package webhook

import (
	"crypto/x509"

	"go.step.sm/crypto/sshutil"
	"go.step.sm/crypto/x509util"
	"golang.org/x/crypto/ssh"
)

type RequestBodyOption func(*RequestBody) error

func NewRequestBody(options ...RequestBodyOption) (*RequestBody, error) {
	rb := &RequestBody{}

	for _, fn := range options {
		if err := fn(rb); err != nil {
			return nil, err
		}
	}

	return rb, nil
}

func WithX509CertificateRequest(cr *x509.CertificateRequest) RequestBodyOption {
	return func(rb *RequestBody) error {
		rb.X509CertificateRequest = &X509CertificateRequest{
			CertificateRequest: x509util.NewCertificateRequestFromX509(cr),
			PublicKeyAlgorithm: cr.PublicKeyAlgorithm.String(),
			Raw:                cr.Raw,
		}
		if cr.PublicKey != nil {
			key, err := x509.MarshalPKIXPublicKey(cr.PublicKey)
			if err != nil {
				return err
			}
			rb.X509CertificateRequest.PublicKey = key
		}

		return nil
	}
}

func WithX509Certificate(cert *x509util.Certificate, leaf *x509.Certificate) RequestBodyOption {
	return func(rb *RequestBody) error {
		rb.X509Certificate = &X509Certificate{
			Certificate:        cert,
			PublicKeyAlgorithm: leaf.PublicKeyAlgorithm.String(),
			NotBefore:          leaf.NotBefore,
			NotAfter:           leaf.NotAfter,
		}
		if leaf.PublicKey != nil {
			key, err := x509.MarshalPKIXPublicKey(leaf.PublicKey)
			if err != nil {
				return err
			}
			rb.X509Certificate.PublicKey = key
		}

		return nil
	}
}

func WithAttestationData(data *AttestationData) RequestBodyOption {
	return func(rb *RequestBody) error {
		rb.AttestationData = data
		return nil
	}
}

func WithSSHCertificateRequest(cr sshutil.CertificateRequest) RequestBodyOption {
	return func(rb *RequestBody) error {
		rb.SSHCertificateRequest = &SSHCertificateRequest{
			Type:       cr.Type,
			KeyID:      cr.KeyID,
			Principals: cr.Principals,
		}
		if cr.Key != nil {
			rb.SSHCertificateRequest.PublicKey = cr.Key.Marshal()
		}
		return nil
	}
}

func WithSSHCertificate(cert *sshutil.Certificate, certTpl *ssh.Certificate) RequestBodyOption {
	return func(rb *RequestBody) error {
		rb.SSHCertificate = &SSHCertificate{
			Certificate: cert,
			ValidBefore: certTpl.ValidBefore,
			ValidAfter:  certTpl.ValidAfter,
		}
		if certTpl.Key != nil {
			rb.SSHCertificate.PublicKey = certTpl.Key.Marshal()
		}
		return nil
	}
}