package grpcserver

import (
	"context"
	"errors"

	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/status"

	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1"
	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
	"git.wntrmute.dev/kyle/metacrypt/internal/engine/ca"
)

type pkiServer struct {
	pb.UnimplementedPKIServiceServer
	s *GRPCServer
}

func (ps *pkiServer) GetRootCert(_ context.Context, req *pb.GetRootCertRequest) (*pb.GetRootCertResponse, error) {
	caEng, err := ps.getCAEngine(req.Mount)
	if err != nil {
		return nil, err
	}
	certPEM, err := caEng.GetRootCertPEM()
	if err != nil {
		return nil, status.Error(codes.Unavailable, "sealed")
	}
	return &pb.GetRootCertResponse{CertPem: certPEM}, nil
}

func (ps *pkiServer) GetChain(_ context.Context, req *pb.GetChainRequest) (*pb.GetChainResponse, error) {
	if req.Issuer == "" {
		return nil, status.Error(codes.InvalidArgument, "issuer is required")
	}
	caEng, err := ps.getCAEngine(req.Mount)
	if err != nil {
		return nil, err
	}
	chainPEM, err := caEng.GetChainPEM(req.Issuer)
	if err != nil {
		if errors.Is(err, ca.ErrIssuerNotFound) {
			return nil, status.Error(codes.NotFound, "issuer not found")
		}
		return nil, status.Error(codes.Unavailable, "sealed")
	}
	return &pb.GetChainResponse{ChainPem: chainPEM}, nil
}

func (ps *pkiServer) GetIssuerCert(_ context.Context, req *pb.GetIssuerCertRequest) (*pb.GetIssuerCertResponse, error) {
	if req.Issuer == "" {
		return nil, status.Error(codes.InvalidArgument, "issuer is required")
	}
	caEng, err := ps.getCAEngine(req.Mount)
	if err != nil {
		return nil, err
	}
	certPEM, err := caEng.GetIssuerCertPEM(req.Issuer)
	if err != nil {
		if errors.Is(err, ca.ErrIssuerNotFound) {
			return nil, status.Error(codes.NotFound, "issuer not found")
		}
		return nil, status.Error(codes.Unavailable, "sealed")
	}
	return &pb.GetIssuerCertResponse{CertPem: certPEM}, nil
}

func (ps *pkiServer) getCAEngine(mountName string) (*ca.CAEngine, error) {
	mount, err := ps.s.engines.GetMount(mountName)
	if err != nil {
		return nil, status.Error(codes.NotFound, err.Error())
	}
	if mount.Type != engine.EngineTypeCA {
		return nil, status.Error(codes.NotFound, "mount is not a CA engine")
	}
	caEng, ok := mount.Engine.(*ca.CAEngine)
	if !ok {
		return nil, status.Error(codes.NotFound, "mount is not a CA engine")
	}
	return caEng, nil
}