package utils

import (
	"crypto"
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"

	"github.com/go-acme/lego/v4/certcrypto"
	"github.com/go-acme/lego/v4/certificate"
	"github.com/go-acme/lego/v4/challenge"
	"github.com/go-acme/lego/v4/lego"
	"github.com/go-acme/lego/v4/registration"
)

func ApplyCert(domains []string, email string, provider challenge.Provider) ([]byte, []byte, error) {

	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
	if err != nil {
		return nil, nil, err
	}

	user := RegistrationUser{
		Email: email,
		Key:   privateKey,
	}

	config := lego.NewConfig(&user)
	config.Certificate.KeyType = certcrypto.RSA2048
	client, err := lego.NewClient(config)
	if err != nil {
		return nil, nil, err
	}
	err = client.Challenge.SetDNS01Provider(provider)
	if err != nil {
		return nil, nil, err
	}

	_, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
	if err != nil {
		return nil, nil, err
	}

	request := certificate.ObtainRequest{
		Domains: domains,
		Bundle:  true,
	}

	certResource, err := client.Certificate.Obtain(request)
	if err != nil {
		return nil, nil, err
	}

	return certResource.Certificate, certResource.PrivateKey, err
}

type RegistrationUser struct {
	Email        string
	Registration *registration.Resource
	Key          crypto.PrivateKey
}

func (registrationUser *RegistrationUser) GetEmail() string {
	return registrationUser.Email
}
func (registrationUser *RegistrationUser) GetRegistration() *registration.Resource {
	return registrationUser.Registration
}
func (registrationUser *RegistrationUser) GetPrivateKey() crypto.PrivateKey {
	return registrationUser.Key
}