package certutil

import (
	"fmt"
	"io/ioutil"
	"testing"

	"github.com/stretchr/testify/assert"
)

func TestLoadOriginCert(t *testing.T) {
	cert, err := DecodeOriginCert([]byte{})
	assert.Equal(t, fmt.Errorf("Cannot decode empty certificate"), err)
	assert.Nil(t, cert)

	blocks, err := ioutil.ReadFile("test-cert-unknown-block.pem")
	assert.Nil(t, err)
	cert, err = DecodeOriginCert(blocks)
	assert.Equal(t, fmt.Errorf("Unknown block RSA PRIVATE KEY in the certificate"), err)
	assert.Nil(t, cert)
}

func TestJSONArgoTunnelTokenEmpty(t *testing.T) {
	cert, err := DecodeOriginCert([]byte{})
	blocks, err := ioutil.ReadFile("test-cert-no-token.pem")
	assert.Nil(t, err)
	cert, err = DecodeOriginCert(blocks)
	assert.Equal(t, fmt.Errorf("Missing token in the certificate"), err)
	assert.Nil(t, cert)
}

func TestJSONArgoTunnelToken(t *testing.T) {
	// The given cert's Argo Tunnel Token was generated by base64 encoding this JSON:
	// {
	// "zoneID": "7b0a4d77dfb881c1a3b7d61ea9443e19",
	// "apiToken": "test-service-key",
	// "accountID": "abcdabcdabcdabcd1234567890abcdef"
	// }
	CloudflareTunnelTokenTest(t, "test-cloudflare-tunnel-cert-json.pem")
}

func CloudflareTunnelTokenTest(t *testing.T, path string) {
	blocks, err := ioutil.ReadFile(path)
	assert.Nil(t, err)
	cert, err := DecodeOriginCert(blocks)
	assert.Nil(t, err)
	assert.NotNil(t, cert)
	assert.Equal(t, "7b0a4d77dfb881c1a3b7d61ea9443e19", cert.ZoneID)
	key := "test-service-key"
	assert.Equal(t, key, cert.APIToken)
}