package weixinapi

import (
	"crypto/sha1"
	"fmt"
	"sort"
	"strings"
)

func (a *API) SetMsgTokenAndKey(msgToken, msgKey string) {
	a.locker.Lock()
	defer a.locker.Unlock()

	a.msgToken = msgToken
	a.msgKey = msgKey
}

func (a *API) GetMsgTokenAndKey() (msgToken, msgKey string) {
	a.locker.RLock()
	defer a.locker.RUnlock()

	return a.msgToken, a.msgKey
}

func (a *API) ValidateWXCallbackURL(signature, timestamp, nonce string) (isValid bool) {
	msgToken, _ := a.GetMsgTokenAndKey()
	if msgToken == "" {
		panic("you must call SetMsgTokenAndKey first")
	}
	strList := []string{
		msgToken,
		timestamp,
		nonce,
	}
	sort.Sort(sort.StringSlice(strList))
	sha1Str := fmt.Sprintf("%x", sha1.Sum([]byte(strings.Join(strList, ""))))
	return sha1Str == signature
}