# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/

class SSLCertificate < ApplicationModel
  validate :valid_ssl_certificate

  before_validation :extract_metadata, on: :create

  def certificate_parsed
    @certificate_parsed ||= Certificate::X509::SSL.new(certificate)
  rescue OpenSSL::X509::CertificateError
    raise Exceptions::UnprocessableEntity, __('This is not a valid X509 certificate. Please check the certificate format.')
  end

  def filter_attributes(attributes)
    super.except! 'certificate'
  end

  private

  def extract_metadata
    cert = certificate_parsed
    self.fingerprint = cert.fingerprint
    self.subject     = cert.extensions_as_hash.fetch('subjectAltName', [cert.subject]).join(',')
    self.not_before  = cert.not_before
    self.not_after   = cert.not_after
    self.ca          = cert.ca?
  end

  def valid_ssl_certificate
    certificate_parsed.valid_ssl_certificate!
  rescue Exceptions::UnprocessableEntity => e
    errors.add(:base, e.message)
  end
end