package pki

import (
	"crypto/elliptic"
	"crypto/x509/pkix"
	"math/big"
	"reflect"
	"testing"
)

var (
	TestCertificateData = CertificateData{
		Subject:  pkix.Name{CommonName: "foobar"},
		DNSNames: []string{"foo.bar", "example.com"},
	}
)

func TestCertificateCreation(t *testing.T) {
	ed25519Key, err := NewPrivateKeyEd25519()
	if err != nil {
		t.Errorf("cert: creating private key ed25519 failed: %s", err)
	}
	ecdsaKey, err := NewPrivateKeyEcdsa(elliptic.P224())
	if err != nil {
		t.Errorf("cert: creating private key ecdsa failed: %s", err)
	}
	rsaKey, err := NewPrivateKeyRsa(1024)
	if err != nil {
		t.Errorf("cert: creating private key rsa failed: %s", err)
	}

	for _, pk := range []PrivateKey{rsaKey, ecdsaKey, ed25519Key} {
		csr, err := TestCertificateData.ToCertificateRequest(pk)
		if err != nil {
			t.Errorf("cert: creating csr failed: %s", err)
		}

		cert_opts := CertificateOptions{
			// KeyUsage:  x509.KeyUsageEncipherOnly | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign,
			SerialNumber: big.NewInt(1),
			CALength:     -1,
		}

		cert, err := csr.ToCertificate(pk, cert_opts, nil)
		if err != nil {
			t.Errorf("cert: creating cert failed: %s", err)
		}

		if !fieldsAreSame(TestCertificateData, cert) {
			t.Errorf("cert: Fields are not the same")
		}
	}
}

func fieldsAreSame(data CertificateData, cert *Certificate) bool {
	if cert == nil {
		return false
	}
	if data.Subject.CommonName != cert.Subject.CommonName {
		return false
	}
	if !reflect.DeepEqual(data.Subject.Country, cert.Subject.Country) {
		return false
	}
	if !reflect.DeepEqual(data.DNSNames, cert.DNSNames) {
		return false
	}
	if !reflect.DeepEqual(data.IPAddresses, cert.IPAddresses) {
		return false
	}
	if !reflect.DeepEqual(data.EmailAddresses, cert.EmailAddresses) {
		return false
	}
	return true
}