package cert

import (
	"crypto/elliptic"
	"crypto/x509"
	"math/big"
	"testing"
	"time"

	"github.com/stretchr/testify/require"
	"gitlab.com/urkob/go-cert-gen/pkg/ca"
	"gitlab.com/urkob/go-cert-gen/pkg/client"
)

const year = time.Hour * 24 * 365

var rootTestConfig = ca.CaConfig{
	SerialNumber: big.NewInt(12321),
	Subject: ca.CaSubject{
		Organization: "test-organization",
		CommonName:   "test-organization",
	},
	KeyUsage: x509.KeyUsageDigitalSignature,
	ExtKeyUsage: []x509.ExtKeyUsage{
		x509.ExtKeyUsageServerAuth,
		x509.ExtKeyUsageClientAuth,
	},
	Duration: year,
}

var clientTestConfig = client.ClientCertConfig{
	Serial: big.NewInt(12321),
	Subject: client.Subject{
		Organization:  rootTestConfig.Subject.Organization,
		Country:       "REML",
		Province:      "REML",
		Locality:      "REML",
		StreetAddress: "c/o Sovereign 7 rural free delivery",
		PostalCode:    "[Near 777]",
	},
	Duration:     year,
	SubjectKeyId: []byte{1, 2, 3, 4, 6},
	ExtKeyUsage: []x509.ExtKeyUsage{
		x509.ExtKeyUsageServerAuth,
		x509.ExtKeyUsageClientAuth,
	},
	KeyUsage: x509.KeyUsageDigitalSignature,
}

func Test_newPrivateKey(t *testing.T) {
	privKey, err := newPrivateKey()
	require.NoError(t, err)

	require.NotEmpty(t, privKey.PublicKey.Params().Name)
	require.Equal(t, elliptic.P256(), privKey.PublicKey.Params().Name)
}

func Test_encodePrivateKey(t *testing.T) {
	privKey, err := newPrivateKey()
	require.NoError(t, err)

	bytes, err := encodePrivateKey(privKey)
	require.NoError(t, err)

	require.NotNil(t, bytes)
	require.Greater(t, len(bytes), 0)
}

func Test_newRootCA(t *testing.T) {
	caPEM, keyPEM, err := newRootCA(&rootTestConfig)

	require.NoError(t, err)
	require.NotNil(t, caPEM)
	require.Greater(t, len(caPEM), 0)
	require.NotNil(t, keyPEM)
	require.Greater(t, len(keyPEM), 0)
}

func Test_parseCertificate(t *testing.T) {
	caPEM, _, err := newRootCA(&rootTestConfig)
	require.NoError(t, err)

	rootCert, err := parseCertificate(caPEM)
	require.NoError(t, err)
	require.NotNil(t, rootCert)
	require.Equal(t, rootCert.SignatureAlgorithm, x509.ECDSAWithSHA256)
	require.Equal(t, rootCert.Issuer.Organization, []string{rootTestConfig.Subject.Organization})
	require.Equal(t, rootCert.Issuer.CommonName, rootTestConfig.Subject.CommonName)
}

func TestNewRootCA(t *testing.T) {
	rootCert, err := NewRootCA(&rootTestConfig)
	require.NoError(t, err)
	require.NotNil(t, rootCert)
}

func Test_rootCA_WithClientCert(t *testing.T) {
	rootCert, err := NewRootCA(&rootTestConfig)
	require.NoError(t, err)
	require.NotNil(t, rootCert)

	clientSrv, err := rootCert.WithClientCert(&clientTestConfig)
	require.NoError(t, err)
	require.NotNil(t, clientSrv)

	require.NotNil(t, clientSrv.Key())
	require.Greater(t, len(clientSrv.Key()), 0)

	require.NotNil(t, clientSrv.PEM())
	require.Greater(t, len(clientSrv.PEM()), 0)
}