require 'pkernel'
require_relative 'csr'
require_relative 'global'


class Pkernel::Certificate::Owner

  def to_x500_subject

    PkernelJce::Provider.add_default
    builder = Java::OrgBouncycastleAsn1X500::X500NameBuilder.new
    builder.addRDN(Java::OrgBouncycastleAsn1X500Style::BCStyle::CN, @name)

    builder.addRDN(Java::OrgBouncycastleAsn1X500Style::BCStyle::O, @org) if @org != nil and not @org.empty?
    builder.addRDN(Java::OrgBouncycastleAsn1X500Style::BCStyle::OU, @orgUnit) if @orgUnit != nil and not @orgUnit.empty?
    builder.addRDN(Java::OrgBouncycastleAsn1X500Style::BCStyle::SN, @serial) if @serial != nil and not @serial.empty?

    # this should not be here...	
    if @emails.length > 0
      builder.addRDN(Java::OrgBouncycastleAsn1X500Style::BCStyle::EmailAddress, @emails[0]) 
    end

    builder.build

  end

  def self.parse_x500_subject(subject, &block)
    if block
    else
      raise PkernelJce::Error, "Block required to parse x500 subject"
    end
    
    subject.getRDNs.each do |rd|
      rd.getTypesAndValues.each do |tv|
        case tv.type
        when Java::OrgBouncycastleAsn1X500Style::BCStyle::CN
          block.call(:cn, tv.value.string)
        when Java::OrgBouncycastleAsn1X500Style::BCStyle::O
          block.call(:o, tv.value.string)
        when Java::OrgBouncycastleAsn1X500Style::BCStyle::OU
          block.call(:ou, tv.value.string)
        when Java::OrgBouncycastleAsn1X500Style::BCStyle::SN
          block.call(:serial, tv.value.string)
        when Java::OrgBouncycastleAsn1X500Style::BCStyle::EmailAddress
          block.call(:email, tv.value.string)
        else
          PkernelJce::GConf.instance.glog.warn "Uncaught key-value in subject parsing '#{tv.type}-#{tv.value}'"
        end
      end
    end
  end
  # from_x500_subject

  # assumption: CSR here already in object of PKCS10CertificationRequest
  def self.from_p10(csr)
    if csr.nil?
      raise PkernelJce::Error, "Cannot load CSR from nil"
    end

    if PkernelJce::CSRProxy.is_signature_valid?(csr)
      owner = Pkernel::Certificate::Owner.new
      parse_x500_subject(csr.subject) do |k,v|
        case k
        when :cn
          owner.name = v
        when :o
          owner.org = v
        when :ou
          owner.orgUnit = v
        when :serial
          owner.serial = v
        when :email
          owner.emails << v
        end
      end

      owner
    else
      raise PkernelJce::Error, "Signature of CSR is not valid"
    end
  end
  # load_from_csr

end
# end class Owner