{.passL: "-l crypto -l quicly -l picotls-core -l picotls-openssl".}

import quicly/quicly
import quicly/defaults
import picotls/picotls
import picotls/openssl as ptls_openssl

from openssl import DLLSSLName, EVP_PKEY, EVP_PKEY_free

const certChainPath = "./certs/server-certchain.pem"
const keyPath = "./certs/server-cert.key"

proc PEM_read_PrivateKey(fp: File, x: ptr EVP_PKEY,
                         cb: proc(buf: cstring, size: cint, rwflag: cint, u: pointer): cint {.cdecl.},
                         u: pointer): EVP_PKEY
                        {.cdecl, dynlib: DLLSSLName, importc.}

proc onStreamOpen(self: ptr quicly_stream_open_t, stream: ptr quicly_stream_t):
                 cint {.cdecl.} =
  echo "onStreamOpen!"

proc main() =
  # callbacks
  var streamOpen = quicly_stream_open_t(cb: onStreamOpen)

  var tlsCtx = ptls_context_t(randomBytes: ptlsOpensslRandomBytes,
                              getTime: addr ptlsGetTime,
                              keyExchanges: ptlsOpensslKeyExchanges,
                              cipherSuites: ptlsOpensslCipherSuites)
  quiclyAmendPtlsContext(addr tlsCtx)
  var ctx = quiclySpecContext
  ctx.tls = addr tlsCtx
  ctx.stream_open = addr streamOpen
  if ptlsLoadCertificates(addr tlsCtx, certChainPath.cstring) != 0:
    echo "cannot load certificate chain ", certChainPath
    quit(1)
  let pKeyFile = open(keyPath)
  let privateKey = PEM_read_PrivateKey(pkeyFile, nil, nil, nil)
  pkeyFile.close()
  if privateKey == nil:
    echo "cannot load private key ", keyPath
    quit(2)
  var signCertificate: ptls_openssl_sign_certificate_t
  discard ptls_openssl_init_sign_certificate(addr signCertificate, privateKey)
  EVP_PKEY_free(privateKey)
  tlsCtx.signCertificate = addr signCertificate.super
  echo "hello world"

when isMainModule:
  main()