'use strict';

const { pki, md, asn1 } = require('node-forge');

const NUMBER_OF_CHARACTERS_IN_10_COLON_DELIMITED_BYTES = 29;

/*
  escapedPemCertificate comes from nginx, it's the client cert in PEM format.
  This function calculates the 10-byte fingerprint required by OpenADR.
  Ref: OpenADR 2.0b protocol specification section 10.5.1
*/
function calculatePartialFingerprintOfEscapedPemCertificate(
  escapedPemCertificate,
) {
  const pemCertificate = decodeURIComponent(escapedPemCertificate);
  const parsedCertificate = pki.certificateFromPem(pemCertificate);
  const asn1Encoded = pki.certificateToAsn1(parsedCertificate);
  const derEncoded = asn1.toDer(asn1Encoded).getBytes();
  const fullFingerprintDelimited = md.sha256
    .create()
    .update(derEncoded)
    .digest()
    .toHex()
    .match(/.{2}/g)
    .join(':');
  return fullFingerprintDelimited
    .slice(-NUMBER_OF_CHARACTERS_IN_10_COLON_DELIMITED_BYTES)
    .toUpperCase();
}

module.exports = {
  calculatePartialFingerprintOfEscapedPemCertificate,
};