package sigcred

import (
	"dehub.dev/src/dehub.git/fs"
	"math/rand"
	"testing"
	"time"
)

// There are not currently tests for testing pgp signature creation, as they
// require calls out to the gpg executable. Wrapping tests in docker containers
// would make this doable.

func TestPGPVerification(t *testing.T) {
	tests := []struct {
		descr string
		init  func(pubKeyBody []byte) (SignifierInterface, fs.FS)
	}{
		{
			descr: "SignifierPGP",
			init: func(pubKeyBody []byte) (SignifierInterface, fs.FS) {
				return SignifierPGP{Body: string(pubKeyBody)}, nil
			},
		},
		{
			descr: "SignifierPGPFile",
			init: func(pubKeyBody []byte) (SignifierInterface, fs.FS) {
				pubKeyPath := "some/dir/pubkey.asc"
				fs := fs.Stub{pubKeyPath: pubKeyBody}
				sigPGPFile := SignifierPGPFile{Path: pubKeyPath}
				return sigPGPFile, fs
			},
		},
	}

	for _, test := range tests {
		t.Run(test.descr, func(t *testing.T) {
			seed := time.Now().UnixNano()
			t.Logf("seed: %d", seed)
			rand := rand.New(rand.NewSource(seed))
			privKey, pubKeyBody := SignifierPGPTmp("foo", rand)

			sig, fs := test.init(pubKeyBody)
			data := make([]byte, rand.Intn(1024))
			if _, err := rand.Read(data); err != nil {
				t.Fatal(err)
			}

			cred, err := privKey.Sign(nil, data)
			if err != nil {
				t.Fatal(err)
			}

			signed, err := sig.Signed(fs, cred)
			if err != nil {
				t.Fatal(err)
			} else if !signed {
				t.Fatal("expected signed to be true")
			}

			if err := sig.Verify(fs, data, cred); err != nil {
				t.Fatal(err)
			}
		})
	}
}