package x509

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/pem"
	"math/big"
	"net"
	"testing"
	"time"

	"github.com/stretchr/testify/assert"
)

func TestGenPublicCert(t *testing.T) {
	key, _ := rsa.GenerateKey(rand.Reader, 2048)

	// Certificate and key are hard-coded here for testing purposes
	caKeySigner, _ := rsa.GenerateKey(rand.Reader, 2048)

	certInfo := testCertInfo(t)
	caCert := getTestCA(t)

	x509CertBytes, _ := GenPublicCert(certInfo, key, caCert, caKeySigner)

	assert.NotNil(t, x509CertBytes)
}

func getTestCA(t *testing.T) *x509.Certificate {
	t.Helper()
	return &x509.Certificate{
		SerialNumber: big.NewInt(2019),
		Subject: pkix.Name{
			Organization:  []string{"Company, INC."},
			Country:       []string{"US"},
			Province:      []string{""},
			Locality:      []string{"San Francisco"},
			StreetAddress: []string{"Golden Gate Bridge"},
			PostalCode:    []string{"00000"},
		},
		NotBefore:             time.Now(),
		NotAfter:              time.Now().AddDate(10, 0, 0),
		IsCA:                  true,
		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
		BasicConstraintsValid: true,
	}
}

func testCertInfo(t *testing.T) CertInfo {
	t.Helper()
	return CertInfo{
		Name:       "Test cert",
		CommonName: "cert info",
		Organization: []string{
			"system:masters",
		},
		Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
	}
}

func TestEncodex509CertAsPem(t *testing.T) {
	block := pem.Block{
		Type:  "CERTIFICATE",
		Bytes: []byte{},
	}
	encodedBlock := pem.EncodeToMemory(&block)
	recoveredBlock, _ := pem.Decode(encodedBlock)

	assert.Equal(t, recoveredBlock.Type, "CERTIFICATE")
}

func TestGenerateCertAndKey(t *testing.T) {
	testCertInfo := CertInfo{
		Name:       "test",
		CommonName: "test",
		DNSNames: []string{
			"name",
		},
		IPs: []net.IP{
			net.IPv4(127, 0, 0, 1),
		},
	}

	ca := getTestCA(t)

	caKeySigner, _ := rsa.GenerateKey(rand.Reader, 4096)

	encodedKeyPair, err := GenerateCertAndKey(testCertInfo, ca, caKeySigner)

	assert.NotNil(t, encodedKeyPair)
	assert.NoError(t, err)
}

func FuzzGenerateCertAndKey(f *testing.F) {
	ca, key := returnTestCaAndKey(f)
	f.Fuzz(func(t *testing.T, name string, hostIP string) {
		testCertInfo := CertInfo{
			Name:       "test",
			CommonName: "test",
			DNSNames: []string{
				name,
			},
			IPs: []net.IP{
				net.ParseIP(hostIP),
			},
		}

		encodedKeyPair, err := GenerateCertAndKey(testCertInfo, ca, key)

		assert.NotNil(t, encodedKeyPair)
		assert.NoError(t, err)
	})
}

func returnTestCaAndKey(f *testing.F) (*x509.Certificate, *rsa.PrivateKey) {
	f.Helper()
	ca := &x509.Certificate{
		SerialNumber: big.NewInt(2019),
		Subject: pkix.Name{
			Organization:  []string{"Company, INC."},
			Country:       []string{"US"},
			Province:      []string{""},
			Locality:      []string{"San Francisco"},
			StreetAddress: []string{"Golden Gate Bridge"},
			PostalCode:    []string{"00000"},
		},
		NotBefore:             time.Now(),
		NotAfter:              time.Now().AddDate(10, 0, 0),
		IsCA:                  true,
		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
		BasicConstraintsValid: true,
	}
	caKeySigner, _ := rsa.GenerateKey(rand.Reader, 4096)
	return ca, caKeySigner
}