package util

import (
	"crypto/rsa"
	"crypto/tls"
	"crypto/x509"
	"encoding/pem"
	"errors"
	"gitee.com/h79/goutils/common/result"
	"gitee.com/h79/goutils/dao/config"
	"os"
)

func GetCertificate(t *config.Tls) (tls.Certificate, *x509.CertPool, error) {
	if t.Key == "" || t.CaFile == "" || t.CertFile == "" || t.KeyFile == "" {
		return tls.Certificate{}, nil, result.RErrParam
	}
	cert, err := tls.LoadX509KeyPair(t.CertFile, t.KeyFile)
	if err != nil {
		return tls.Certificate{}, nil, err
	}

	certPool := x509.NewCertPool()
	ca, err := os.ReadFile(t.CaFile)
	if err != nil {
		return tls.Certificate{}, nil, err
	}

	if ok := certPool.AppendCertsFromPEM(ca); !ok {
		return tls.Certificate{}, nil, err
	}
	return cert, certPool, nil
}

func GetServerPubKey(pk *config.ServerPubKey) (*rsa.PublicKey, error) {
	if pk.Key == "" || pk.PemFile == "" {
		return nil, result.RErrParam
	}
	data, err := os.ReadFile(pk.PemFile)
	if err != nil {
		return nil, err
	}
	block, _ := pem.Decode(data)
	if block == nil || block.Type != "PUBLIC KEY" {
		return nil, errors.New("failed to decode PEM block containing public key")
	}
	pub, err := x509.ParsePKIXPublicKey(block.Bytes)
	if err != nil {
		return nil, err
	}
	if rsaPubKey, ok := pub.(*rsa.PublicKey); ok {
		return rsaPubKey, nil
	}
	return nil, errors.New("failure")
}