package web

import (
	"crypto/x509"
	"encoding/base64"
	"io"
	"log"

	"github.com/gin-gonic/gin"
	"github.com/jasinco/crtman/internal/crt"
	"github.com/jasinco/crtman/internal/store"
	"golang.org/x/crypto/ocsp"
)

// comply to https://datatracker.ietf.org/doc/html/rfc6960#appendix-A
func ocsp_handling(c *gin.Context) {
	var req_bin []byte
	var err error
	if c.Request.Method == "GET" {
		b64_req := c.Param("req")
		req_bin, err = base64.RawURLEncoding.DecodeString(b64_req)
		if err != nil {
			c.Status(400)
			return
		}
	} else {
		req_bin, err = io.ReadAll(c.Request.Body)
		if err != nil {
			c.Status(400)
			return
		}
	}
	req, err := ocsp.ParseRequest(req_bin)
	if err != nil {
		c.Status(400)
		return
	}
	result := crt.CheckValid(req)
	if !result.Valid {
		c.Status(400)
		return
	}
	ca, err := x509.ParseCertificate(store.RootCA)
	if err != nil {
		log.Println(err)
		c.Status(500)
		return
	}
	response, err := ocsp.CreateResponse(ca, ca, result.V, store.RootCAKey)
	if err != nil {
		log.Println(err)
		c.Status(500)
		return
	}
	c.Data(200, "application/ocsp-response", response)
}