package acme

import (
	"b612.me/starcrypto"
	"b612.me/starlog"
	"fmt"
	"github.com/go-acme/lego/v4/certcrypto"
	"github.com/go-acme/lego/v4/challenge/http01"
	"github.com/go-acme/lego/v4/challenge/tlsalpn01"
	"github.com/go-acme/lego/v4/lego"
	"github.com/go-acme/lego/v4/providers/dns/acmedns"
	"github.com/go-acme/lego/v4/providers/dns/alidns"
	"github.com/go-acme/lego/v4/providers/dns/azuredns"
	"github.com/go-acme/lego/v4/providers/dns/cloudflare"
	"github.com/go-acme/lego/v4/providers/dns/tencentcloud"
	"os"
)

func run(a Acme) error {

	// Create a user. New accounts need an email and private key to start.
	if a.KeyPath != "" {
		data, err := os.ReadFile(a.KeyPath)
		if err != nil {
			return fmt.Errorf("read key file error:%w", err)
		}
		a.key, err = starcrypto.DecodePrivateKey(data, "")
		if err != nil {
			return fmt.Errorf("decode key error:%w", err)
		}
	}
	for _, req := range a.CertReqs {
		starlog.Info("request cert for %v", req.Domains)
		config := lego.NewConfig(&a)
		// This CA URL is configured for a local dev instance of Boulder running in Docker in a VM.
		config.CADirURL = "https://acme-v02.api.letsencrypt.org/directory"
		switch req.KeyType {
		case "rsa2048":
			config.Certificate.KeyType = certcrypto.RSA2048
		case "rsa4096":
			config.Certificate.KeyType = certcrypto.RSA4096
		case "rsa8192":
			config.Certificate.KeyType = certcrypto.RSA8192
		case "ec256":
			config.Certificate.KeyType = certcrypto.EC256
		case "ec384":
			config.Certificate.KeyType = certcrypto.EC384
		default:
			config.Certificate.KeyType = certcrypto.EC384
		}

		// A client facilitates communication with the CA server.
		client, err := lego.NewClient(config)
		if err != nil {
			starlog.Errorf("new client error:%v", err)
			return fmt.Errorf("new client error:%w", err)
		}
		p := a.DnsPrivders[req.PrivderName]
		switch p.Type {
		case "http":
			err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", p.KeyID))
			if err != nil {
				starlog.Errorf("set http provider error:%v", err)
				return fmt.Errorf("set http provider error:%w", err)
			}
			err = client.Challenge.SetTLSALPN01Provider(tlsalpn01.NewProviderServer("", p.KeySecret))
			if err != nil {
				starlog.Errorf("set tlsalpn provider error:%v", err)
				return fmt.Errorf("set tlsalpn provider error:%w", err)
			}
		case "tencent":
			cfg := tencentcloud.NewDefaultConfig()
			cfg.SecretID = p.KeyID
			cfg.SecretKey = p.KeySecret
			dnsSet, err := tencentcloud.NewDNSProviderConfig(cfg)
			if err != nil {
				starlog.Errorf("new dns provider error:%v", err)
				return fmt.Errorf("new dns provider error:%w", err)
			}
			err = client.Challenge.SetDNS01Provider(dnsSet)
			if err != nil {
				starlog.Errorf("set dns provider error:%v", err)
				return fmt.Errorf("set dns provider error:%w", err)
			}
		case "cloudflare":
			cfg := cloudflare.NewDefaultConfig()
			cfg.AuthKey = p.KeySecret
			cfg.AuthEmail = p.KeyID
			dnsSet, err := cloudflare.NewDNSProviderConfig(cfg)
			if err != nil {
				starlog.Errorf("new dns provider error:%v", err)
				return fmt.Errorf("new dns provider error:%w", err)
			}
			err = client.Challenge.SetDNS01Provider(dnsSet)
			if err != nil {
				starlog.Errorf("set dns provider error:%v", err)
				return fmt.Errorf("set dns provider error:%w", err)
			}
		case "alidns":
			cfg := alidns.NewDefaultConfig()
			cfg.APIKey = p.KeyID
			cfg.SecretKey = p.KeySecret
			dnsSet, err := alidns.NewDNSProviderConfig(cfg)
			if err != nil {
				starlog.Errorf("new dns provider error:%v", err)
				return fmt.Errorf("new dns provider error:%w", err)
			}
			err = client.Challenge.SetDNS01Provider(dnsSet)
			if err != nil {
				starlog.Errorf("set dns provider error:%v", err)
				return fmt.Errorf("set dns provider error:%w", err)
			}
		case "azure":
			cfg := azuredns.NewDefaultConfig()
			cfg.ClientID = p.KeyID
			cfg.ClientSecret = p.KeySecret
			dnsSet, err := azuredns.NewDNSProviderConfig(cfg)
			if err != nil {
				starlog.Errorf("new dns provider error:%v", err)
				return fmt.Errorf("new dns provider error:%w", err)
			}
			err = client.Challenge.SetDNS01Provider(dnsSet)
			if err != nil {
				starlog.Errorf("set dns provider error:%v", err)
				return fmt.Errorf("set dns provider error:%w", err)
			}
		default:
			cfg, _ := acmedns.NewDNSProvider()
			err = client.Challenge.SetDNS01Provider(cfg)
			if err != nil {
				starlog.Errorf("set dns provider error:%v", err)
				return fmt.Errorf("set dns provider error:%w", err)
			}
		}

		/*
			// New users will need to register
			reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
			if err != nil {
				log.Fatal(err)
			}
			a.Registration = reg

			request := certificate.ObtainRequest{
				Domains: []string{"mydomain.com"},
				Bundle:  true,
			}
			certificates, err := client.Certificate.Obtain(request)
			if err != nil {
				log.Fatal(err)
			}

			// Each certificate comes back with the cert bytes, the bytes of the client's
			// private key, and a certificate URL. SAVE THESE TO DISK.
			fmt.Printf("%#v\n", certificates)

		*/
	}
	return nil
}