package acme

import (
	"acme-mana-server-go/model"
	provider_conf "acme-mana-server-go/vo/provider-conf"
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"
	"fmt"
	"github.com/go-acme/lego/v4/certcrypto"
	"github.com/go-acme/lego/v4/certificate"
	"github.com/go-acme/lego/v4/challenge"
	"github.com/go-acme/lego/v4/lego"
	"github.com/go-acme/lego/v4/registration"
	"strings"
)

type DnsHelper interface {
	Apply()
}

// Register 注册
func Register(email string) *RegisterRes {
	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
	if err != nil {
		panic(err)
	}

	user := User{
		Email: email,
		Key:   privateKey,
	}
	config := lego.NewConfig(&user)
	config.CADirURL = lego.LEDirectoryProduction
	config.Certificate.KeyType = certcrypto.RSA2048
	client, err := lego.NewClient(config)
	if err != nil {
		panic(err)
	}
	resource, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
	if err != nil {
		panic(err)
	}
	user.Registration = resource
	return user.ToRegister()
}

func Apply(domain *model.Domain, acmeUser *model.AcmeUser) *certificate.Resource {
	res := &RegisterRes{
		Email:        acmeUser.Email,
		Registration: acmeUser.Registration,
		PrivateKey:   acmeUser.PrivateKey,
	}
	user := &User{}
	user.FromRegister(res)

	config := lego.NewConfig(user)
	config.CADirURL = lego.LEDirectoryProduction
	config.Certificate.KeyType = certcrypto.RSA2048

	provider, err := GetProvider(domain.Provider, domain.ProviderConf)
	if err != nil {
		panic(err)
	}

	client, err := lego.NewClient(config)
	if err != nil {
		panic(err)
	}
	err = client.Challenge.SetDNS01Provider(provider)
	if err != nil {
		panic(err)
	}

	hosts := domain.Hosts
	hostArr := strings.Split(hosts, ",")
	request := certificate.ObtainRequest{
		Domains: hostArr,
	}

	resource, err := client.Certificate.Obtain(request)
	if err != nil {
		panic(err)
	}
	return resource
}

func GetProvider(name string, conf string) (challenge.Provider, error) {
	switch name {
	case "cloudflare":
		return provider_conf.Cloudflare{}.ToProvider(conf)
	default:
		panic("not support")
	}
}

func ReNew(acmeUser *model.AcmeUser) {
	res := &RegisterRes{
		Email:        acmeUser.Email,
		Registration: acmeUser.Registration,
		PrivateKey:   acmeUser.PrivateKey,
	}
	user := &User{}
	user.FromRegister(res)

	config := lego.NewConfig(user)
	config.CADirURL = lego.LEDirectoryProduction
	config.Certificate.KeyType = certcrypto.RSA2048

	resource := certificate.Resource{}
	client, _ := lego.NewClient(config)
	newResource, _ := client.Certificate.RenewWithOptions(resource, &certificate.RenewOptions{})
	fmt.Println(newResource)
}