using System.Runtime.InteropServices;
using System.Security.Cryptography.X509Certificates;
using Microsoft.AspNetCore.Hosting;

namespace OliverBooth.Common.Extensions;

public static class WebHostBuilderExtensions
{
    public static IWebHostBuilder AddCertificateFromEnvironment(this IWebHostBuilder builder)
    {
        return builder.UseKestrel(options =>
        {
            string certPath = Environment.GetEnvironmentVariable("SSL_CERT_PATH")!;
            if (!File.Exists(certPath))
            {
                options.ListenAnyIP(5049);
                return;
            }

            string? keyPath = Environment.GetEnvironmentVariable("SSL_KEY_PATH");
            if (string.IsNullOrWhiteSpace(keyPath) || !File.Exists(keyPath)) keyPath = null;

            options.ListenAnyIP(2845, options =>
            {
                X509Certificate2 cert = CreateCertFromPemFile(certPath, keyPath);
                options.UseHttps(cert);
            });
            return;

            static X509Certificate2 CreateCertFromPemFile(string certPath, string? keyPath)
            {
                if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
                    return X509Certificate2.CreateFromPemFile(certPath, keyPath);

                //workaround for windows issue https://github.com/dotnet/runtime/issues/23749#issuecomment-388231655
                using var cert = X509Certificate2.CreateFromPemFile(certPath, keyPath);
                return new X509Certificate2(cert.Export(X509ContentType.Pkcs12));
            }
        });
    }
}