivateKeyParams,
  PrivateKeyToBytesInput = PrivateKeyToBytesParams,
  DeriveKeyInput = DeriveKeyFromBytesParams,
  DeriveKeyOutput = Jwk,
  DeriveKeyBytesInput = DeriveKeyBytesParams,
  DeriveKeyBytesOutput = Uint8Array,
  WrapKeyInput = WrapKeyParams,
  UnwrapKeyInput = UnwrapKeyParams
> extends
  DsaApi<GenerateKeyInput, GenerateKeyOutput, GetPublicKeyInput, DigestInput, SignInput, VerifyInput>,
  Cipher<EncryptInput, DecryptInput>,
  AsymmetricKeyConverter<BytesToPublicKeyInput, PublicKeyToBytesInput, BytesToPrivateKeyInput, PrivateKeyToBytesInput>,
  SimpleKeyDeriver<DeriveKeyInput, DeriveKeyOutput>,
  KeyBytesDeriver<DeriveKeyBytesInput, DeriveKeyBytesOutput>,
  KeyWrapper<WrapKeyInput, UnwrapKeyInput> {}



/**
 * Parameters for configuring a {@link KeyManager} implementation.
 */
export interface KeyManagerParams {
  CipherInput?: unknown;
  GenerateKeyInput?: unknown;
  GenerateKeyOutput?: unknown;
  GetPublicKeyInput?: unknown;
  SignInput?: unknown;
  VerifyInput?: unknown;
}

/**
 * Default parameter types for {@link KeyManager}, using KMS-oriented types.
 */
export interface DefaultKeyManagerParams {
  CipherInput: KmsCipherParams;
  GenerateKeyInput: KmsGenerateKeyParams;
  GenerateKeyOutput: KeyIdentifier;
  GetPublicKeyInput: KmsGetPublicKeyParams;
  SignInput: KmsSignParams;
  VerifyInput: KmsVerifyParams;
}

/**
 * The `KeyManager` interface integrates key generation and signing capabilities.
 *
 * Concrete implementations of this interface are intended to be used as a Key Management System
 * (KMS), which is responsible for generating and storing cryptographic keys.
 */
export interface KeyManager<T extends KeyManagerParams = DefaultKeyManagerParams>
  extends DsaApi<T['GenerateKeyInput'], T['GenerateKeyOutput'], T['GetPublicKeyInput'], KmsDigestParams, T['SignInput'], T['VerifyInput']> {

  /**
   * Returns the Key URI for a given JWK.
   *
   * @param params - The parameters for getting the key URI.
   * @param params.key - The key to get the URI for.
   * @returns The key URI.
   */
  getKeyUri(params: KmsGetKeyUriParams): Promise<KeyIdentifier>;
}