#
# Author:: Tyler Cloke (tyler@chef.io)
# Copyright:: Copyright 2015-2016, Chef Software, Inc
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

require "spec_helper"

require "chef/key"

describe Chef::Key do
  # whether user or client irrelevent to these tests
  let(:key) { Chef::Key.new("original_actor", "user") }
  let(:public_key_string) do
    <<~EOS
      -----BEGIN PUBLIC KEY-----
      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPo+oNPB7uuNkws0fC02
      KxSwdyqPLu0fhI1pOweNKAZeEIiEz2PkybathHWy8snSXGNxsITkf3eyvIIKa8OZ
      WrlqpI3yv/5DOP8HTMCxnFuMJQtDwMcevlqebX4bCxcByuBpNYDcAHjjfLGSfMjn
      E5lZpgYWwnpic4kSjYcL9ORK9nYvlWV9P/kCYmRhIjB4AhtpWRiOfY/TKi3P2LxT
      IjSmiN/ihHtlhV/VSnBJ5PzT/lRknlrJ4kACoz7Pq9jv+aAx5ft/xE9yDa2DYs0q
      Tfuc9dUYsFjptWYrV6pfEQ+bgo1OGBXORBFcFL+2D7u9JYquKrMgosznHoEkQNLo
      0wIDAQAB
      -----END PUBLIC KEY-----
    EOS
  end

  shared_examples_for "fields with username type validation" do
    context "when invalid input is passed" do
      # It is not feasible to check all invalid characters.  Here are a few
      # that we probably care about.
      it "should raise an ArgumentError" do
        # capital letters
        expect { key.send(field, "Bar") }.to raise_error(ArgumentError)
        # slashes
        expect { key.send(field, "foo/bar") }.to raise_error(ArgumentError)
        # ?
        expect { key.send(field, "foo?") }.to raise_error(ArgumentError)
        # &
        expect { key.send(field, "foo&") }.to raise_error(ArgumentError)
        # spaces
        expect { key.send(field, "foo ") }.to raise_error(ArgumentError)
      end
    end
  end

  shared_examples_for "string fields that are settable" do
    context "when it is set with valid input" do
      it "should set the field" do
        key.send(field, valid_input)
        expect(key.send(field)).to eq(valid_input)
      end
    end

    context "when you feed it anything but a string" do
      it "should raise an ArgumentError" do
        expect { key.send(field, {}) }.to raise_error(ArgumentError)
      end
    end
  end

  describe "when a new Chef::Key object is initialized with invalid input" do
    it "should raise an InvalidKeyArgument" do
      expect { Chef::Key.new("original_actor", "not_a_user_or_client") }.to raise_error(Chef::Exceptions::InvalidKeyArgument)
    end
  end

  describe "when a new Chef::Key object is initialized with valid input" do
    it "should be a Chef::Key" do
      expect(key).to be_a_kind_of(Chef::Key)
    end

    it "should properly set the actor" do
      expect(key.actor).to eq("original_actor")
    end
  end

  describe "when actor field is set" do
    it_should_behave_like "string fields that are settable" do
      let(:field) { :actor }
      let(:valid_input) { "new_field_value" }
    end

    it_should_behave_like "fields with username type validation" do
      let(:field) { :actor }
    end
  end

  describe "when the name field is set" do
    it_should_behave_like "string fields that are settable" do
      let(:field) { :name }
      let(:valid_input) { "new_field_value" }
    end
  end

  describe "when the private_key field is set" do
    it_should_behave_like "string fields that are settable" do
      let(:field) { :private_key }
      let(:valid_input) { "new_field_value" }
    end
  end

  describe "when the public_key field is set" do
    it_should_behave_like "string fields that are settable" do
      let(:field) { :public_key }
      let(:valid_input) { "new_field_value" }
    end

    context "when create_key is true" do
      before do
        key.create_key true
      end

      it "should raise an InvalidKeyAttribute" do
        expect { key.public_key public_key_string }.to raise_error(Chef::Exceptions::InvalidKeyAttribute)
      end
    end
  end

  describe "when the create_key field is set" do
    context "when it is set to true" do
      it "should set the field" do
        key.create_key(true)
        expect(key.create_key).to eq(true)
      end
    end

    context "when it is set to false" do
      it "should set the field" do
        key.create_key(false)
        expect(key.create_key).to eq(false)
      end
    end

    context "when anything but a TrueClass or FalseClass is passed" do
      it "should raise an ArgumentError" do
        expect { key.create_key "not_a_boolean" }.to raise_error(ArgumentError)
      end
    end

    context "when public_key is defined" do
      before do
        key.public_key public_key_string
      end

      it "should raise an InvalidKeyAttribute" do
        expect { key.create_key true }.to raise_error(Chef::Exceptions::InvalidKeyAttribute)
      end
    end
  end

  describe "when the expiration_date field is set" do
    context "when a valid date is passed" do
      it_should_behave_like "string fields that are settable" do
        let(:field) { :public_key }
        let(:valid_input) { "2020-12-24T21:00:00Z" }
      end
    end

    context "when infinity is passed" do
      it_should_behave_like "string fields that are settable" do
        let(:field) { :public_key }
        let(:valid_input) { "infinity" }
      end
    end

