"""
Zero Trust Serializers
Serializers for device posture, geolocation rules, risk assessment, and adaptive authentication
"""
from rest_framework import serializers
from django.contrib.auth import get_user_model

from ..models import (
    DevicePosture, GeolocationRule, RiskAssessment, 
    AdaptiveAuthentication, UserBehaviorProfile
)

User = get_user_model()


class DevicePostureSerializer(serializers.ModelSerializer):
    """Serializer for device posture"""
    
    class Meta:
        model = DevicePosture
        fields = [
            'id', 'device_id', 'device_name', 'device_type', 'os_type', 
            'os_version', 'browser_info', 'is_managed', 'has_antivirus',
            'antivirus_status', 'firewall_enabled', 'encryption_enabled',
            'screen_lock_enabled', 'biometric_auth', 'ip_address',
            'mac_address', 'network_type', 'vpn_connected', 'risk_score',
            'is_compliant', 'is_trusted', 'trust_level', 'is_active',
            'first_seen', 'last_seen', 'created_at', 'updated_at'
        ]
        read_only_fields = [
            'id', 'device_id', 'risk_score', 'trust_level', 'is_trusted',
            'first_seen', 'last_seen', 'created_at', 'updated_at'
        ]


class DeviceRegistrationSerializer(serializers.Serializer):
    """Serializer for device registration"""
    device_id = serializers.CharField(max_length=255, required=True)
    device_name = serializers.CharField(max_length=200, required=False, allow_blank=True)
    device_type = serializers.ChoiceField(choices=DevicePosture.DEVICE_TYPES, required=False)
    os_type = serializers.ChoiceField(choices=DevicePosture.OS_TYPES, required=False)
    os_version = serializers.CharField(max_length=100, required=False, allow_blank=True)
    browser_info = serializers.CharField(max_length=200, required=False, allow_blank=True)
    is_managed = serializers.BooleanField(default=False)
    has_antivirus = serializers.BooleanField(default=False)
    antivirus_status = serializers.CharField(max_length=50, required=False, allow_blank=True)
    firewall_enabled = serializers.BooleanField(default=False)
    encryption_enabled = serializers.BooleanField(default=False)
    screen_lock_enabled = serializers.BooleanField(default=False)
    biometric_auth = serializers.BooleanField(default=False)
    ip_address = serializers.IPAddressField(required=False)
    mac_address = serializers.CharField(max_length=17, required=False, allow_blank=True)
    network_type = serializers.CharField(max_length=50, required=False, allow_blank=True)
    vpn_connected = serializers.BooleanField(default=False)


class GeolocationRuleSerializer(serializers.ModelSerializer):
    """Serializer for geolocation rules"""
    
    class Meta:
        model = GeolocationRule
        fields = [
            'id', 'name', 'description', 'rule_type', 'allowed_countries',
            'blocked_countries', 'allowed_regions', 'blocked_regions',
            'allowed_cities', 'blocked_cities', 'allowed_ip_ranges',
            'blocked_ip_ranges', 'allowed_time_zones', 'working_hours_only',
            'working_hours_start', 'working_hours_end', 'working_days',
            'max_distance_from_office', 'office_latitude', 'office_longitude',
            'notification_message', 'log_violation', 'require_manager_approval',
            'is_active', 'priority', 'created_at', 'updated_at'
        ]
        read_only_fields = ['id', 'created_at', 'updated_at']


class RiskAssessmentSerializer(serializers.ModelSerializer):
    """Serializer for risk assessments"""
    
    class Meta:
        model = RiskAssessment
        fields = [
            'id', 'user', 'assessment_type', 'resource_type', 'resource_id',
            'device_risk_score', 'location_risk_score', 'behavior_risk_score',
            'network_risk_score', 'time_risk_score', 'user_risk_score',
            'overall_risk_score', 'risk_level', 'ip_address', 'user_agent',
            'location_data', 'device_data', 'behavior_data', 'risk_factors',
            'mitigation_actions', 'assessment_details', 'access_decision',
            'decision_reason', 'assessed_at', 'expires_at'
        ]
        read_only_fields = [
            'id', 'user', 'overall_risk_score', 'risk_level', 'access_decision',
            'assessed_at', 'expires_at'
        ]


class RiskAssessmentRequestSerializer(serializers.Serializer):
    """Serializer for risk assessment requests"""
    assessment_type = serializers.ChoiceField(
        choices=RiskAssessment.RISK_FACTORS,
        default='LOGIN'
    )
    resource_type = serializers.CharField(max_length=100, required=False, allow_blank=True)
    resource_id = serializers.CharField(max_length=255, required=False, allow_blank=True)
    device_id = serializers.CharField(max_length=255, required=False, allow_blank=True)
    location_data = serializers.JSONField(required=False, default=dict)
    additional_context = serializers.JSONField(required=False, default=dict)


