package alipay

import (
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"strings"
)

// getRootCertSN 计算证书的序列号并返回最终字符串
func getRootCertSN(certPath string) (string, error) {
	certData, err := ioutil.ReadFile(certPath)
	if err != nil {
		return "", fmt.Errorf("failed to read certificate file: %v", err)
	}
	var sn string
	blocks := strings.Split(string(certData), "-----END CERTIFICATE-----")
	for _, blockStr := range blocks[:len(blocks)-1] {
		cert, err := getCert([]byte(strings.TrimSpace(blockStr) + "\n-----END CERTIFICATE-----"))
		if err != nil {
			continue
		}
		serialNumber := cert.SerialNumber.String()
		if strings.HasPrefix(serialNumber, "0x") {
			serialNumber = hex2dec(serialNumber[2:])
		}
		if cert.SignatureAlgorithm == x509.SHA1WithRSA || cert.SignatureAlgorithm == x509.SHA256WithRSA {
			hash := md5Hash(cert.Issuer.ToRDNSequence().String() + serialNumber)
			if sn == "" {
				sn = hash
			} else {
				sn += "_" + hash
			}
		}
	}

	return sn, nil
}