# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/

require 'rails_helper'

RSpec.describe SSLCertificate, :aggregate_failures, type: :model do

  let(:fixture)     { 'RootCA' }
  let(:certificate) { create(:ssl_certificate, fixture: fixture) }

  describe '.create' do
    context 'when certificate is RootCA' do

      it 'imports correctly' do
        expect(certificate)
          .to have_attributes(
            fingerprint: 'de4abd259187d7b5f2713ff7a97eb54dd5fe9d86',
            subject:     '/emailAddress=RootCA@example.com/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com',
            not_before:  Time.zone.parse('2023-08-01 09:47:39 UTC'),
            not_after:   Time.zone.parse('2043-07-27 09:47:39 UTC'),
          )
      end
    end

    context 'when certificate is IntermediateCA' do
      let(:fixture) { 'IntermediateCA' }

      it 'imports correctly' do
        expect(certificate)
          .to have_attributes(
            fingerprint: 'd1badcd237d6d2c6f0c62b5ccb21c2130b24855e',
            subject:     '/C=DE/ST=Berlin/O=Example Security/OU=IT Department/CN=example.com/emailAddress=IntermediateCA@example.com',
            not_before:  Time.zone.parse('2023-08-01 09:47:39 UTC'),
            not_after:   Time.zone.parse('2043-07-27 09:47:39 UTC'),
          )
      end
    end

    context 'when certificate is connection certificate' do
      let(:certificate_content) { File.read(Localhost::Authority.fetch('localhost').certificate_path) }
      let(:certificate)         { create(:ssl_certificate, certificate: certificate_content) }

      it 'imports correctly' do
        expect(certificate)
          .to have_attributes(
            subject: 'DNS:localhost'
          )
      end
    end
  end

  describe '#certificate_parsed' do
    context 'when certificate is valid' do
      it 'returns certificate' do
        expect(certificate.certificate_parsed).to be_an_instance_of(Certificate::X509::SSL)
      end
    end

    context 'when certificate is not valid' do
      it 'raises an error' do
        certificate.update_columns certificate: 'blablabla'
        certificate.instance_variable_set('@certificate_parsed', nil) # rubocop:disable Performance/StringIdentifierArgument

        expect { certificate.reload.certificate_parsed }.to raise_error 'This is not a valid X509 certificate. Please check the certificate format.'
      end
    end
  end

  describe 'validations' do
    describe 'certificate validation' do
      context 'when certificate is not valid' do
        let(:fixture)     { 'smime1@example.com' }
        let(:certificate) { build(:ssl_certificate, fixture: fixture) }

        it 'adds a base error' do
          certificate.save

          expect(certificate.errors[:base]).to be_present
        end
      end
    end
  end
end