package utils

import (
	"crypto/rsa"
	"errors"
	"github.com/dgrijalva/jwt-go"
	"io/ioutil"
)

type PemKEY struct {
	PublicKey *rsa.PublicKey
}

func getPEM(path string) (key PemKEY, err error) {
	pubByte, err := ioutil.ReadFile(path)
	if err != nil {
		return key, err
	}
	key.PublicKey, err = jwt.ParseRSAPublicKeyFromPEM(pubByte)
	if err != nil {
		return key, err
	}
	return key, nil
}

func RSADeToken(token, path string, NewClaim jwt.Claims) error {
	if token == "" {
		return errors.New("token为空")
	}
	key, err := getPEM(path)
	if err != nil {
		return err
	}
	tokens, err := jwt.ParseWithClaims(token, NewClaim, func(token *jwt.Token) (interface{}, error) {
		return key.PublicKey, nil
	})
	if !tokens.Valid {
		if ve, ok := err.(*jwt.ValidationError); ok { //官方写法招抄就行
			if ve.Errors&jwt.ValidationErrorMalformed != 0 {
				return errors.New("错误的token")
			} else if ve.Errors&(jwt.ValidationErrorExpired|jwt.ValidationErrorNotValidYet) != 0 {
				return errors.New("token过期或未启用")
			} else {
				return errors.New("无法处理这个token" + err.Error())
			}

		}
	}

	return nil
}