# Copyright (c) 2022, Oracle and/or its affiliates.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License, version 2.0, as
# published by the Free Software Foundation.
#
# This program is also distributed with certain software (including
# but not limited to OpenSSL) that is licensed under separate terms,
# as designated in a particular file or component or in included license
# documentation.  The authors of MySQL hereby grant you an
# additional permission to link the program and your derivative works
# with the separately licensed software that they have included with
# MySQL.
#
# Without limiting anything contained in the foregoing, this file,
# which is part of MySQL Connector/Python, is also subject to the
# Universal FOSS Exception, version 1.0, a copy of which can be found at
# http://oss.oracle.com/licenses/universal-foss-exception.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU General Public License, version 2.0, for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA

"""Base Authentication Plugin class."""

from abc import ABC
from typing import Optional, Union

from .. import errors
from ..types import StrOrBytes


class BaseAuthPlugin(ABC):
    """Base class for authentication pluginsF


    Classes inheriting from BaseAuthPlugin should implement the method
    prepare_password(). When instantiating, auth_data argument is
    required. The username, password and database are optional. The
    ssl_enabled argument can be used to tell the plugin whether SSL is
    active or not.

    The method auth_response() method is used to retrieve the password
    which was prepared by prepare_password().
    """

    requires_ssl: int = False
    plugin_name: str = ""

    def __init__(
        self,
        auth_data: Optional[bytes],
        username: Optional[StrOrBytes] = None,
        password: Optional[str] = None,
        database: Optional[str] = None,
        ssl_enabled: bool = False,
    ) -> None:
        """Initialization"""
        self._auth_data: bytes = auth_data
        self._username: Optional[str] = (
            username.decode("utf8")
            if isinstance(username, (bytes, bytearray))
            else username
        )
        self._password: Optional[str] = password
        self._database: Optional[str] = database
        self._ssl_enabled: bool = ssl_enabled

    def prepare_password(self) -> bytes:
        """Prepare and return password as as clear text.

        Returns:
            bytes: Prepared password.
        """
        if not self._password:
            return b"\x00"
        password: StrOrBytes = self._password

        if isinstance(password, str):
            password = password.encode("utf8")

        return password + b"\x00"

    def auth_response(
        self, auth_data: Optional[bytes] = None  # pylint: disable=unused-argument
    ) -> bytes:
        """Return the prepared password to send to MySQL.

        Raises:
            InterfaceError: When SSL is required by not enabled.

        Returns:
            str: The prepared password.
        """
        if self.requires_ssl and not self._ssl_enabled:
            raise errors.InterfaceError(f"{self.plugin_name} requires SSL")
        return self.prepare_password()