using System.Diagnostics.CodeAnalysis;
using Certes;
using Certes.Acme;
using CertificateManager.Models;

namespace CertificateManager;

public class Worker(ILogger<Worker> logger, TimeProvider timeProvider, IConfiguration configuration) : BackgroundService
{
    [UnconditionalSuppressMessage("Trimming", "IL2026:Members annotated with 'RequiresUnreferencedCodeAttribute' require dynamic access otherwise can break functionality when trimming application code", Justification = "<Pending>")]
    protected override async Task ExecuteAsync(CancellationToken stoppingToken)
    {
        logger.LogTrace("Certificate manager started");
        
        // Local keys and CA
        string localDomain = configuration.GetValue("localDomain", "local");
        string keysPath = configuration.GetValue("keys_path", "/Certificates/Keys");
        string caPath = configuration.GetValue("ca_path", "/Certificates/CA");
        string localPath = configuration.GetValue("local_wildcard_path", "/Certificates/Local");
        
        // Real CA, real domain
        string domain = configuration.GetValue("domain", "automatic-parking.app");
        string wildcardPath = configuration.GetValue("wildcard_path", "/Certificates/Wildcard");
        
        string acmeEmail = configuration.GetValue("acmeEmail", "");
        logger.LogTrace("Acme email provided: {acmeEmail}", acmeEmail);
        
        string nameComUsername = configuration.GetValue("nameComUsername", "");
        string nameComToken = configuration.GetValue("nameComAPIToken", "");
        string nameComServer = configuration.GetValue("nameComServer", "https://api.name.com/v4");
        NameComCredentials nameComCredentials = new NameComCredentials(nameComUsername, nameComToken, nameComServer);
        logger.LogTrace("Name.com credentials provided: {nameComUsername} (with token of {nameComTokenLength} characters)", nameComUsername, nameComToken.Length);
       
        // Generate keys, CA and certificates
        var keys = GenerateKeys(keysPath, "private.pem", "public.pem", "chain.pem");
        var ca = CreateRootCA(keys, caPath, "private.pem", "public.pem");
        var local = CreateWildcardCertificate(ca, localDomain, localPath, "private.pem", "public.pem", "chain.pem");
        
        var external = AcquireWildcardCertificate(domain, nameComCredentials, wildcardPath, "private.pem", "public.pem", "chain.pem");
        DateTimeOffset expiry = external.Expires;
        logger.LogTrace("Wildcard certificate will expire on {expiry}", expiry);
        
        await Task.CompletedTask;
    }
}