/*
Copyright IBM Corp. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0
*/

package sw

import (
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"
	"fmt"
	"io/ioutil"
	"os"
	"path/filepath"
	"testing"

	"github.com/stretchr/testify/require"
)

func TestInvalidStoreKey(t *testing.T) {
	t.Parallel()

	tempDir := t.TempDir()

	ks, err := NewFileBasedKeyStore(nil, filepath.Join(tempDir, "bccspks"), false)
	if err != nil {
		t.Fatalf("Failed initiliazing KeyStore [%s]", err)
	}

	err = ks.StoreKey(nil)
	if err == nil {
		t.Fatal("Error should be different from nil in this case")
	}

	err = ks.StoreKey(&ecdsaPrivateKey{nil})
	if err == nil {
		t.Fatal("Error should be different from nil in this case")
	}

	err = ks.StoreKey(&ecdsaPublicKey{nil})
	if err == nil {
		t.Fatal("Error should be different from nil in this case")
	}

	err = ks.StoreKey(&aesPrivateKey{nil, false})
	if err == nil {
		t.Fatal("Error should be different from nil in this case")
	}

	err = ks.StoreKey(&aesPrivateKey{nil, true})
	if err == nil {
		t.Fatal("Error should be different from nil in this case")
	}
}

func TestBigKeyFile(t *testing.T) {
	ksPath := t.TempDir()

	ks, err := NewFileBasedKeyStore(nil, ksPath, false)
	require.NoError(t, err)

	// Generate a key for keystore to find
	privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
	require.NoError(t, err)

	cspKey := &ecdsaPrivateKey{privKey}
	ski := cspKey.SKI()
	rawKey, err := privateKeyToPEM(privKey, nil)
	require.NoError(t, err)

	// Large padding array, of some values PEM parser will NOOP
	bigBuff := make([]byte, 1<<17)
	for i := range bigBuff {
		bigBuff[i] = '\n'
	}
	copy(bigBuff, rawKey)

	//>64k, so that total file size will be too big
	ioutil.WriteFile(filepath.Join(ksPath, "bigfile.pem"), bigBuff, 0o666)

	_, err = ks.GetKey(ski)
	require.Error(t, err)
	expected := fmt.Sprintf("key with SKI %x not found in %s", ski, ksPath)
	require.EqualError(t, err, expected)

	// 1k, so that the key would be found
	ioutil.WriteFile(filepath.Join(ksPath, "smallerfile.pem"), bigBuff[0:1<<10], 0o666)

	_, err = ks.GetKey(ski)
	require.NoError(t, err)
}

func TestReInitKeyStore(t *testing.T) {
	ksPath := t.TempDir()

	ks, err := NewFileBasedKeyStore(nil, ksPath, false)
	require.NoError(t, err)
	fbKs, isFileBased := ks.(*fileBasedKeyStore)
	require.True(t, isFileBased)
	err = fbKs.Init(nil, ksPath, false)
	require.EqualError(t, err, "keystore is already initialized")
}

func TestDirExists(t *testing.T) {
	r, err := dirExists("")
	require.False(t, r)
	require.NoError(t, err)

	r, err = dirExists(os.TempDir())
	require.NoError(t, err)
	require.Equal(t, true, r)

	r, err = dirExists(filepath.Join(os.TempDir(), "7rhf90239vhev90"))
	require.NoError(t, err)
	require.Equal(t, false, r)
}

func TestDirEmpty(t *testing.T) {
	_, err := dirEmpty("")
	require.Error(t, err)

	path := filepath.Join(os.TempDir(), "7rhf90239vhev90")
	defer os.Remove(path)
	os.Mkdir(path, os.ModePerm)

	r, err := dirEmpty(path)
	require.NoError(t, err)
	require.Equal(t, true, r)

	r, err = dirEmpty(os.TempDir())
	require.NoError(t, err)
	require.Equal(t, false, r)
}