package routes

import (
	"crypto/sha1"
	"crypto/tls"
	"encoding/hex"
	"fmt"
	"github.com/gin-gonic/gin"
	"net/http"
)

// GetCertificateInfo handler
func GetCertificateInfo(c *gin.Context) {
	query := c.Query("q")
	resp, err := tls.Dial("tcp", query+":443", &tls.Config{})
	if err != nil {
		fmt.Println(err)
		c.JSON(http.StatusBadRequest, gin.H{
			"status":  false,
			"message": "Could not establish connection with server.",
		})
		return
	}
	certificate := resp.ConnectionState().PeerCertificates[0]

	var validationType string
	for _, value := range certificate.PolicyIdentifiers {
		if value.String() == "2.23.140.1.1" {
			validationType = "EV"
		} else if value.String() == "2.23.140.1.2.2" {
			validationType = "OV"
		} else if value.String() == "2.23.140.1.2.1" {
			validationType = "DV"
		}
	}

	extendedKeyUsages := []string{}
	for _, value := range certificate.ExtKeyUsage {
		switch value {
		case 0:
			extendedKeyUsages = append(extendedKeyUsages, "All/Any Usages")
			break
		case 1:
			extendedKeyUsages = append(extendedKeyUsages, "TLS Web Server Authentication")
			break
		case 2:
			extendedKeyUsages = append(extendedKeyUsages, "TLS Web Client Authentication")
			break
		case 3:
			extendedKeyUsages = append(extendedKeyUsages, "Code Signing")
			break
		case 4:
			extendedKeyUsages = append(extendedKeyUsages, "E-mail Protection (S/MIME)")
		default:
			break
		}
	}

	sum := sha1.Sum(certificate.Raw)

	c.JSON(http.StatusOK, gin.H{
		"status": true,
		"subject": gin.H{
			"commonName":         certificate.Subject.CommonName,
			"organization":       certificate.Subject.Organization,
			"organizationalUnit": certificate.Subject.OrganizationalUnit,
			"locality":           certificate.Subject.Locality,
			"country":            certificate.Subject.Country,
		},
		"issuer": gin.H{
			"commonName":         certificate.Issuer.CommonName,
			"organization":       certificate.Issuer.Organization,
			"organizationalUnit": certificate.Issuer.OrganizationalUnit,
			"locality":           certificate.Issuer.Locality,
			"country":            certificate.Issuer.Country,
		},
		"validationType":     validationType,
		"signatureAlgorithm": certificate.SignatureAlgorithm.String(),
		"publicKeyAlgorithm": certificate.PublicKeyAlgorithm.String(),
		"serialNumber":       certificate.SerialNumber.Int64(),
		"notAfter":           certificate.NotAfter,
		"extendedKeyUsage":   extendedKeyUsages,
		"san":                certificate.DNSNames,
		"fingerprint":        hex.EncodeToString(sum[:]),
	})
}