@page "/certificates"
@attribute [Microsoft.AspNetCore.Authorization.Authorize]
@rendermode RenderMode.InteractiveServer
@using System.Security.Cryptography.X509Certificates
@using Microsoft.Extensions.Configuration
@inject IConfiguration Config

<div class="d-flex justify-content-between align-items-center mb-3">
    <h4 class="mb-0">OPC UA certificates</h4>
</div>

<section class="panel notice rise" style="animation-delay:.02s">
    PKI store layout: <span class="mono">{PkiStoreRoot}/own</span> (this server's identity),
    <span class="mono">issuer</span> / <span class="mono">trusted</span> (peers we accept),
    <span class="mono">rejected</span> (peers we've turned away). F13a wires SDK
    auto-creation so the own-store self-signs on first boot.
</section>

@if (_rows is null)
{
    <p class="mt-3">Loading…</p>
}
else
{
    @foreach (var store in _rows)
    {
        <section class="panel rise mt-3" style="animation-delay:.08s">
            <div class="panel-head">@store.Label &middot; @store.Certificates.Count entry@(store.Certificates.Count == 1 ? "" : "s")</div>
            @if (string.IsNullOrEmpty(store.Path))
            {
                <div style="padding:1rem" class="text-muted">No path configured.</div>
            }
            else if (!Directory.Exists(store.Path))
            {
                <div style="padding:1rem" class="text-muted">
                    <span class="mono">@store.Path</span> doesn't exist yet. It will be created on first boot.
                </div>
            }
            else if (store.Certificates.Count == 0)
            {
                <div style="padding:1rem" class="text-muted">No certificates in <span class="mono">@store.Path</span>.</div>
            }
            else
            {
                <div class="table-wrap">
                    <table class="data-table">
                        <thead>
                            <tr>
                                <th>Subject</th>
                                <th>Issuer</th>
                                <th>Thumbprint</th>
                                <th>Not before</th>
                                <th>Not after</th>
                            </tr>
                        </thead>
                        <tbody>
                            @foreach (var c in store.Certificates)
                            {
                                <tr>
                                    <td><span class="mono small">@c.Subject</span></td>
                                    <td><span class="mono small">@c.Issuer</span></td>
                                    <td><span class="mono small">@c.Thumbprint[..16]…</span></td>
                                    <td>@c.NotBefore.ToString("u")</td>
                                    <td>@c.NotAfter.ToString("u")</td>
                                </tr>
                            }
                        </tbody>
                    </table>
                </div>
            }
        </section>
    }
}

@code {
    private List<StoreView>? _rows;

    protected override void OnInitialized()
    {
        var pkiRoot = Config.GetValue<string?>("OpcUa:PkiStoreRoot") ?? "pki";
        _rows = new()
        {
            LoadStore("Own", Path.Combine(pkiRoot, "own", "certs")),
            LoadStore("Trusted peers", Path.Combine(pkiRoot, "trusted", "certs")),
            LoadStore("Trusted issuers", Path.Combine(pkiRoot, "issuer", "certs")),
            LoadStore("Rejected", Path.Combine(pkiRoot, "rejected", "certs")),
        };
    }

    private static StoreView LoadStore(string label, string path)
    {
        var view = new StoreView(label, path, new List<X509Certificate2>());
        if (!Directory.Exists(path)) return view;
        foreach (var file in Directory.EnumerateFiles(path).Where(IsCertFile))
        {
            try { view.Certificates.Add(X509CertificateLoader.LoadCertificateFromFile(file)); }
            catch { /* ignore unreadable entries */ }
        }
        return view;
    }

    private static bool IsCertFile(string path)
    {
        var ext = Path.GetExtension(path);
        return ext.Equals(".der", StringComparison.OrdinalIgnoreCase)
            || ext.Equals(".cer", StringComparison.OrdinalIgnoreCase)
            || ext.Equals(".crt", StringComparison.OrdinalIgnoreCase);
    }

    private sealed record StoreView(string Label, string Path, List<X509Certificate2> Certificates);
}