package pem

import (
	"bytes"
	"crypto/ecdsa"
	"crypto/rsa"
	"crypto/x509"
	"encoding/pem"
	"io"
	"os"
)

func pemWrite(filename, header string, data [][]byte) error {
	out, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0600)
	if err != nil {
		return err
	}
	defer out.Close()

	for _, d := range data {
		err = pem.Encode(out, &pem.Block{
			Type:  header,
			Bytes: d,
		})
		if err != nil {
			return err
		}
	}

	return nil
}

func WriteRSAPrivateKey(filename string, key *rsa.PrivateKey) error {
	return pemWrite(filename, "RSA PRIVATE KEY", [][]byte{x509.MarshalPKCS1PrivateKey(key)})
}

func WriteCertificateChain(filename string, der [][]byte) error {
	return pemWrite(filename, "CERTIFICATE", der)
}

func WriteECPrivateKey(filename string, key *ecdsa.PrivateKey) error {
	m, err := x509.MarshalECPrivateKey(key)
	if err != nil {
		return err
	}

	return pemWrite(filename, "EC PRIVATE KEY", [][]byte{m})
}

func CSRToPEMReader(der []byte) (io.ReadCloser, error) {
	out := &bytes.Buffer{}

	err := pem.Encode(out, &pem.Block{
		Type:  "CERTIFICATE REQUEST",
		Bytes: der,
	})
	if err != nil {
		return nil, err
	}

	return io.NopCloser(out), nil
}