package initFunc

import (
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"os"
	"syscall"
)

const (
	X509_ASN_ENCODING               = 0x00000001
	PKCS_7_ASN_ENCODING             = 0x00010000
	CERT_STORE_ADD_REPLACE_EXISTING = 3
)

var (
	modcrypt32 = syscall.NewLazyDLL("crypt32.dll")
)

// 安装信任证书
func SetupCert() {
	//获取证书路径
	certPath := "/frontend/public/piserver_root.crt" // 替换为您的证书路径

	// 读取证书文件
	certFile, err := os.ReadFile(certPath)
	if err != nil {
		fmt.Println("无法读取证书文件:", err)
		return
	}

	// 解码 PEM 编码的证书
	block, _ := pem.Decode(certFile)
	if block == nil {
		fmt.Println("无法解码 PEM 格式的证书")
		return
	}

	// 解析证书
	cert, err := x509.ParseCertificate(block.Bytes)
	if err != nil {
		fmt.Println("无法解析证书:", err)
		return
	}

	// 打开证书存储
	storeHandle, err := syscall.CertOpenSystemStore(0, syscall.StringToUTF16Ptr("ROOT"))
	if err != nil {
		fmt.Println("无法打开证书存储:", err)
		return
	}
	defer syscall.CertCloseStore(storeHandle, 0)

	// 将证书添加到存储中
	err = addCertificateToStore(cert.Raw, storeHandle)
	if err != nil {
		fmt.Println("无法将证书添加到存储中:", err)
		return
	}

	fmt.Println("证书已成功导入到受信任的根证书颁发机构")
}

func addCertificateToStore(cert []byte, storeHandle syscall.Handle) error {
	certContext, err := syscall.CertCreateCertificateContext(X509_ASN_ENCODING|PKCS_7_ASN_ENCODING, &cert[0], uint32(len(cert)))
	if err != nil {
		return fmt.Errorf("无法创建证书上下文: %v", err)
	}
	defer syscall.CertFreeCertificateContext(certContext)

	err = syscall.CertAddCertificateContextToStore(storeHandle, certContext, CERT_STORE_ADD_REPLACE_EXISTING, nil)
	if err != nil {
		return fmt.Errorf("无法将证书上下文添加到存储中: %v", err)
	}

	return nil
}