import * as fs from "fs";
import { setGlobalDispatcher, Agent } from "undici";

/**
 * Load client certificates for mutual TLS authentication. This function must be called before any HTTP requests are made.
 * This is a global setting that affects all HTTP requests made by the application using the native fetch API.
 *
 * @param clientCertPath     Path to client certificate
 * @param clientKeyPath      Path to client key
 * @param caCertPath         Path to CA certificate [optional]
 * @param clientKeyPassword  Password for client key [optional]
 * @param rejectUnauthorized Reject unauthorized certificates.
 *                           Only use for testing/development, not recommended in production environments [optional]
 *
 * @returns void
 *
 * @example
 * ```typescript
 * loadClientCertificates("cert.pem", "key.pem", "ca.pem", "password", false);
 * ```
 *
 * @see
 * [Undici Agent](https://undici.nodejs.org/#/docs/api/Agent)
 * @see
 * [Undici Dispatcher](https://undici.nodejs.org/#/docs/api/Dispatcher)
 * @see
 * [NodeJS Native Fetch API](https://nodejs.org/docs/latest-v19.x/api/globals.html#fetch)
 */
export function loadClientCertificates(
	clientCertPath: string,
	clientKeyPath: string,
	caCertPath?: string,
	clientKeyPassword?: string,
	rejectUnauthorized?: boolean
): void {
	const clientCert = fs.readFileSync(clientCertPath);
	const clientKey = fs.readFileSync(clientKeyPath);
	const caCert = caCertPath ? fs.readFileSync(caCertPath) : undefined;
	const agent = new Agent({
		connect: {
			cert: clientCert,
			key: clientKey,
			ca: caCert,
			passphrase: clientKeyPassword,
			rejectUnauthorized,
		},
	});

	setGlobalDispatcher(agent);
}