package com.jetbrains.help.context;

import cn.hutool.core.date.DateField;
import cn.hutool.core.date.DateUtil;
import cn.hutool.core.io.FileUtil;
import cn.hutool.crypto.PemUtil;
import cn.hutool.crypto.SecureUtil;
import com.jetbrains.help.util.FileTools;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

import java.io.File;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;

@Slf4j
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public class CertificateContextHolder {

    private static final String ROOT_KEY_FILE_NAME = "external/certificate/root.key";
    private static final String PRIVATE_KEY_FILE_NAME = "external/certificate/private.key";
    private static final String PUBLIC_KEY_FILE_NAME = "external/certificate/public.key";
    private static final String CET_FILE_NAME = "external/certificate/ca.crt";

    private static File rootKeyFile;

    private static File privateKeyFile;

    private static File publicKeyFile;

    private static File crtFile;

    public static void init() {
        log.info("certificate context init loading...");
        rootKeyFile = FileTools.getFileOrCreat(ROOT_KEY_FILE_NAME);
        if (!FileTools.fileExists(PRIVATE_KEY_FILE_NAME)
                || !FileTools.fileExists(PUBLIC_KEY_FILE_NAME)
                || !FileTools.fileExists(CET_FILE_NAME)) {
            log.info("certificate context generate loading...");
            generateCertificate();
            log.info("certificate context generate success!");
        } else {
            privateKeyFile = FileTools.getFileOrCreat(PRIVATE_KEY_FILE_NAME);
            publicKeyFile = FileTools.getFileOrCreat(PUBLIC_KEY_FILE_NAME);
            crtFile = FileTools.getFileOrCreat(CET_FILE_NAME);
        }
        log.info("certificate context init success !");
    }


    public static File rootKeyFile() {
        return CertificateContextHolder.rootKeyFile;
    }

    public static File privateKeyFile() {
        return CertificateContextHolder.privateKeyFile;
    }

    public static File publicKeyFile() {
        return CertificateContextHolder.publicKeyFile;
    }

    public static File crtFile() {
        return CertificateContextHolder.crtFile;
    }

    public static void generateCertificate() {
        KeyPair keyPair = SecureUtil.generateKeyPair("RSA", 4096);
        PrivateKey privateKey = keyPair.getPrivate();
        PublicKey publicKey = keyPair.getPublic();
        privateKeyFile = FileTools.getFileOrCreat(PRIVATE_KEY_FILE_NAME);
        PemUtil.writePemObject("PRIVATE KEY", privateKey.getEncoded(), FileUtil.getWriter(privateKeyFile, StandardCharsets.UTF_8, false));
        publicKeyFile = FileTools.getFileOrCreat(PUBLIC_KEY_FILE_NAME);
        PemUtil.writePemObject("PUBLIC KEY", publicKey.getEncoded(), FileUtil.getWriter(publicKeyFile, StandardCharsets.UTF_8, false));
        JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
                new X500Name("CN=JetProfile CA"),
                BigInteger.valueOf(System.currentTimeMillis()),
                DateUtil.yesterday(),
                DateUtil.date().offset(DateField.YEAR, 100),
                new X500Name("CN=Jetbrains-Help"),
                SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        try {
            ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(privateKey);
            Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateBuilder.build(signer));
            crtFile = FileTools.getFileOrCreat(CET_FILE_NAME);
            PemUtil.writePemObject("CERTIFICATE", certificate.getEncoded(), FileUtil.getWriter(crtFile, StandardCharsets.UTF_8, false));
        } catch (OperatorCreationException e) {
            throw new IllegalArgumentException("Certificate operator creation exception", e);
        } catch (CertificateEncodingException e) {
            throw new IllegalArgumentException("The certificate encoding exception", e);
        } catch (CertificateException e) {
            throw new IllegalArgumentException("The certificate read exception", e);
        }
    }


}