package config

import (
	"encoding/base64"
	"net/http"
	"net/http/httptest"
	"testing"

	"github.com/stretchr/testify/assert"
)

// this cert is the cert used by httptest when creating a TLS server
var localCert = `
-----BEGIN CERTIFICATE-----
MIICEzCCAXygAwIBAgIQMIMChMLGrR+QvmQvpwAU6zANBgkqhkiG9w0BAQsFADAS
MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw
MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDuLnQAI3mDgey3VBzWnB2L39JUU4txjeVE6myuDqkM/uGlfjb9SjY1bIw4
iA5sBBZzHi3z0h1YV8QPuxEbi4nW91IJm2gsvvZhIrCHS3l6afab4pZBl2+XsDul
rKBxKKtD1rGxlG4LjncdabFn9gvLZad2bSysqz/qTAUStTvqJQIDAQABo2gwZjAO
BgNVHQ8BAf8EBAMCAqQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUw
AwEB/zAuBgNVHREEJzAlggtleGFtcGxlLmNvbYcEfwAAAYcQAAAAAAAAAAAAAAAA
AAAAATANBgkqhkiG9w0BAQsFAAOBgQCEcetwO59EWk7WiJsG4x8SY+UIAA+flUI9
tyC4lNhbcF2Idq9greZwbYCqTTTr2XiRNSMLCOjKyI7ukPoPjo16ocHj+P3vZGfs
h1fIw3cSS2OolhloGw/XM6RWPWtPAlGykKLciQrBru5NAPvCMsb/I1DAceTiotQM
fblo6RBxUQ==
-----END CERTIFICATE-----
`

func TestHTTPTransport(t *testing.T) {
	s := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(http.StatusOK)
	}))
	defer s.Close()

	src := NewStaticSource(&Config{
		Options: &Options{
			CA: base64.StdEncoding.EncodeToString([]byte(localCert)),
		},
	})
	transport := NewHTTPTransport(src)
	client := &http.Client{
		Transport: transport,
	}
	_, err := client.Get(s.URL)
	assert.NoError(t, err)
}

func TestPolicyHTTPTransport(t *testing.T) {
	s := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(http.StatusOK)
	}))
	defer s.Close()

	get := func(options *Options, policy *Policy) (*http.Response, error) {
		transport := NewPolicyHTTPTransport(options, policy, false)
		client := &http.Client{
			Transport: transport,
		}
		return client.Get(s.URL)
	}

	t.Run("default", func(t *testing.T) {
		_, err := get(&Options{}, &Policy{})
		assert.Error(t, err)
	})
	t.Run("skip verify", func(t *testing.T) {
		_, err := get(&Options{}, &Policy{TLSSkipVerify: true})
		assert.NoError(t, err)
	})
	t.Run("ca", func(t *testing.T) {
		_, err := get(&Options{
			CA: base64.StdEncoding.EncodeToString([]byte(localCert)),
		}, &Policy{})
		assert.NoError(t, err)
	})
	t.Run("custom ca", func(t *testing.T) {
		_, err := get(&Options{}, &Policy{
			TLSCustomCA: base64.StdEncoding.EncodeToString([]byte(localCert)),
		})
		assert.NoError(t, err)
	})
}