package main

import (
	"crypto/tls"
	"crypto/x509"
	"flag"
	"os"

	"github.com/charmbracelet/log"
	"gopkg.in/yaml.v3"
)

type Config struct {
	Server struct {
		CertFilePath string `yaml:"certFilePath"`
		KeyFilePath  string `yaml:"keyFilePath"`
	} `yaml:"server"`
	Client struct {
		CACertFilePath string `yaml:"cACertFilePath"`
	} `yaml:"client"`

	TodoPath string `yaml:"todoPath"`
}

func getConfig() Config {
	configPath := flag.String("config", "config.yaml", "Path to config file")
	flag.Parse()

	configFile, err := os.ReadFile(*configPath)
	if err != nil {
		log.Fatalf("Can't read config file: %s", err)
	}

	var cfg Config
	yaml.Unmarshal(configFile, &cfg)
	return cfg
}

func getTLSConfig(config Config) *tls.Config {

	serverTLSCert, err := tls.LoadX509KeyPair(config.Server.CertFilePath, config.Server.KeyFilePath)
	if err != nil {
		log.Fatalf("error opening certificate and key file for control connection. Error %v", err)
		return nil
	}

	certPool := x509.NewCertPool()
	if caCertPEM, err := os.ReadFile(config.Client.CACertFilePath); err != nil {
		panic(err)
	} else if ok := certPool.AppendCertsFromPEM(caCertPEM); !ok {
		panic("invalid cert in CA PEM")
	}

	return &tls.Config{
		ClientAuth:   tls.RequireAndVerifyClientCert,
		ClientCAs:    certPool,
		Certificates: []tls.Certificate{serverTLSCert},
	}
}