using System.Buffers.Binary;
using System.Net;
using AcDream.Core.Net;
using AcDream.Core.Net.Cryptography;
using AcDream.Core.Net.Packets;

namespace AcDream.Core.Net.Tests;

/// <summary>
/// Live integration test that talks to a real ACE server. Skipped by
/// default so CI doesn't fail for developers without a running server.
/// To run:
/// <code>
///   set ACDREAM_LIVE=1
///   set ACDREAM_TEST_USER=testaccount
///   set ACDREAM_TEST_PASS=testpassword
///   set ACDREAM_TEST_HOST=127.0.0.1   (optional, default)
///   set ACDREAM_TEST_PORT=9000        (optional, default)
///   dotnet test --filter LiveHandshake
/// </code>
///
/// <para>
/// <b>Credential handling:</b> the test reads the username and password
/// from environment variables and uses them in one outbound LoginRequest
/// packet. They are never written to disk, never logged to console, never
/// included in assertion messages, and never committed. When the test
/// prints diagnostics they are reduced to their length so mistakes in
/// the env-var setup are distinguishable from server errors.
/// </para>
/// </summary>
public class LiveHandshakeTests
{
    [Fact]
    public void Live_LoginRequest_ReceivesConnectRequestFromServer()
    {
        if (Environment.GetEnvironmentVariable("ACDREAM_LIVE") != "1")
            return;  // skipped — not a failure

        var host = Environment.GetEnvironmentVariable("ACDREAM_TEST_HOST") ?? "127.0.0.1";
        var portStr = Environment.GetEnvironmentVariable("ACDREAM_TEST_PORT") ?? "9000";
        var user = Environment.GetEnvironmentVariable("ACDREAM_TEST_USER");
        var pass = Environment.GetEnvironmentVariable("ACDREAM_TEST_PASS");

        Assert.NotNull(user);
        Assert.NotNull(pass);
        Assert.NotEmpty(user!);
        Assert.NotEmpty(pass!);

        var remote = new IPEndPoint(IPAddress.Parse(host), int.Parse(portStr));
        using var net = new NetClient(remote);

        // Build and send the LoginRequest datagram. Header has only the
        // LoginRequest flag; checksum is unencrypted (the ISAAC keystream
        // is established only *after* the server sends us ConnectRequest).
        uint timestamp = (uint)DateTimeOffset.UtcNow.ToUnixTimeSeconds();
        byte[] loginBody = LoginRequest.Build(user, pass, timestamp);
        var loginHeader = new PacketHeader { Flags = PacketHeaderFlags.LoginRequest };
        byte[] loginDatagram = PacketCodec.Encode(loginHeader, loginBody, outboundIsaac: null);

        Console.WriteLine($"[live] sending {loginDatagram.Length}-byte LoginRequest to {remote} " +
                          $"(user.len={user.Length}, pass.len={pass.Length})");
        net.Send(loginDatagram);

        // Expect at least one packet back within 5 seconds. ACE can chunk
        // the handshake across multiple datagrams so we loop until we find
        // a ConnectRequest or hit the overall deadline.
        var deadline = DateTime.UtcNow + TimeSpan.FromSeconds(5);
        Packet? connectRequest = null;
        int packetsReceived = 0;

        while (DateTime.UtcNow < deadline && connectRequest is null)
        {
            var bytes = net.Receive(deadline - DateTime.UtcNow, out var from);
            if (bytes is null) break;
            packetsReceived++;
            Console.WriteLine($"[live] received {bytes.Length}-byte datagram from {from}");

            var decoded = PacketCodec.TryDecode(bytes, inboundIsaac: null);
            Console.WriteLine($"[live]   decode result: {decoded.Error}, " +
                              $"flags: {(decoded.Packet?.Header.Flags.ToString() ?? "n/a")}");

            if (decoded.IsOk && decoded.Packet!.Header.HasFlag(PacketHeaderFlags.ConnectRequest))
            {
                connectRequest = decoded.Packet;
                break;
            }
        }

        Console.WriteLine($"[live] total packets received: {packetsReceived}");

        Assert.True(packetsReceived > 0,
            "Server did not respond at all within 5s — is ACE actually running on " +
            $"{remote} and does the account '{user}' exist?");

