/*
godlighty -- highly-customizable HTTP, HTTP/2, HTTPS server
Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, version 3 of the License.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

package godlighty

import (
	"crypto/tls"
	"encoding/pem"
	"errors"
	"fmt"
	"io/ioutil"
	"log"
)

var HostToCertificate map[string]*tls.Certificate

func GetCertificate(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
	cert := HostToCertificate[chi.ServerName]
	if cert == nil {
		return nil, errors.New("no certificate found")
	}
	return cert, nil
}

func LoadCertificates() {
	HostToCertificate = make(map[string]*tls.Certificate, len(Hosts))
	for host, cfg := range Hosts {
		if cfg.TLS == nil {
			continue
		}
		cert, err := tls.LoadX509KeyPair(cfg.TLS.Cert, cfg.TLS.Key)
		if err != nil {
			log.Fatalln(err)
		}
		if cfg.TLS.CACert != "" {
			data, err := ioutil.ReadFile(cfg.TLS.CACert)
			if err != nil {
				log.Fatalln(err)
			}
			block, _ := pem.Decode(data)
			if block == nil {
				log.Fatalln(fmt.Errorf("no PEM found: %s", cfg.TLS.CACert))
			}
			if block.Type != "CERTIFICATE" {
				log.Fatalln(fmt.Errorf("non CERTIFICATE: %s", cfg.TLS.CACert))
			}
			cert.Certificate = append(cert.Certificate, block.Bytes)
		}
		HostToCertificate[host] = &cert
	}
}