package pkiutil

import "crypto/x509"
import "encoding/asn1"

var OIDCoditMTLSAuthorization = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 57264, 1, 1}

type clientAuthorizationValue struct {
	Version     int
	UserID      string
	Username    string
	ProfileID   string
	Permissions []string
	Scope       string
}

type ClientAuthorizationInfo struct {
	Version     int
	UserID      string
	Username    string
	ProfileID   string
	Permissions []string
	Scope       string
}

func ParseClientAuthorizationExtension(raw []byte) (ClientAuthorizationInfo, error) {
	var value clientAuthorizationValue
	var info ClientAuthorizationInfo
	var err error

	_, err = asn1.Unmarshal(raw, &value)
	if err != nil {
		return info, err
	}
	info = ClientAuthorizationInfo{
		Version:     value.Version,
		UserID:      value.UserID,
		Username:    value.Username,
		ProfileID:   value.ProfileID,
		Permissions: append([]string{}, value.Permissions...),
		Scope:       value.Scope,
	}
	return info, nil
}

func ParseClientAuthorizationFromCertificate(cert *x509.Certificate) (ClientAuthorizationInfo, bool, error) {
	var i int
	var info ClientAuthorizationInfo
	var err error

	if cert == nil {
		return info, false, nil
	}
	for i = 0; i < len(cert.Extensions); i++ {
		if !cert.Extensions[i].Id.Equal(OIDCoditMTLSAuthorization) {
			continue
		}
		info, err = ParseClientAuthorizationExtension(cert.Extensions[i].Value)
		if err != nil {
			return info, true, err
		}
		return info, true, nil
	}
	return info, false, nil
}