package certinject

import (
	"gopkg.in/hlandau/easyconfig.v1/cflag"
)

// This package is used to add and remove certificates to the system trust
// store.
// Currently only supports Windows CryptoAPI and NSS sqlite3 stores.

var (
	cryptoApiFlag = cflag.Bool(flagGroup, "cryptoapi", false,
		"Synchronize TLS certs to the CryptoAPI trust store?  This "+
			"enables HTTPS to work with Chromium/Chrome.  Only "+
			"use if you've set up NUMS HPKP in Chromium/Chrome "+
			"as per documentation.  If you haven't set up NUMS "+
			"HPKP, or if you access ncdns from browsers not "+
			"based on Chromium or Firefox, this is unsafe and "+
			"should not be used.")
)

// InjectCert injects the given cert into all configured trust stores.
func InjectCert(derBytes []byte) {

	if cryptoApiFlag.Value() {
		injectCertCryptoApi(derBytes)
	}
	if nssFlag.Value() {
		injectCertNss(derBytes)
	}
}

// CleanCerts cleans expired certs from all configured trust stores.
func CleanCerts() {

	if cryptoApiFlag.Value() {
		cleanCertsCryptoApi()
	}
	if nssFlag.Value() {
		cleanCertsNss()
	}

}