import { KJUR, X509 } from 'jsrsasign'

const uuidRegex =
	/[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}/i

export function extractEnrollment(certificate: string): string {
	const cert = new X509()
	cert.readCertPEM(certificate)
	const subject = cert.getSubjectString()
	return subject.match(uuidRegex)?.[0]
}

const algName = 'SHA256withECDSA'
/**
 * @param payload String which is signed
 * @param privateKey Contains the private key of an ECDSA pair
 * @returns hex encoded string of the signature
 */
export function sign(payload: string, privateKey: string | KJUR.crypto.ECDSA) {
	const signer = new KJUR.crypto.Signature({ alg: algName })
	signer.init(privateKey)
	return signer.signString(payload)
}

/**
 * @param payload The payload whose signature is verified
 * @param signature The signature for the payload
 * @param publicKey Contains the public key of an ECDSA pair
 * @return true if the signature is valid
 */
export function verify(
	payload: string,
	signature: string,
	publicKey: string | KJUR.crypto.ECDSA
) {
	const signer = new KJUR.crypto.Signature({ alg: algName })
	signer.init(publicKey)
	signer.updateString(payload)
	return signer.verify(signature)
}