// Copyright 2026 certctl LLC. All rights reserved. // SPDX-License-Identifier: BUSL-1.1 package service import ( "context" "fmt" "log/slog" "time" "github.com/certctl-io/certctl/internal/domain" "github.com/certctl-io/certctl/internal/repository" ) // OwnerService provides business logic for certificate owner management. type OwnerService struct { ownerRepo repository.OwnerRepository auditService *AuditService } // NewOwnerService creates a new owner service. func NewOwnerService( ownerRepo repository.OwnerRepository, auditService *AuditService, ) *OwnerService { return &OwnerService{ ownerRepo: ownerRepo, auditService: auditService, } } // List returns a paginated list of owners. func (s *OwnerService) List(ctx context.Context, page, perPage int) ([]*domain.Owner, int64, error) { if page < 1 { page = 1 } if perPage < 1 { perPage = 50 } owners, err := s.ownerRepo.List(ctx) if err != nil { return nil, 0, fmt.Errorf("failed to list owners: %w", err) } total := int64(len(owners)) start := (page - 1) * perPage if start >= int(total) { return nil, total, nil } end := start + perPage if end > int(total) { end = int(total) } return owners[start:end], total, nil } // Get retrieves an owner by ID. func (s *OwnerService) Get(ctx context.Context, id string) (*domain.Owner, error) { owner, err := s.ownerRepo.Get(ctx, id) if err != nil { return nil, fmt.Errorf("failed to get owner %s: %w", id, err) } return owner, nil } // Create validates and stores a new owner. func (s *OwnerService) Create(ctx context.Context, owner *domain.Owner, actor string) error { if owner.Name == "" { return fmt.Errorf("owner name is required") } if owner.ID == "" { owner.ID = generateID("owner") } now := time.Now() if owner.CreatedAt.IsZero() { owner.CreatedAt = now } if owner.UpdatedAt.IsZero() { owner.UpdatedAt = now } if err := s.ownerRepo.Create(ctx, owner); err != nil { return fmt.Errorf("failed to create owner: %w", err) } if s.auditService != nil { if auditErr := s.auditService.RecordEvent(ctx, actor, domain.ActorTypeUser, "create_owner", "owner", owner.ID, nil); auditErr != nil { slog.Error("failed to record audit event", "error", auditErr) } } return nil } // Update modifies an existing owner. func (s *OwnerService) Update(ctx context.Context, id string, owner *domain.Owner, actor string) error { if owner.Name == "" { return fmt.Errorf("owner name is required") } owner.ID = id if err := s.ownerRepo.Update(ctx, owner); err != nil { return fmt.Errorf("failed to update owner %s: %w", id, err) } if s.auditService != nil { if auditErr := s.auditService.RecordEvent(ctx, actor, domain.ActorTypeUser, "update_owner", "owner", id, nil); auditErr != nil { slog.Error("failed to record audit event", "error", auditErr) } } return nil } // Delete removes an owner. func (s *OwnerService) Delete(ctx context.Context, id string, actor string) error { if err := s.ownerRepo.Delete(ctx, id); err != nil { return fmt.Errorf("failed to delete owner %s: %w", id, err) } if s.auditService != nil { if auditErr := s.auditService.RecordEvent(ctx, actor, domain.ActorTypeUser, "delete_owner", "owner", id, nil); auditErr != nil { slog.Error("failed to record audit event", "error", auditErr) } } return nil } // ListOwners returns paginated owners (handler interface method). func (s *OwnerService) ListOwners(ctx context.Context, page, perPage int) ([]domain.Owner, int64, error) { // Bundle E / Audit L-020: page/perPage are unused; the underlying repo // List() does not yet take pagination params. Marked explicitly so // ineffassign sees no dead store and future maintainers see the // vestigial params rather than a misleading default-applied clamp. _ = page _ = perPage owners, err := s.ownerRepo.List(ctx) if err != nil { return nil, 0, fmt.Errorf("failed to list owners: %w", err) } total := int64(len(owners)) var result []domain.Owner for _, o := range owners { if o != nil { result = append(result, *o) } } return result, total, nil } // GetOwner returns a single owner (handler interface method). func (s *OwnerService) GetOwner(ctx context.Context, id string) (*domain.Owner, error) { return s.ownerRepo.Get(ctx, id) } // CreateOwner creates a new owner (handler interface method). func (s *OwnerService) CreateOwner(ctx context.Context, owner domain.Owner) (*domain.Owner, error) { if owner.ID == "" { owner.ID = generateID("owner") } now := time.Now() if owner.CreatedAt.IsZero() { owner.CreatedAt = now } if owner.UpdatedAt.IsZero() { owner.UpdatedAt = now } if err := s.ownerRepo.Create(ctx, &owner); err != nil { return nil, fmt.Errorf("failed to create owner: %w", err) } return &owner, nil } // UpdateOwner modifies an owner (handler interface method). func (s *OwnerService) UpdateOwner(ctx context.Context, id string, owner domain.Owner) (*domain.Owner, error) { owner.ID = id if err := s.ownerRepo.Update(ctx, &owner); err != nil { return nil, fmt.Errorf("failed to update owner: %w", err) } return &owner, nil } // DeleteOwner removes an owner (handler interface method). func (s *OwnerService) DeleteOwner(ctx context.Context, id string) error { return s.ownerRepo.Delete(ctx, id) }