# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

from __future__ import annotations

import re

import aiofiles
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes


async def _write_to_file(
    dir_path: str, ca_cert: str, cert_chain: list[str], key: PrivateKeyTypes
) -> tuple[str, str, str]:
    """
    Helper function to write the server_ca, client certificate and
    private key to .pem files in a given directory.
    """
    ca_filename = f"{dir_path}/ca.pem"
    cert_chain_filename = f"{dir_path}/chain.pem"
    key_filename = f"{dir_path}/priv.pem"

    key_bytes = key.private_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PrivateFormat.TraditionalOpenSSL,
        encryption_algorithm=serialization.NoEncryption(),
    )

    async with aiofiles.open(ca_filename, "w+") as ca_out:
        await ca_out.write(ca_cert)
    async with aiofiles.open(cert_chain_filename, "w+") as chain_out:
        await chain_out.write("".join(cert_chain))
    async with aiofiles.open(key_filename, "wb") as priv_out:
        await priv_out.write(key_bytes)

    return (ca_filename, cert_chain_filename, key_filename)


async def generate_keys() -> tuple[rsa.RSAPrivateKey, str]:
    priv_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
    pub_key = (
        priv_key.public_key()
        .public_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PublicFormat.SubjectPublicKeyInfo,
        )
        .decode("UTF-8")
    )
    return (priv_key, pub_key)


def strip_http_prefix(url: str) -> str:
    """
    Returns a new URL with 'http://' or 'https://' prefix removed.
    """
    m = re.search(r"^(https?://)?(.+)", url)
    if m is None:
        return ""
    return m.group(2)