package certifer

import (
	"bytes"
	"crypto/aes"
	"crypto/cipher"
	"crypto/sha256"
	"encoding/binary"
	"encoding/gob"
	"os"
)

type certifier struct {
	key string

	// head / thing / bla (
	// orga / unit  / cn
	// "abc"/ "ca"  / "ca"

	// Orga will be the Organization of newly created CAs
	Orga string

	// Thing is the OrgaUnit of newly created Certs
	Thing string
}

func New(key, orga, thing string) *certifier {
	return &certifier{
		key:   key,
		Orga:  orga,
		Thing: thing,
	}
}

func (x *certifier) Import(data []byte) (*Cert, error) {
	blob := make([]byte, len(data))
	copy(blob, data)

	tKeydata := sha256.Sum256([]byte(x.key)) // gives 32 bytes, which is a multiple of the block size
	tIVdata := tKeydata[:aes.BlockSize]
	block, err := aes.NewCipher(tKeydata[:])
	if err != nil {
		return nil, err
	}
	cbc := cipher.NewCBCDecrypter(block, tIVdata)
	cbc.CryptBlocks(blob, blob)
	bloblen := binary.BigEndian.Uint32(blob[0:4])
	buf := bytes.NewBuffer(blob[4 : 4+bloblen])
	// should be plain gob now
	cert := &Cert{}
	tGob := gob.NewDecoder(buf)
	if err := tGob.Decode(cert); err != nil {
		return nil, err
	}
	cert.x = x
	return cert, nil
}

func (x *certifier) ImportFromFile(filename string) (*Cert, error) {
	blob, err := os.ReadFile(filename)
	if err != nil {
		return nil, err
	}
	return x.Import(blob)
}