package mgmt

import (
	"github.com/smallstep/certificates/authority/admin"
	"github.com/smallstep/certificates/authority/config"
	"github.com/smallstep/certificates/authority/provisioner"
	"github.com/smallstep/certificates/authority/status"
)

// AuthConfig represents the Authority Configuration.
type AuthConfig struct {
	//*cas.Options         `json:"cas"`
	ID           string         `json:"id"`
	ASN1DN       *config.ASN1DN `json:"asn1dn,omitempty"`
	Provisioners []*Provisioner `json:"-"`
	Admins       []*Admin       `json:"-"`
	Claims       *Claims        `json:"claims,omitempty"`
	Backdate     string         `json:"backdate,omitempty"`
	Status       status.Type    `json:"status,omitempty"`
}

func NewDefaultAuthConfig() *AuthConfig {
	return &AuthConfig{
		Claims:   NewDefaultClaims(),
		ASN1DN:   &config.ASN1DN{},
		Backdate: config.DefaultBackdate.String(),
		Status:   status.Active,
	}
}

// ToCertificates converts a mgmt AuthConfig to configuration that can be
// directly used by the `step-ca` process. Resources are normalized and
// initialized.
func (ac *AuthConfig) ToCertificates() (*config.AuthConfig, error) {
	claims, err := ac.Claims.ToCertificates()
	if err != nil {
		return nil, err
	}
	backdate, err := provisioner.NewDuration(ac.Backdate)
	if err != nil {
		return nil, WrapErrorISE(err, "error converting backdate %s to duration", ac.Backdate)
	}
	var provs []provisioner.Interface
	for _, p := range ac.Provisioners {
		authProv, err := p.ToCertificates()
		if err != nil {
			return nil, err
		}
		provs = append(provs, authProv)
	}
	var admins []*admin.Admin
	for _, adm := range ac.Admins {
		authAdmin, err := adm.ToCertificates()
		if err != nil {
			return nil, err
		}
		admins = append(admins, authAdmin)
	}
	return &config.AuthConfig{
		AuthorityID:          ac.ID,
		Provisioners:         provs,
		Admins:               admins,
		Template:             ac.ASN1DN,
		Claims:               claims,
		DisableIssuedAtCheck: false,
		Backdate:             backdate,
	}, nil
}