'use strict';

const {
  calculatePartialFingerprintOfEscapedPemCertificate,
} = require('../../modules/certificate');

module.exports = async (req, res, next) => {
  // this header from nginx contains the CN from the client certificate
  if (
    req.headers['ssl_client_s_dn_cn'] &&
    req.headers['ssl_client_s_dn_cn'] !== 'no_client_cert'
  ) {
    req.clientCertificateCn = req.headers['ssl_client_s_dn_cn'];
  } else {
    const err = new Error('Unauthorized');
    err.status = 403;
    return next(err);
  }

  // this header from nginx contains the URI-encoded PEM-encoded X.509 client certificate
  if (req.headers['ssl_client_certificate']) {
    const pemCertificateEscaped = req.headers['ssl_client_certificate'];
    const fingerprint = calculatePartialFingerprintOfEscapedPemCertificate(
      pemCertificateEscaped,
    );
    req.clientCertificateFingerprint = fingerprint;
  } else {
    const err = new Error('Unauthorized');
    err.status = 403;
    return next(err);
  }
  return next();
};