# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/

require 'rails_helper'

RSpec.describe 'SSL Verification', :aggregate_failures, authenticated_as: false, type: :system do
  let(:url)                { "https://#{Setting.get('fqdn')}/robots.txt" }
  let(:localhost_autority) { Localhost::Authority.fetch(CAPYBARA_HOSTNAME) }

  context 'without self-signed certificate present' do
    context 'with verify_ssl: true' do
      it 'UserAgent fails' do
        expect(UserAgent.get(url, {}, { verify_ssl: true })).not_to be_success
        expect(UserAgent.get(url, {}, { verify_ssl: true }).error).to include('certificate verify failed (self signed certificate)')
      end
    end

    context 'without verify_ssl' do
      it 'UserAgent fails' do
        expect(UserAgent.get(url)).not_to be_success
        expect(UserAgent.get(url).error).to include('certificate verify failed (self signed certificate)')
      end
    end

    context 'with verify_ssl: false' do
      it 'UserAgent succeeds' do
        expect(UserAgent.get(url, {}, { verify_ssl: false })).to be_success
      end
    end

  end

  context 'with self-signed certificate present' do

    before do
      create(:ssl_certificate, certificate: File.read(localhost_autority.certificate_path))
    end

    context 'with verify_ssl: true' do
      it 'UserAgent succeeds' do
        expect(UserAgent.get(url, {}, { verify_ssl: true })).to be_success
      end
    end

    context 'without verify_ssl: true' do
      it 'UserAgent succeeds' do
        expect(UserAgent.get(url)).to be_success
      end
    end

    context 'with verify_ssl: false' do
      it 'UserAgent succeeds' do
        expect(UserAgent.get(url, {}, { verify_ssl: false })).to be_success
      end
    end
  end

end