        Assert.NotNull(connectRequest);
        var opt = connectRequest!.Optional;
        Console.WriteLine($"[live] ConnectRequest decoded: " +
                          $"serverTime={opt.ConnectRequestServerTime:F3} " +
                          $"cookie=0x{opt.ConnectRequestCookie:X16} " +
                          $"clientId=0x{opt.ConnectRequestClientId:X8} " +
                          $"serverSeed=0x{opt.ConnectRequestServerSeed:X8} " +
                          $"clientSeed=0x{opt.ConnectRequestClientSeed:X8}");

        Assert.NotEqual(0UL, opt.ConnectRequestCookie);
        Assert.NotEqual(0u, opt.ConnectRequestClientId);
        Assert.NotEqual(0u, opt.ConnectRequestServerSeed);
        Assert.NotEqual(0u, opt.ConnectRequestClientSeed);
    }

    [Fact]
    public void Live_FullThreeWayHandshake_ReachesConnectedState()
    {
        if (Environment.GetEnvironmentVariable("ACDREAM_LIVE") != "1")
            return;

        var host = Environment.GetEnvironmentVariable("ACDREAM_TEST_HOST") ?? "127.0.0.1";
        var portStr = Environment.GetEnvironmentVariable("ACDREAM_TEST_PORT") ?? "9000";
        var user = Environment.GetEnvironmentVariable("ACDREAM_TEST_USER")!;
        var pass = Environment.GetEnvironmentVariable("ACDREAM_TEST_PASS")!;

        int loginPort = int.Parse(portStr);
        int connectPort = loginPort + 1;

        var loginEndpoint = new IPEndPoint(IPAddress.Parse(host), loginPort);
        var connectEndpoint = new IPEndPoint(IPAddress.Parse(host), connectPort);

        using var net = new NetClient(loginEndpoint);

        // Step 1: send LoginRequest to port 9000.
        uint timestamp = (uint)DateTimeOffset.UtcNow.ToUnixTimeSeconds();
        byte[] loginPayload = LoginRequest.Build(user, pass, timestamp);
        var loginHeader = new PacketHeader { Flags = PacketHeaderFlags.LoginRequest };
        byte[] loginDatagram = PacketCodec.Encode(loginHeader, loginPayload, outboundIsaac: null);

        Console.WriteLine($"[live] step 1: sending {loginDatagram.Length}-byte LoginRequest to {loginEndpoint}");
        net.Send(loginDatagram);

        // Step 2: receive ConnectRequest (from port 9000).
        Packet? connectRequest = null;
        var deadline = DateTime.UtcNow + TimeSpan.FromSeconds(5);
        while (DateTime.UtcNow < deadline)
        {
            var bytes = net.Receive(deadline - DateTime.UtcNow, out var from);
            if (bytes is null) break;
            var decoded = PacketCodec.TryDecode(bytes, inboundIsaac: null);
            Console.WriteLine($"[live] step 2: got {bytes.Length}-byte datagram from {from}, " +
                              $"decode={decoded.Error}, flags={decoded.Packet?.Header.Flags}");
            if (decoded.IsOk && decoded.Packet!.Header.HasFlag(PacketHeaderFlags.ConnectRequest))
            {
                connectRequest = decoded.Packet;
                break;
            }
        }
        Assert.NotNull(connectRequest);

        var cr = connectRequest!.Optional;
        Console.WriteLine($"[live] step 2: ConnectRequest cookie=0x{cr.ConnectRequestCookie:X16} " +
                          $"clientId=0x{cr.ConnectRequestClientId:X8}");

        // Step 3: send ConnectResponse echoing the cookie to port 9001.
        // Protocol details confirmed against references/holtburger/crates/
        // holtburger-session/src/session/auth.rs::handle_handshake_request:
        //   - Sequence = 1 (LoginRequest was seq 0; our next outbound is seq 1)
        //   - Id = 0 (NOT the clientId from ConnectRequest; that's ACE's
        //     internal session id, not the packet header Id field)
        //   - 200ms delay before send to avoid a race with the server that
        //     holtburger discovered empirically (ACE_HANDSHAKE_RACE_DELAY_MS)
        //   - Body is 8 bytes, the cookie as little-endian u64
        byte[] connectResponseBody = new byte[8];
        BinaryPrimitives.WriteUInt64LittleEndian(connectResponseBody, cr.ConnectRequestCookie);

        var crHeader = new PacketHeader
        {
            Sequence  = 1,
            Flags     = PacketHeaderFlags.ConnectResponse,
            Id        = 0,
            Time      = 0,
            Iteration = 0,
        };
        byte[] connectResponseDatagram = PacketCodec.Encode(crHeader, connectResponseBody, outboundIsaac: null);

