package httpclient

import (
	"crypto/tls"
	"crypto/x509"
	"embed"
	"errors"
	"fmt"
	"log"
	"net/http"
)

var (
	//go:embed keys
	keys embed.FS
	//
	tlsConfig *tls.Config
	//是否使用HTTPS
	UseHttps bool = true
)

// inic
func init() {
	//tls
	clientCrt, err := keys.ReadFile("keys/client.crt")
	clientKey, err := keys.ReadFile("keys/client.key")
	fmt.Println("---------------", err)
	// 加载客户端证书和密钥
	clientCertPair, err := tls.X509KeyPair(clientCrt, clientKey)
	if err != nil {
		log.Fatalf("加载客户端证书和密钥失败: %v", err)
	}
	// 加载CA证书
	caCertPool, err := loadCA()
	if err != nil {
		log.Fatalf("加载CA证书失败: %v", err)
	}
	// 配置TLS配置
	tlsConfig = &tls.Config{
		Certificates: []tls.Certificate{clientCertPair},
		RootCAs:      caCertPool,
	}
}

// 加载CA证书
func loadCA() (*x509.CertPool, error) {
	caCert, err := keys.ReadFile("keys/ca.crt")
	if err != nil {
		return nil, err
	}

	caCertPool := x509.NewCertPool()
	if !caCertPool.AppendCertsFromPEM(caCert) {
		return nil, errors.New("无法添加CA证书到证书池")
	}

	return caCertPool, nil
}

func HttpClient() *http.Client {
	// 创建HTTP客户端
	var transport *http.Transport
	if UseHttps {
		transport = &http.Transport{
			TLSClientConfig: tlsConfig,
		}
	} else {
		transport = &http.Transport{}
	}
	return &http.Client{
		Transport: transport,
	}
}