# Lint as: python3
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""PEM utilities for Privateca commands."""

from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals

import re

from googlecloudsdk.calliope import exceptions

_PEM_CERT_RE = (
    r'-----BEGIN CERTIFICATE-----\n(?:[a-zA-Z0-9+/=]+\r?\n)+-----END '
    r'CERTIFICATE-----\s*')
_PEM_CHAIN_RE = re.compile(r'^({})+$'.format(_PEM_CERT_RE))


def ValidateAndParsePemChain(pem_chain):
  """Validates and parses a pem_chain string into a list of certs.

  Args:
    pem_chain: The string represting the pem_chain.

  Returns:
    A list of the certificates that make up the chain, in the same order
    as the input.

  Raises:
    exceptions.InvalidArgumentException if the pem_chain is in an unexpected
    format.
  """
  if not re.match(_PEM_CHAIN_RE, pem_chain):
    raise exceptions.InvalidArgumentException(
        'pem-chain', 'The pem_chain you provided was in an unexpected format.')

  certs = re.findall(_PEM_CERT_RE, pem_chain)

  for i in range(len(certs)):
    # Match service-generated certs, which always end with a single newline.
    certs[i] = certs[i].strip() + '\n'
  return certs