package service

import (
	"crypto/x509"
	"encoding/base64"
	"encoding/pem"
	"errors"
	"omc/ca"
	"omc/conf"
	"omc/core/db"
	"omc/core/utils"
	"omc/handle/model"

	"github.com/aceld/zinx/zlog"
)

// UserLogin 用户登录
func UserLogin(name, passwd string) error {
	// 用户名密码校验
	var user model.User
	err := db.Client.Model(&model.User{}).Where("account_id=?", name).First(&user).Error
	if err != nil {
		return err
	}

	if err := utils.Compare(user.Password, passwd); err != nil {
		zlog.Ins().ErrorF("Password Login[%s]:%s", name, err)
		return errors.New("incorrect username and password")
	}
	return nil
}

func CMCALogin(source, sign, cert string) (login bool, err error) {
	defer func() {
		if r := recover(); r != nil {
			zlog.Ins().ErrorF("CMCALogin panic:%v", r)
		}
	}()
	//base64 解码签名数据
	signBytes, err := base64.StdEncoding.DecodeString(sign)
	if err != nil {
		return false, err
	}
	//证书加载
	block, _ := pem.Decode([]byte(cert))

	//证书解析
	certBody, err := x509.ParseCertificate(block.Bytes)
	if err != nil {
		return false, err
	}

	//证书校验
	if conf.OmcConf.CA.Check {
		if err := ca.VerifyCert(certBody); err != nil {
			return false, err
		}
	}

	//签名验证
	err = ca.VerifyRSA([]byte(source), signBytes, certBody)
	if err != nil {
		return false, err
	}
	return true, nil
}