        Console.WriteLine($"[live] step 3: sleeping 200ms (ACE handshake race delay) then sending " +
                          $"{connectResponseDatagram.Length}-byte ConnectResponse to {connectEndpoint}");
        Thread.Sleep(200);
        net.Send(connectEndpoint, connectResponseDatagram);

        // Seed the two ISAAC streams NOW. From this point on the server
        // will use EncryptedChecksum for everything it sends us, and expects
        // the same from us.
        var serverSeedBytes = new byte[4];
        BinaryPrimitives.WriteUInt32LittleEndian(serverSeedBytes, cr.ConnectRequestServerSeed);
        var clientSeedBytes = new byte[4];
        BinaryPrimitives.WriteUInt32LittleEndian(clientSeedBytes, cr.ConnectRequestClientSeed);
        var inboundIsaac  = new IsaacRandom(serverSeedBytes);  // decrypts server's outbound
        var outboundIsaac = new IsaacRandom(clientSeedBytes);  // encrypts our outbound
        Console.WriteLine($"[live] step 3: ISAAC seeds primed, " +
                          $"inbound.next=0x{new IsaacRandom(serverSeedBytes).Next():X8}, " +
                          $"outbound.next=0x{new IsaacRandom(clientSeedBytes).Next():X8}");

        // Step 4: receive post-handshake traffic. Run fragments through a
        // FragmentAssembler so multi-packet game messages reassemble, then
        // read the opcode (first 4 bytes of the assembled body) to prove
        // we're looking at real GameMessage opcodes.
        var assembler = new FragmentAssembler();
        int postHandshakePackets = 0;
        int successfullyDecoded = 0;
        int checksumFailures = 0;
        var seenOpcodes = new List<uint>();
        var postDeadline = DateTime.UtcNow + TimeSpan.FromSeconds(5);
        while (DateTime.UtcNow < postDeadline)
        {
            var bytes = net.Receive(postDeadline - DateTime.UtcNow, out var from);
            if (bytes is null) break;
            postHandshakePackets++;
            var decoded = PacketCodec.TryDecode(bytes, inboundIsaac);
            Console.WriteLine($"[live] step 4: got {bytes.Length}-byte datagram from {from}, " +
                              $"decode={decoded.Error}, flags={decoded.Packet?.Header.Flags}, " +
                              $"seq={decoded.Packet?.Header.Sequence}");
            if (decoded.IsOk)
            {
                successfullyDecoded++;
                foreach (var frag in decoded.Packet!.Fragments)
                {
                    var completeBody = assembler.Ingest(frag, out _);
                    if (completeBody is not null && completeBody.Length >= 4)
                    {
                        uint opcode = BinaryPrimitives.ReadUInt32LittleEndian(completeBody);
                        seenOpcodes.Add(opcode);
                        string name = opcode switch
                        {
                            0xF658 => "CharacterList",
                            0xF7E1 => "ServerName",
                            0xF7E5 => "DDDInterrogation",
                            _      => "unknown",
                        };
                        Console.WriteLine($"[live]   GameMessage assembled: opcode=0x{opcode:X8} ({name}), " +
                                          $"body={completeBody.Length} bytes");
                    }
                }
            }
            else if (decoded.Error == PacketCodec.DecodeError.ChecksumMismatch)
                checksumFailures++;
        }

        Console.WriteLine($"[live] step 4 summary: {postHandshakePackets} packets received, " +
                          $"{successfullyDecoded} decoded OK, {checksumFailures} checksum failures, " +
                          $"{seenOpcodes.Count} GameMessages assembled");

        // The contract of Phase 4.6e is "server accepted our ConnectResponse
        // and started streaming". Any post-handshake traffic at all proves
        // step 3 worked. Successful decoding proves ISAAC is correct.
        Assert.True(postHandshakePackets > 0,
            "Server did not send any post-handshake packets — ConnectResponse rejected?");
        // ISAAC correctness is the stretch goal. Log but don't assert yet —
        // if our ISAAC matches ACE's, successfullyDecoded > 0. If there's
        // a seed-direction mismatch or a CRC math bug this will be 0 and
        // we'll see checksumFailures > 0.
    }
}