package server

import (
	"context"
	"crypto/tls"

	"git.kingecg.top/kingecg/gohttpd/utils"
	"git.kingecg.top/kingecg/gologger"
	"golang.org/x/crypto/acme"
	"golang.org/x/crypto/acme/autocert"
)

type LocalCertManager struct {
	*autocert.Manager
}

func (l *LocalCertManager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
	logger := gologger.GetLogger("autocert")
	logger.Debug("GetCertificate")
	cert, err := l.Manager.GetCertificate(hello)
	if err != nil {
		logger.Error("GetCertificate", err)
		return nil, err
	}
	return cert, nil
}
func (l *LocalCertManager) TLSConfig() *tls.Config {
	return &tls.Config{
		GetCertificate: l.GetCertificate,
		NextProtos: []string{
			"h2", "http/1.1", // enable HTTP/2
			acme.ALPNProto, // enable tls-alpn ACME challenges
		},
		MinVersion: tls.VersionTLS10, // minimum TLS version
	}
}

var CertManager *LocalCertManager

func InitCertManager(certDir string) {
	logger := gologger.GetLogger("autocert")
	logger.Debug("InitCertManager")
	l := &autocert.Manager{
		Prompt:     autocert.AcceptTOS,
		HostPolicy: hostPolicy,
		Cache:      autocert.DirCache(utils.NormalizePath(certDir)),
	}
	CertManager = &LocalCertManager{l}
}

func GetTlsConfig() *tls.Config {
	if CertManager == nil {
		InitCertManager(utils.NormalizePath("./certs"))
	}
	return CertManager.TLSConfig()
}
func hostPolicy(ctx context.Context, host string) error {
	return nil
}