'use strict';

const { unescape } = require('querystring');
const { pki, md, asn1 } = require('node-forge');

/*
  escapedPemCertificate comes from nginx, it's the client cert in PEM format.
  This function calculates the 10-byte fingerprint required by OpenADR.
  Ref: OpenADR 2.0b protocol specification section 10.5.1
*/
function calculatePartialFingerprintOfEscapedPemCertificate(
  escapedPemCertificate,
) {
  const pemCertificate = unescape(escapedPemCertificate);
  const parsedCertificate = pki.certificateFromPem(pemCertificate);
  const asn1Encoded = pki.certificateToAsn1(parsedCertificate);
  const derEncoded = asn1.toDer(asn1Encoded).getBytes();
  const fullFingerprintDelimited = md.sha256
    .create()
    .update(derEncoded)
    .digest()
    .toHex()
    .match(/.{2}/g)
    .join(':');
  return fullFingerprintDelimited.slice(-29).toUpperCase();
}

module.exports = {
  calculatePartialFingerprintOfEscapedPemCertificate,
};