# Script de verification des secrets OIDC pour BTPXpress Client JSF
# Verifie que tous les secrets necessaires sont correctement configures

$PROPERTIES_FILE = "src/main/resources/application.properties"

Write-Host ""
Write-Host "========================================" -ForegroundColor Cyan
Write-Host "Verification des Secrets OIDC" -ForegroundColor Green
Write-Host "========================================" -ForegroundColor Cyan
Write-Host ""

# Verifier que le fichier existe
if (-not (Test-Path $PROPERTIES_FILE)) {
    Write-Host "ERREUR: Fichier $PROPERTIES_FILE introuvable!" -ForegroundColor Red
    exit 1
}

$content = Get-Content $PROPERTIES_FILE -Raw

# Fonction pour extraire et verifier un secret
function Test-Secret {
    param(
        [string]$PropertyName,
        [string]$Content,
        [int]$MinLength,
        [string]$Description
    )

    $pattern = "$PropertyName\s*=\s*(.+)"
    if ($Content -match $pattern) {
        $value = $Matches[1].Trim()
        $length = $value.Length

        Write-Host "[OK] $Description" -ForegroundColor Green
        Write-Host "  Propriete: $PropertyName" -ForegroundColor Gray
        Write-Host "  Longueur: $length caracteres" -ForegroundColor Gray

        if ($length -lt $MinLength) {
            Write-Host "  ATTENTION: Le secret doit faire au moins $MinLength caracteres!" -ForegroundColor Yellow
            return $false
        } elseif ($length -eq $MinLength) {
            Write-Host "  OK: Longueur correcte ($MinLength caracteres)" -ForegroundColor Green
        } else {
            Write-Host "  OK: Longueur correcte ($length caracteres, min: $MinLength)" -ForegroundColor Green
        }
        Write-Host ""
        return $true
    } else {
        Write-Host "[ERREUR] $Description" -ForegroundColor Red
        Write-Host "  Propriete: $PropertyName" -ForegroundColor Gray
        Write-Host "  NON CONFIGURE!" -ForegroundColor Red
        Write-Host ""
        return $false
    }
}

# Verifier les 3 secrets necessaires
Write-Host "1. Verification des secrets OIDC requis:" -ForegroundColor Yellow
Write-Host ""

$clientSecretOk = Test-Secret `
    -PropertyName "quarkus.oidc.credentials.secret" `
    -Content $content `
    -MinLength 32 `
    -Description "Client Secret (Keycloak)"

$stateSecretOk = Test-Secret `
    -PropertyName "quarkus.oidc.authentication.state-secret" `
    -Content $content `
    -MinLength 32 `
    -Description "State Secret (PKCE)"

$tokenEncryptionOk = Test-Secret `
    -PropertyName "quarkus.oidc.token-state-manager.encryption-secret" `
    -Content $content `
    -MinLength 32 `
    -Description "Token Encryption Secret (Cookies)"

# Verifier PKCE active
Write-Host "2. Verification de la configuration PKCE:" -ForegroundColor Yellow
Write-Host ""

if ($content -match "quarkus.oidc.authentication.pkce-required\s*=\s*true") {
    Write-Host "[OK] PKCE active (pkce-required=true)" -ForegroundColor Green
    $pkceEnabled = $true
} else {
    Write-Host "[ERREUR] PKCE NON active" -ForegroundColor Red
    $pkceEnabled = $false
}

if ($content -match "quarkus.oidc.authentication.pkce-secret\s*=\s*(true|false)") {
    $pkceSecretValue = $Matches[1]
    if ($pkceSecretValue -eq "false") {
        Write-Host "[OK] PKCE secret=false (utilise state-secret dedie)" -ForegroundColor Green
    } else {
        Write-Host "[ATTENTION] PKCE secret=true (utilise client secret, state-secret ne doit PAS etre configure)" -ForegroundColor Yellow
    }
} else {
    Write-Host "[ATTENTION] PKCE secret non configure" -ForegroundColor Yellow
}

Write-Host ""

# Resume
Write-Host "========================================" -ForegroundColor Cyan
Write-Host "Resume de la verification" -ForegroundColor Green
Write-Host "========================================" -ForegroundColor Cyan
Write-Host ""

$allOk = $clientSecretOk -and $stateSecretOk -and $tokenEncryptionOk -and $pkceEnabled

if ($allOk) {
    Write-Host "[OK] TOUS LES SECRETS SONT CORRECTEMENT CONFIGURES!" -ForegroundColor Green
    Write-Host ""
    Write-Host "Vous pouvez maintenant demarrer l'application:" -ForegroundColor Cyan
    Write-Host "  mvn quarkus:dev" -ForegroundColor White
    Write-Host ""
    Write-Host "Puis acceder a: http://localhost:8081" -ForegroundColor Cyan
    Write-Host ""
    exit 0
} else {
    Write-Host "[ERREUR] CONFIGURATION INCOMPLETE!" -ForegroundColor Red
    Write-Host ""
    Write-Host "Les secrets manquants ou invalides doivent etre configures dans:" -ForegroundColor Yellow
    Write-Host "  $PROPERTIES_FILE" -ForegroundColor White
    Write-Host ""
    Write-Host "Consultez la documentation:" -ForegroundColor Yellow
    Write-Host "  OIDC_SECRETS_CONFIGURATION.md" -ForegroundColor White
    Write-Host ""
    exit 1
}