package pki

import (
	"os"
	"path/filepath"
	"testing"
)

func TestGenerateCA(t *testing.T) {
	// Create a temporary directory for the test
	tempDir, err := os.MkdirTemp("", "kat-pki-test")
	if err != nil {
		t.Fatalf("Failed to create temp directory: %v", err)
	}
	defer os.RemoveAll(tempDir)

	// Define paths for CA key and certificate
	keyPath := filepath.Join(tempDir, "ca.key")
	certPath := filepath.Join(tempDir, "ca.crt")

	// Generate CA
	err = GenerateCA(tempDir, keyPath, certPath)
	if err != nil {
		t.Fatalf("GenerateCA failed: %v", err)
	}

	// Verify files exist
	if _, err := os.Stat(keyPath); os.IsNotExist(err) {
		t.Errorf("CA key file was not created at %s", keyPath)
	}
	if _, err := os.Stat(certPath); os.IsNotExist(err) {
		t.Errorf("CA certificate file was not created at %s", certPath)
	}

	// Load and verify CA certificate
	caCert, err := LoadCACertificate(certPath)
	if err != nil {
		t.Fatalf("Failed to load CA certificate: %v", err)
	}

	// Verify CA properties
	if !caCert.IsCA {
		t.Errorf("Certificate is not marked as CA")
	}
	if caCert.Subject.CommonName != "KAT Root CA" {
		t.Errorf("Unexpected CA CommonName: got %s, want %s", caCert.Subject.CommonName, "KAT Root CA")
	}
	if len(caCert.Subject.Organization) == 0 || caCert.Subject.Organization[0] != "KAT System" {
		t.Errorf("Unexpected CA Organization: got %v, want [KAT System]", caCert.Subject.Organization)
	}

	// Load and verify CA key
	_, err = LoadCAPrivateKey(keyPath)
	if err != nil {
		t.Fatalf("Failed to load CA private key: %v", err)
	}
}

func TestGetPKIPathFromClusterConfig(t *testing.T) {
	// Test with empty backup path
	pkiPath := GetPKIPathFromClusterConfig("")
	if pkiPath != DefaultPKIDir {
		t.Errorf("Expected default PKI path %s, got %s", DefaultPKIDir, pkiPath)
	}

	// Test with backup path
	backupPath := "/opt/kat/backups"
	expectedPKIPath := "/opt/kat/pki"
	pkiPath = GetPKIPathFromClusterConfig(backupPath)
	if pkiPath != expectedPKIPath {
		t.Errorf("Expected PKI path %s, got %s", expectedPKIPath, pkiPath)
	}
}