#!/usr/bin/env python3
"""
Tests for the certificate verification functionality of the SSL Manager.

This module contains tests for verifying certificates after initialization.
"""

import os
import sys
import json
import tempfile
import unittest
from unittest.mock import patch, MagicMock

# Add the src directory to the Python path
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '../src')))

from ssl_manager import SSLManager


class TestCertVerification(unittest.TestCase):
    """Test cases for certificate verification functionality."""

    def setUp(self):
        """Set up test fixtures."""
        # Create a temporary directory for test files
        self.temp_dir = tempfile.TemporaryDirectory()
        
        # Sample config for testing
        self.test_config = {
            "cert_dir": self.temp_dir.name,
            "default_port": 8443,
            "connection_timeout": 5.0,
            "default_validity_days": 730,
            "key_size": 4096,
            "unifi": {
                "host": "test.unifi.local",
                "username": "testuser",
                "password": "testpass",
                "site": "testsite",
                "ssh_port": 2222,
                "ssh_username": "sshuser",
                "ssh_password": "sshpass",
                "ssh_key_path": "~/test-ssh-key"
            }
        }
        
        # Create a temporary config file
        self.config_path = os.path.join(self.temp_dir.name, "test_config.json")
        with open(self.config_path, 'w') as f:
            json.dump(self.test_config, f)

    def tearDown(self):
        """Tear down test fixtures."""
        # Clean up the temporary directory
        self.temp_dir.cleanup()

    def test_verify_current_certificate_missing(self):
        """Test verification when certificate is missing."""
        # Create an SSLManager with the test config
        ssl_manager = SSLManager(config_path=self.config_path)
        
        # Verify that cert_verification is set and indicates missing certificate
        self.assertIsNotNone(ssl_manager.cert_verification)
        self.assertEqual(ssl_manager.cert_verification['status'], 'Missing')
        self.assertFalse(ssl_manager.cert_verification['exists'])
        self.assertFalse(ssl_manager.cert_verification['valid'])

    @patch('ssl_manager.SSLManager.validate_cert_chain')
    def test_verify_current_certificate_valid(self, mock_validate):
        """Test verification when certificate is valid."""
        # Mock the validate_cert_chain method to return True
        mock_validate.return_value = True
        
        # Create a dummy certificate file
        cert_path = os.path.join(self.temp_dir.name, "test.unifi.local.crt")
        with open(cert_path, 'w') as f:
            f.write("-----BEGIN CERTIFICATE-----\nDummy Certificate\n-----END CERTIFICATE-----")
        
        # Create an SSLManager with the test config
        ssl_manager = SSLManager(config_path=self.config_path)
        
        # Verify that cert_verification is set and indicates valid certificate
        self.assertIsNotNone(ssl_manager.cert_verification)
        self.assertEqual(ssl_manager.cert_verification['status'], 'Valid')
        self.assertTrue(ssl_manager.cert_verification['exists'])
        self.assertTrue(ssl_manager.cert_verification['valid'])
        self.assertEqual(ssl_manager.cert_verification['cert_path'], cert_path)
        
        # Verify that validate_cert_chain was called with the correct path
        mock_validate.assert_called_once_with(cert_path)

    @patch('ssl_manager.SSLManager.validate_cert_chain')
    def test_verify_current_certificate_invalid(self, mock_validate):
        """Test verification when certificate is invalid."""
        # Mock the validate_cert_chain method to return False
        mock_validate.return_value = False
        
        # Create a dummy certificate file
        cert_path = os.path.join(self.temp_dir.name, "test.unifi.local.crt")
        with open(cert_path, 'w') as f:
            f.write("-----BEGIN CERTIFICATE-----\nDummy Certificate\n-----END CERTIFICATE-----")
        
        # Create an SSLManager with the test config
        ssl_manager = SSLManager(config_path=self.config_path)
        
        # Verify that cert_verification is set and indicates invalid certificate
        self.assertIsNotNone(ssl_manager.cert_verification)
        self.assertEqual(ssl_manager.cert_verification['status'], 'Invalid')
        self.assertTrue(ssl_manager.cert_verification['exists'])
        self.assertFalse(ssl_manager.cert_verification['valid'])
        self.assertEqual(ssl_manager.cert_verification['cert_path'], cert_path)
        
        # Verify that validate_cert_chain was called with the correct path
        mock_validate.assert_called_once_with(cert_path)

    def test_verify_current_certificate_no_host(self):
        """Test verification when no UniFi host is configured."""
        # Create a config with no UniFi host
        config_no_host = self.test_config.copy()
        config_no_host["unifi"]["host"] = ""
        
        # Create a temporary config file
        config_path_no_host = os.path.join(self.temp_dir.name, "test_config_no_host.json")
        with open(config_path_no_host, 'w') as f:
            json.dump(config_no_host, f)
        
        # Create an SSLManager with the modified config
        ssl_manager = SSLManager(config_path=config_path_no_host)
        
        # Verify that cert_verification is set and indicates not configured
        self.assertIsNotNone(ssl_manager.cert_verification)
        self.assertEqual(ssl_manager.cert_verification['status'], 'Not configured')
        self.assertFalse(ssl_manager.cert_verification['exists'])
        self.assertFalse(ssl_manager.cert_verification['valid'])


if __name__ == '__main__':
    unittest.main()