package openssl_test

import (
	"crypto/rand"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/asn1"
	"math/big"
	"os"
	"path"
	"strings"
	"testing"
	"time"

	"git.cacert.org/cacert-gosigner/x509/openssl"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestStoreRevocation(t *testing.T) {
	tempdir := t.TempDir()

	fr, err := openssl.NewFileRepository(tempdir)
	require.NoError(t, err)

	serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
	if err != nil {
		t.Errorf("could not create random serial: %v", err)
	}

	extBytes, err := asn1.Marshal(openssl.CRLReasonKeyCompromise)
	if err != nil {
		t.Errorf("could not marshal revocation reason: %v", err)
	}

	notAfter := time.Now().UTC().Add(24 * time.Hour).UTC()

	err = fr.StoreRevocation(&pkix.RevokedCertificate{
		SerialNumber:   serial,
		RevocationTime: notAfter,
		Extensions: []pkix.Extension{
			{Id: openssl.OidCRLReason, Value: extBytes},
		},
	})

	assert.ErrorIs(t, err, openssl.CannotRevokeUnknown{Serial: serial})

	err = os.WriteFile(path.Join(tempdir, "index.txt"), []byte(
		strings.Join(
			[]string{
				"V",
				notAfter.Format(openssl.TimeSpec),
				"",
				strings.ToUpper(serial.Text(16)),
				"unknown",
				pkix.Name{CommonName: "test.example.org"}.String(),
			},
			"\t",
		)+"\n",
	), 0o600)
	assert.NoError(t, err)

	err = fr.StoreRevocation(&pkix.RevokedCertificate{
		SerialNumber:   serial,
		RevocationTime: time.Now(),
		Extensions: []pkix.Extension{
			{Id: openssl.OidCRLReason, Value: extBytes},
		},
	})
	assert.NoError(t, err)

	assert.FileExists(t, path.Join(tempdir, "index.txt"))
}

func TestStoreCertificate(t *testing.T) {
	tempdir := t.TempDir()

	fr, err := openssl.NewFileRepository(tempdir)
	require.NoError(t, err)

	serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
	if err != nil {
		t.Errorf("could not create random serial: %v", err)
	}

	err = fr.StoreCertificate(&x509.Certificate{
		SerialNumber: serial,
		Issuer: pkix.Name{
			CommonName: "Test CA",
		},
		Subject: pkix.Name{
			CommonName: "test.example.org",
		},
		NotBefore:   time.Now().Add(-1 * time.Hour).UTC(),
		NotAfter:    time.Now().Add(24 * time.Hour).UTC(),
		KeyUsage:    x509.KeyUsageDigitalSignature | x509.KeyUsageKeyAgreement,
		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
		DNSNames:    []string{"test.example.org"},
	})
	assert.NoError(t, err)

	assert.FileExists(t, path.Join(tempdir, "index.txt"))
}