package main

import (
	"crypto/tls"
	"crypto/x509"
	"log"
	"mtls/pkg/castore"
	"net/http"
)

var (
	certPool *x509.CertPool
)

const (
	SERVER_CRT_FILE = "pki/server.crt"
	SERVER_KEY_FILE = "pki/server.key"
	SERVER_ADDRESS  = ":8080"
)

func main() {
	log.Default().SetFlags(log.Lshortfile)
	certPool = castore.NewCAstore()
	mux := http.NewServeMux()
	mux.HandleFunc("/hello", Hello_handler)

	serverKeypair, err := tls.LoadX509KeyPair(SERVER_CRT_FILE, SERVER_KEY_FILE)
	if err != nil {
		log.Fatal(err)
	}

	server := http.Server{
		TLSConfig: &tls.Config{
			MinVersion:   tls.VersionTLS13,
			RootCAs:      certPool,
			ClientCAs:    certPool,
			Certificates: []tls.Certificate{serverKeypair},
			ClientAuth:   tls.RequireAndVerifyClientCert,
		},
		Addr:    SERVER_ADDRESS,
		Handler: mux,
	}

	err = server.ListenAndServeTLS("", "")
	if err != nil {
		log.Fatal(err)
	}
}

func Hello_handler(w http.ResponseWriter, r *http.Request) {
	for _, cert := range r.TLS.PeerCertificates {
		log.Printf("Peer certificate CommonName: %s", cert.Subject.CommonName)
	}
	w.Write([]byte("Hello world\n"))
}