namespace PlanTempus.Core
{
	public class SecureTokenizer : ISecureTokenizer
	{
		private const int _saltSize = 16; // 128 bit
		private const int _keySize = 32;  // 256 bit
		private const int _iterations = 100000;

		public string TokenizeText(string word)
		{
			using (var algorithm = new System.Security.Cryptography.Rfc2898DeriveBytes(
				word,
				_saltSize,
				_iterations,
				System.Security.Cryptography.HashAlgorithmName.SHA256))
			{
				var key = Convert.ToBase64String(algorithm.GetBytes(_keySize));
				var salt = Convert.ToBase64String(algorithm.Salt);

				return $"{_iterations}.{salt}.{key}";
			}
		}

		public bool VerifyToken(string hash, string word)
		{
			var parts = hash.Split('.', 3);
			if (parts.Length != 3)
			{
				return false;
			}

			var iterations = Convert.ToInt32(parts[0]);
			var salt = Convert.FromBase64String(parts[1]);
			var key = Convert.FromBase64String(parts[2]);

			using (var algorithm = new System.Security.Cryptography.Rfc2898DeriveBytes(
				word,
				salt,
				iterations,
				System.Security.Cryptography.HashAlgorithmName.SHA256))
			{
				var keyToCheck = algorithm.GetBytes(_keySize);
				return keyToCheck.SequenceEqual(key);
			}
		}
	}
}