package main

import (
	"flag"
	"log"
	"os"

	"git.cacert.org/cacert-gosigner/pkg/config"
	"git.cacert.org/cacert-gosigner/pkg/hsm"
)

var (
	commit  string
	date    string
	version string
)

const (
	defaultSignerConfigFile = "config.yaml"
)

func main() {
	var (
		showVersion, setupMode, verbose bool
		signerConfigFile                string
	)

	log.SetFlags(log.Ldate | log.Lmicroseconds | log.LUTC)

	log.Printf("cacert-gosigner %s (%s) - built %s\n", version, commit, date)

	flag.StringVar(&signerConfigFile, "caconfig", defaultSignerConfigFile, "signer configuration file")
	flag.BoolVar(&showVersion, "version", false, "show version")
	flag.BoolVar(&setupMode, "setup", false, "setup mode")
	flag.BoolVar(&verbose, "verbose", false, "verbose output")

	flag.Parse()

	if showVersion {
		return
	}

	configFile, err := os.Open(signerConfigFile)
	if err != nil {
		log.Fatalf("could not open singer configuration file %s: %v", signerConfigFile, err)
	}

	opts := make([]hsm.ConfigOption, 0)

	caConfig, err := config.LoadConfiguration(configFile)
	if err != nil {
		log.Fatalf("could not load CA hierarchy: %v", err)
	}
	opts = append(opts, hsm.CaConfigOption(caConfig))

	if setupMode {
		log.Print("running in setup mode")
		opts = append(opts, hsm.SetupModeOption())
	}

	if verbose {
		opts = append(opts, hsm.VerboseLoggingOption())
	}

	ctx := hsm.SetupContext(opts...)

	err = hsm.EnsureCAKeysAndCertificates(ctx)
	if err != nil {
		log.Fatalf("could not ensure CA keys and certificates exist: %v", err)
	}

	if setupMode {
		return
	}

	log.Print("setup complete, starting signer operation")
}