defmodule YandexTranslate do
  @iam_token_url "https://iam.api.cloud.yandex.net/iam/v1/tokens"

  def get_key(type, key \\ Application.get_env(:yandex_translate, :private_key))

  def get_key(:public, key),
    do: get_key(:private, key) |> JOSE.JWK.to_public()

  def get_key(:private, key),
    do: fetch_key(key)

  defp fetch_key("-----BEGIN" <> _ = key_content), do: JOSE.JWK.from_pem(key_content)

  defp fetch_key(key_file), do: JOSE.JWK.from_pem_file(key_file)

  def get_iam_token(),
    do: Application.get_all_env(:yandex_translate) |> Map.new() |> get_iam_token()

  def get_iam_token(%{service_account_id: iss, private_key: private_key, authorized_key_id: kid}) do
    now = DateTime.utc_now() |> DateTime.to_unix()
    jwk = get_key(:private, private_key) |> JOSE.JWK.merge(%{"kid" => kid})

    # JSON Web Signature (JWS)
    jws = %{
      "alg" => "RS256",
      "typ" => "JWT",
      "kid" => kid
    }

    # JSON Web Token (JWT)
    jwt =
      JOSE.JWT.from(%{
        "iss" => iss,
        "exp" => now + 60 * 60,
        "iat" => now,
        "aud" => @iam_token_url
      })

    _signed = JOSE.JWT.sign(jwk, jws, jwt) |> JOSE.JWS.compact() |> elem(1)
  end
end