class AdaptiveAuthenticationSerializer(serializers.ModelSerializer):
    """Serializer for adaptive authentication"""
    
    class Meta:
        model = AdaptiveAuthentication
        fields = [
            'id', 'name', 'description', 'low_risk_threshold', 'medium_risk_threshold',
            'high_risk_threshold', 'low_risk_auth_methods', 'medium_risk_auth_methods',
            'high_risk_auth_methods', 'critical_risk_auth_methods',
            'device_trust_multiplier', 'location_trust_multiplier', 'time_trust_multiplier',
            'enable_behavioral_analysis', 'behavior_learning_period', 'anomaly_threshold',
            'ml_enabled', 'ml_model_path', 'ml_confidence_threshold',
            'fallback_auth_methods', 'max_auth_attempts', 'lockout_duration',
            'is_active', 'created_at', 'updated_at'
        ]
        read_only_fields = ['id', 'created_at', 'updated_at']


class UserBehaviorProfileSerializer(serializers.ModelSerializer):
    """Serializer for user behavior profiles"""
    
    class Meta:
        model = UserBehaviorProfile
        fields = [
            'id', 'user', 'typical_login_times', 'typical_login_locations',
            'typical_login_devices', 'typical_access_times', 'typical_access_patterns',
            'typical_session_duration', 'typical_ip_ranges', 'typical_user_agents',
            'login_frequency', 'access_frequency', 'anomaly_score', 'is_learning',
            'learning_start_date', 'learning_complete_date', 'sample_count',
            'last_updated', 'created_at'
        ]
        read_only_fields = [
            'id', 'user', 'anomaly_score', 'learning_start_date', 'learning_complete_date',
            'sample_count', 'last_updated', 'created_at'
        ]


class ZeroTrustStatusSerializer(serializers.Serializer):
    """Serializer for Zero Trust system status"""
    zero_trust_enabled = serializers.BooleanField()
    user_status = serializers.DictField()
    system_configuration = serializers.DictField()
    recommendations = serializers.ListField()


class DeviceSecurityRecommendationSerializer(serializers.Serializer):
    """Serializer for device security recommendations"""
    type = serializers.CharField()
    priority = serializers.ChoiceField(choices=['low', 'medium', 'high', 'critical'])
    message = serializers.CharField()
    action = serializers.CharField()
    details = serializers.DictField(required=False)


class RiskMitigationActionSerializer(serializers.Serializer):
    """Serializer for risk mitigation actions"""
    action_type = serializers.CharField()
    description = serializers.CharField()
    priority = serializers.ChoiceField(choices=['low', 'medium', 'high', 'critical'])
    required_auth_methods = serializers.ListField()
    estimated_time = serializers.IntegerField(help_text="Estimated time in minutes")
    automated = serializers.BooleanField(default=False)


class GeolocationTestSerializer(serializers.Serializer):
    """Serializer for testing geolocation rules"""
    latitude = serializers.FloatField(required=False)
    longitude = serializers.FloatField(required=False)
    country_code = serializers.CharField(max_length=2, required=False, allow_blank=True)
    region = serializers.CharField(max_length=100, required=False, allow_blank=True)
    city = serializers.CharField(max_length=100, required=False, allow_blank=True)
    ip_address = serializers.IPAddressField(required=False)


class BehavioralAnomalySerializer(serializers.Serializer):
    """Serializer for behavioral anomaly detection"""
    login_time = serializers.DateTimeField(required=False)
    location = serializers.DictField(required=False)
    device_id = serializers.CharField(max_length=255, required=False, allow_blank=True)
    ip_address = serializers.IPAddressField(required=False)
    user_agent = serializers.CharField(required=False, allow_blank=True)
    session_duration = serializers.FloatField(required=False)
    access_pattern = serializers.ListField(required=False)


class AccessDecisionSerializer(serializers.Serializer):
    """Serializer for access decisions"""
    access_granted = serializers.BooleanField()
    reason = serializers.CharField()
    required_actions = serializers.ListField()
    risk_level = serializers.ChoiceField(choices=['LOW', 'MEDIUM', 'HIGH', 'CRITICAL'])
    risk_score = serializers.IntegerField(min_value=0, max_value=100)
    auth_requirements = serializers.ListField()
    assessment_id = serializers.UUIDField()
    expires_at = serializers.DateTimeField(required=False)
    mitigation_actions = serializers.ListField(required=False)