package main

import (
	"bytes"
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"os"
)

func decodeCrlBytes(content []byte) ([]byte, error) {
	if !bytes.Contains(content, []byte("BEGIN")) {
		return content, nil
	}
	block, rest := pem.Decode(content)
	if block == nil {
		return nil, fmt.Errorf("crl pem block could not be decoded")
	}
	if len(bytes.TrimSpace(rest)) > 0 {
		return nil, fmt.Errorf("crl file contains trailing data")
	}
	return block.Bytes, nil
}

func loadCrlFromFile(path string) (*x509.RevocationList, error) {
	content, readError := os.ReadFile(path)
	if readError != nil {
		return nil, readError
	}
	derBytes, decodeError := decodeCrlBytes(content)
	if decodeError != nil {
		return nil, fmt.Errorf("%s: %w", path, decodeError)
	}
	return x509.ParseRevocationList(derBytes)
}

func loadCertificateFromFile(path string) (*x509.Certificate, error) {
	content, readError := os.ReadFile(path)
	if readError != nil {
		return nil, readError
	}
	block, rest := pem.Decode(content)
	if block == nil {
		return nil, fmt.Errorf("%s: certificate pem block could not be decoded", path)
	}
	if len(bytes.TrimSpace(rest)) > 0 {
		return nil, fmt.Errorf("%s: certificate file contains trailing data", path)
	}
	return x509.ParseCertificate(block.Bytes)
}