package com.qianwen.mdc.service.opcua;

import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.regex.Pattern;
import org.eclipse.milo.opcua.sdk.server.util.HostnameUtil;
import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateBuilder;
import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
public class KeyStoreLoader {
  public KeyStoreLoader load(Path baseDir) throws Exception {
    KeyStore keyStore = KeyStore.getInstance("PKCS12");
    Path serverKeyStore = baseDir.resolve("opcua-client.pfx");
    this.logger.info("Loading KeyStore at {}", serverKeyStore);
    if (!Files.exists(serverKeyStore, new java.nio.file.LinkOption[0])) {
      keyStore.load(null, PASSWORD);
      KeyPair keyPair = SelfSignedCertificateGenerator.generateRsaKeyPair(2048);
      SelfSignedCertificateBuilder builder = (new SelfSignedCertificateBuilder(keyPair)).setCommonName("mdc").setOrganization("hx").setOrganizationalUnit("Kx").setLocalityName("Terran").setStateName("Shanghai").setCountryCode("CN").setApplicationUri("urn:eclipse:milo:examples:client").addDnsName("localhost").addIpAddress("127.0.0.1");
      for (String hostname : HostnameUtil.getHostnames("0.0.0.0")) {
        if (IP_ADDR_PATTERN.matcher(hostname).matches()) {
          builder.addIpAddress(hostname);
          continue;
        } 
        builder.addDnsName(hostname);
      } 
      X509Certificate certificate = builder.build();
      keyStore.setKeyEntry("hx-mdc", keyPair.getPrivate(), PASSWORD, (Certificate[])new X509Certificate[] { certificate });
      try (OutputStream out = Files.newOutputStream(serverKeyStore, new java.nio.file.OpenOption[0])) {
        keyStore.store(out, PASSWORD);
      } 
    } else {
      try (InputStream in = Files.newInputStream(serverKeyStore, new java.nio.file.OpenOption[0])) {
        keyStore.load(in, PASSWORD);
      } 
    } 
    Key serverPrivateKey = keyStore.getKey("hx-mdc", PASSWORD);
    if (serverPrivateKey instanceof PrivateKey) {
      this.clientCertificate = (X509Certificate)keyStore.getCertificate("hx-mdc");
      PublicKey serverPublicKey = this.clientCertificate.getPublicKey();
      this.clientKeyPair = new KeyPair(serverPublicKey, (PrivateKey)serverPrivateKey);
    } 
    return this;
  }
  
  public X509Certificate getClientCertificate() {
    return this.clientCertificate;
  }
  
  public KeyPair getClientKeyPair() {
    return this.clientKeyPair;
  }
  
  private static final Pattern IP_ADDR_PATTERN = Pattern.compile("^(([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.){3}([01]?\\d\\d?|2[0-4]\\d|25[0-5])$");
  
  private static final String CLIENT_ALIAS = "hx-mdc";
  
  private static final char[] PASSWORD = "12345678".toCharArray();
  
  private final Logger logger = LoggerFactory.getLogger(getClass());
  
  private X509Certificate clientCertificate;
  
  private KeyPair clientKeyPair;
}