package main

import (
"fmt"
"crypto/x509"
"io/ioutil"
"encoding/pem"
"revoke"
"os"
"crypto/tls"
"bytes"
)

var remoteRead = ioutil.ReadAll

var SkipVerify = false

var TimeoutSeconds = 3

const defaultPort = "443"

func GetCertificatesPEM(address string) (string, error) {
    conn, err := tls.Dial("tcp", address, &tls.Config{
        InsecureSkipVerify: true,
    })
    if err != nil {
        return "", err
    }
    defer conn.Close()
    var b bytes.Buffer
    for _, cert := range conn.ConnectionState().PeerCertificates {
        err := pem.Encode(&b, &pem.Block{
            Type: "CERTIFICATE",
            Bytes: cert.Raw,
        })
        if err != nil {
            return "", err
        }
    }
    return b.String(), nil
}

func mustParse(pemData string) *x509.Certificate {
    block, _ := pem.Decode([]byte(pemData))
    if block == nil {
        panic("Invalid PEM data.")
    } else if block.Type != "CERTIFICATE" {
        panic("Invalid PEM type.")
    }

    cert, err := x509.ParseCertificate([]byte(block.Bytes))
    if err != nil {
        panic(err.Error())
    }
    return cert
}

func main() {

    arg := os.Args[1]

    cert, _ := GetCertificatesPEM(arg)
    
    revoked, _ := revoke.VerifyCertificate(mustParse(cert))

    fmt.Printf("\n\n")

    fmt.Printf("Certificate has been revoked: ", revoked)
}