package handshake

import (
	"bytes"
	"crypto/rand"

	"github.com/lucas-clemente/quic-go/crypto"
)

// ServerConfig is a server config
type ServerConfig struct {
	kex       crypto.KeyExchange
	certChain crypto.CertChain
	ID        []byte
	obit      []byte
	stkSource crypto.StkSource
}

// NewServerConfig creates a new server config
func NewServerConfig(kex crypto.KeyExchange, certChain crypto.CertChain) (*ServerConfig, error) {
	id := make([]byte, 16)
	_, err := rand.Read(id)
	if err != nil {
		return nil, err
	}

	stkSecret := make([]byte, 32)
	if _, err = rand.Read(stkSecret); err != nil {
		return nil, err
	}

	obit := make([]byte, 8)
	if _, err = rand.Read(obit); err != nil {
		return nil, err
	}

	stkSource, err := crypto.NewStkSource(stkSecret)
	if err != nil {
		return nil, err
	}

	return &ServerConfig{
		kex:       kex,
		certChain: certChain,
		ID:        id,
		obit:      obit,
		stkSource: stkSource,
	}, nil
}

// Get the server config binary representation
func (s *ServerConfig) Get() []byte {
	var serverConfig bytes.Buffer
	WriteHandshakeMessage(&serverConfig, TagSCFG, map[Tag][]byte{
		TagSCID: s.ID,
		TagKEXS: []byte("C255"),
		TagAEAD: []byte("AESG"),
		TagPUBS: append([]byte{0x20, 0x00, 0x00}, s.kex.PublicKey()...),
		TagOBIT: s.obit,
		TagEXPY: {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
	})
	return serverConfig.Bytes()
}

// Sign the server config and CHLO with the server's keyData
func (s *ServerConfig) Sign(sni string, chlo []byte) ([]byte, error) {
	return s.certChain.SignServerProof(sni, chlo, s.Get())
}

// GetCertsCompressed returns the certificate data
func (s *ServerConfig) GetCertsCompressed(sni string, commonSetHashes, compressedHashes []byte) ([]byte, error) {
	return s.certChain.GetCertsCompressed(sni, commonSetHashes, compressedHashes)
}