package trust

import (
	"fmt"
	"time"

	"github.com/Sirupsen/logrus"
	"github.com/docker/libtrust"
)

type NotVerifiedError string

func (e NotVerifiedError) Error() string {
	return string(e)
}

func (t *TrustStore) CheckKey(ns string, key []byte, perm uint16) (bool, error) {
	if len(key) == 0 {
		return false, fmt.Errorf("Missing PublicKey")
	}
	pk, err := libtrust.UnmarshalPublicKeyJWK(key)
	if err != nil {
		return false, fmt.Errorf("Error unmarshalling public key: %v", err)
	}

	if perm == 0 {
		perm = 0x03
	}

	t.RLock()
	defer t.RUnlock()
	if t.graph == nil {
		return false, NotVerifiedError("no graph")
	}

	// Check if any expired grants
	verified, err := t.graph.Verify(pk, ns, perm)
	if err != nil {
		return false, fmt.Errorf("Error verifying key to namespace: %s", ns)
	}
	if !verified {
		logrus.Debugf("Verification failed for %s using key %s", ns, pk.KeyID())
		return false, NotVerifiedError("not verified")
	}
	if t.expiration.Before(time.Now()) {
		return false, NotVerifiedError("expired")
	}
	return true, nil
}

func (t *TrustStore) UpdateBase() {
	t.fetch()
}