package crt

import (
	"bytes"
	"database/sql"

	"github.com/jasinco/crtman/internal/store"
	"golang.org/x/crypto/ocsp"
)

func CheckValid(req *ocsp.Request) sql.Null[ocsp.Response] {
	var response ocsp.Response
	response.Status = ocsp.Revoked
	if !req.HashAlgorithm.Available() {
		return sql.Null[ocsp.Response]{Valid: false}
	}

	leaf := store.GetLeafCert(req.SerialNumber)
	if !leaf.Valid {
		return sql.Null[ocsp.Response]{Valid: false}
	}

	hasher := req.HashAlgorithm.New()
	valid_issuer_dn := bytes.Equal(hasher.Sum(leaf.V.Cert.RawIssuer), req.IssuerKeyHash)
	hasher.Reset()
	valid_issuer_key := bytes.Equal(hasher.Sum(leaf.V.Cert.RawSubjectPublicKeyInfo), req.IssuerKeyHash)

	if !(valid_issuer_dn && valid_issuer_key) {
		response.Status = ocsp.Unknown
	}
	response.SerialNumber = req.SerialNumber

	if !leaf.V.RevokeAt.Valid {
		response.Status = ocsp.Good
	} else {
		response.RevokedAt = leaf.V.RevokeAt.Time
		response.RevocationReason = int(leaf.V.RevokeReason.Int16)
	}
	return sql.Null[ocsp.Response]{Valid: true, V: response}
}