package api

import (
	"encoding/pem"
	"fmt"
	"github.com/pkg/errors"
	"github.com/smallstep/certificates/errs"
	"net/http"
)

// CRL is an HTTP handler that returns the current CRL in DER or PEM format
func (h *caHandler) CRL(w http.ResponseWriter, r *http.Request) {
	crlBytes, err := h.Authority.GetCertificateRevocationList()

	_, formatAsPEM := r.URL.Query()["pem"]

	if err != nil {

		caErr, isCaErr := err.(*errs.Error)

		if isCaErr {
			http.Error(w, caErr.Msg, caErr.Status)
			return
		}

		w.WriteHeader(500)
		_, err = fmt.Fprintf(w, "%v\n", err)
		if err != nil {
			panic(errors.Wrap(err, "error writing http response"))
		}
		return
	}

	if formatAsPEM {
		pemBytes := pem.EncodeToMemory(&pem.Block{
			Type:  "X509 CRL",
			Bytes: crlBytes,
		})
		w.Header().Add("Content-Type", "application/x-pem-file")
		w.Header().Add("Content-Disposition", "attachment; filename=\"crl.pem\"")
		_, err = w.Write(pemBytes)
	} else {
		w.Header().Add("Content-Type", "application/pkix-crl")
		w.Header().Add("Content-Disposition", "attachment; filename=\"crl.der\"")
		_, err = w.Write(crlBytes)
	}

	if err != nil {
		panic(errors.Wrap(err, "error writing http response"))
	}

}