package utils

import (
	"b612.me/starcrypto"
	"crypto"
	"crypto/rand"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/hex"
	"encoding/pem"
	"errors"
	"fmt"
	"math/big"
	"os"
	"testing"
	"time"
)

func TestGenerateRootCA(t *testing.T) {
	hexStr := "B61220050612B612"
	data, _ := hex.DecodeString(hexStr)
	num := new(big.Int).SetBytes(data)
	var rootCsr = &x509.Certificate{
		Version:      3,
		SerialNumber: num,
		Subject: pkix.Name{
			Country:            []string{"CN"},
			Locality:           []string{"Asteroid B612"},
			Organization:       []string{"B612.ME"},
			OrganizationalUnit: []string{"CA.B612.ME"},
			PostalCode:         []string{"B612", "Star"},
			CommonName:         "B612 Tools Root CA",
			SerialNumber:       "B612TOOLSROOTCA",
		},
		NotBefore:             time.Date(2000, 01, 01, 00, 00, 00, 00, time.UTC),
		NotAfter:              time.Date(2100, 01, 01, 00, 00, 00, 00, time.UTC),
		BasicConstraintsValid: true,
		IsCA:                  true,
		MaxPathLenZero:        false,
		ExtKeyUsage: []x509.ExtKeyUsage{
			x509.ExtKeyUsageAny,
			x509.ExtKeyUsageServerAuth,
			x509.ExtKeyUsageClientAuth,
			x509.ExtKeyUsageCodeSigning,
			x509.ExtKeyUsageEmailProtection,
			x509.ExtKeyUsageIPSECEndSystem,
			x509.ExtKeyUsageIPSECTunnel,
			x509.ExtKeyUsageIPSECUser,
			x509.ExtKeyUsageTimeStamping,
			x509.ExtKeyUsageOCSPSigning,
			x509.ExtKeyUsageMicrosoftServerGatedCrypto,
			x509.ExtKeyUsageNetscapeServerGatedCrypto,
			x509.ExtKeyUsageMicrosoftCommercialCodeSigning,
			x509.ExtKeyUsageMicrosoftKernelCodeSigning,
		},
		KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign | x509.KeyUsageKeyEncipherment | x509.KeyUsageKeyAgreement | x509.KeyUsageDigitalSignature,
	}
	key, _, err := starcrypto.GenerateRsaKey(4096)
	if err != nil {
		t.Fatal(err)
	}
	cert, err := MakeCert(key, rootCsr, rootCsr, key.Public())
	if err != nil {
		t.Fatal(err)
	}
	priv, _ := starcrypto.EncodePrivateKey(key, "")
	fmt.Println(os.WriteFile("../bin/b612toolca.key", priv, 0644))
	fmt.Println(os.WriteFile("../bin/b612toolca.crt", cert, 0644))
}

func TestGenerateMiddleCA(t *testing.T) {
	var interCsr = &x509.Certificate{
		Version:      3,
		SerialNumber: big.NewInt(time.Now().Unix()),
		Subject: pkix.Name{
			Country:            []string{"CN"},
			Locality:           []string{"Asteroid B612"},
			Organization:       []string{"B612.ME"},
			OrganizationalUnit: []string{"CA.B612.ME"},
			CommonName:         "B612 Inter Tool CA 2025",
		},
		NotBefore:             time.Date(2024, 01, 01, 8, 00, 00, 00, time.UTC),
		NotAfter:              time.Date(2026, 06, 12, 23, 59, 59, 00, time.UTC),
		BasicConstraintsValid: true,
		IsCA:                  true,
		MaxPathLen:            0,
		MaxPathLenZero:        true,
		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageAny, x509.ExtKeyUsageServerAuth,
			x509.ExtKeyUsageClientAuth},
		KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign | x509.KeyUsageKeyEncipherment | x509.KeyUsageKeyAgreement | x509.KeyUsageDigitalSignature,
	}
	rsa, _, err := starcrypto.GenerateRsaKey(4096)
	if err != nil {
		t.Fatal(err)
	}
	caKey, caCrt, err := LoadB612CA()
	if err != nil {
		t.Fatal(err)
	}
	cert, err := MakeCert(caKey, caCrt, interCsr, rsa.Public())
	if err != nil {
		t.Fatal(err)
	}
	priv, _ := starcrypto.EncodePrivateKey(rsa, "")
	os.WriteFile("../bin/toolinter.key", priv, 0644)
	os.WriteFile("../bin/toolinter.crt", cert, 0644)
}

func MakeCert(caKey any, caCrt *x509.Certificate, csr *x509.Certificate, pub any) ([]byte, error) {
	der, err := x509.CreateCertificate(rand.Reader, csr, caCrt, pub, caKey)
	if err != nil {
		return nil, err
	}
	cert, err := x509.ParseCertificate(der)
	if err != nil {
		return nil, err
	}
	certBlock := &pem.Block{
		Type:  "CERTIFICATE",
		Bytes: cert.Raw,
	}
	pemData := pem.EncodeToMemory(certBlock)
	return pemData, nil
}

func LoadB612CA() (crypto.PrivateKey, *x509.Certificate, error) {
	caRootK, _ := os.ReadFile("../bin/b612toolca.key")
	caRootC, _ := os.ReadFile("../bin/b612toolca.crt")
	caKey, err := starcrypto.DecodePrivateKey(caRootK, "")
	if err != nil {
		return nil, nil, err
	}
	block, _ := pem.Decode(caRootC)
	if block == nil || block.Type != "CERTIFICATE" {
		return nil, nil, errors.New("Failed to decode PEM block containing the certificate")
	}
	cert, err := x509.ParseCertificate(block.Bytes)
	if err != nil {
		return nil, nil, err
	}
	return caKey, cert, nil
}

func TestEncode(t *testing.T) {
	crt, err := os.ReadFile("../bin/toolinter.crt")
	if err != nil {
		t.Fatal(err)
	}
	key, err := os.ReadFile("../bin/toolinter.key")
	if err != nil {
		t.Fatal(err)
	}
	aesKey := ``
	encCrt, err := Encode(crt, aesKey)
	if err != nil {
		t.Fatal(err)
	}
	encKey, err := Encode(key, aesKey)
	if err != nil {
		t.Fatal(err)
	}
	fmt.Println("Encrypted Certificate:", hex.EncodeToString(encCrt))
	fmt.Println("Encrypted Key:", hex.EncodeToString(encKey))
}