package main

import (
	"encoding/pem"
	"log"
	"net/http"

	cfocsp "github.com/cloudflare/cfssl/ocsp"
)

func writeBinary(w http.ResponseWriter, contentType string, body []byte) {
	w.Header().Set("Content-Type", contentType)
	w.Write(body)
}

func writePem(w http.ResponseWriter, contentType, blockType string, body []byte) {
	w.Header().Set("Content-Type", contentType)
	pem.Encode(w, &pem.Block{Type: blockType, Bytes: body})
}

func registerOcspRoutes(router *http.ServeMux, prefix string, ca *caInstance) {
	responder := cfocsp.NewResponder(ca.source, nil)
	router.Handle(prefix+"/ocsp", responder)
	router.Handle(prefix+"/ocsp/", http.StripPrefix(prefix+"/ocsp/", responder))
}

func registerCrlRoutes(router *http.ServeMux, prefix string, ca *caInstance) {
	router.HandleFunc(prefix+"/crl", func(w http.ResponseWriter, r *http.Request) {
		writeBinary(w, "application/pkix-cert", ca.currentCrl().Raw)
	})
	router.HandleFunc(prefix+"/crl.pem", func(w http.ResponseWriter, r *http.Request) {
		writePem(w, "application/pkix-crl", "X509 CRL", ca.currentCrl().Raw)
	})
}

func registerCaCertificateRoutes(router *http.ServeMux, prefix string, ca *caInstance) {
	router.HandleFunc(prefix+"/ca", func(w http.ResponseWriter, r *http.Request) {
		writeBinary(w, "application/pkix-cert", ca.caCertificate.Raw)
	})
	router.HandleFunc(prefix+"/ca.pem", func(w http.ResponseWriter, r *http.Request) {
		writePem(w, "application/x-x509-ca-cert", "CERTIFICATE", ca.caCertificate.Raw)
	})
}

func registerCaRoutes(router *http.ServeMux, ca *caInstance) {
	prefix := "/" + ca.name
	registerOcspRoutes(router, prefix, ca)
	registerCrlRoutes(router, prefix, ca)
	registerCaCertificateRoutes(router, prefix, ca)
}

func buildApplicationRouter(cas []*caInstance) *http.ServeMux {
	router := http.NewServeMux()
	for _, ca := range cas {
		registerCaRoutes(router, ca)
		log.Printf("registered ca %q with routes under /%s/", ca.name, ca.name)
	}
	return router
}