    context "when an invalid date is passed" do
      it "should raise an ArgumentError" do
        expect { key.expiration_date "invalid_date" }.to raise_error(ArgumentError)
        # wrong years
        expect { key.expiration_date "20-12-24T21:00:00Z" }.to raise_error(ArgumentError)
      end

      context "when it is a valid UTC date missing a Z" do
        it "should raise an ArgumentError" do
          expect { key.expiration_date "2020-12-24T21:00:00" }.to raise_error(ArgumentError)
        end
      end
    end
  end # when the expiration_date field is set

  describe "when serializing to JSON" do
    shared_examples_for "common json operations" do
      it "should serializes as a JSON object" do
        expect(json).to match(/^\{.+\}$/)
      end

      it "should include the actor value under the key relative to the actor_field_name passed" do
        expect(json).to include(%Q{"#{new_key.actor_field_name}":"original_actor"})
      end

      it "should include the name field when present" do
        new_key.name("monkeypants")
        expect(new_key.to_json).to include(%q{"name":"monkeypants"})
      end

      it "should not include the name if not present" do
        expect(json).to_not include("name")
      end

      it "should include the public_key field when present" do
        new_key.public_key "this_public_key"
        expect(new_key.to_json).to include(%q{"public_key":"this_public_key"})
      end

      it "should not include the public_key if not present" do
        expect(json).to_not include("public_key")
      end

      it "should include the private_key field when present" do
        new_key.private_key "this_public_key"
        expect(new_key.to_json).to include(%q{"private_key":"this_public_key"})
      end

      it "should not include the private_key if not present" do
        expect(json).to_not include("private_key")
      end

      it "should include the expiration_date field when present" do
        new_key.expiration_date "2020-12-24T21:00:00Z"
        expect(new_key.to_json).to include(%q{"expiration_date":"2020-12-24T21:00:00Z"})
      end

      it "should not include the expiration_date if not present" do
        expect(json).to_not include("expiration_date")
      end

      it "should include the create_key field when present" do
        new_key.create_key true
        expect(new_key.to_json).to include(%q{"create_key":true})
      end

      it "should not include the create_key if not present" do
        expect(json).to_not include("create_key")
      end
    end

    context "when key is for a user" do
      it_should_behave_like "common json operations" do
        let(:new_key) { Chef::Key.new("original_actor", "user") }
        let(:json) do
          new_key.to_json
        end
      end
    end

    context "when key is for a client" do
      it_should_behave_like "common json operations" do
        let(:new_key) { Chef::Key.new("original_actor", "client") }
        let(:json) do
          new_key.to_json
        end
      end
    end

  end # when serializing to JSON

  describe "when deserializing from JSON" do
    shared_examples_for "a deserializable object" do
      it "deserializes to a Chef::Key object" do
        expect(key).to be_a_kind_of(Chef::Key)
      end

      it "preserves the actor" do
        expect(key.actor).to eq("turtle")
      end

      it "preserves the name" do
        expect(key.name).to eq("key_name")
      end

      it "includes the public key if present" do
        expect(key.public_key).to eq(public_key_string)
      end

      it "includes the expiration_date if present" do
        expect(key.expiration_date).to eq("infinity")
      end

      it "includes the private_key if present" do
        expect(key.private_key).to eq("some_private_key")
      end

      it "includes the create_key if present" do
        expect(key_with_create_key_field.create_key).to eq(true)
      end
    end

    context "when deserializing a key for a user" do
      it_should_behave_like "a deserializable object" do
        let(:key) do
          o = { "user" => "turtle",
                "name" => "key_name",
                "public_key" => public_key_string,
                "private_key" => "some_private_key",
                "expiration_date" => "infinity" }
          Chef::Key.from_json(o.to_json)
        end
        let(:key_with_create_key_field) do
          o = { "user" => "turtle",
                "create_key" => true }
          Chef::Key.from_json(o.to_json)
        end
      end
    end

    context "when deserializing a key for a client" do
      it_should_behave_like "a deserializable object" do
        let(:key) do
          o = { "client" => "turtle",
                "name" => "key_name",
                "public_key" => public_key_string,
                "private_key" => "some_private_key",
                "expiration_date" => "infinity" }
          Chef::Key.from_json(o.to_json)
        end
        let(:key_with_create_key_field) do
          o = { "client" => "turtle",
                "create_key" => true }
          Chef::Key.from_json(o.to_json)
        end
      end
    end
  end # when deserializing from JSON

  describe "API Interactions" do
    let(:rest) do
      Chef::Config[:chef_server_root] = "http://www.example.com"
      Chef::Config[:chef_server_url] = "http://www.example.com/organizations/test_org"
      r = double("rest")
      allow(Chef::ServerAPI).to receive(:new).and_return(r)
      r
    end

    let(:user_key) do
      o = Chef::Key.new("foobar", "user")
      o
    end

    let(:client_key) do
      o = Chef::Key.new("foobar", "client")
      o
    end

    describe "list" do
      context "when listing keys for a user" do
        let(:response) { [{ "uri" => "http://www.example.com/users/keys/foobar", "name" => "foobar", "expired" => false }] }
        let(:inflated_response) { { "foobar" => user_key } }

        it "lists all keys" do
          expect(rest).to receive(:get).with("users/#{user_key.actor}/keys").and_return(response)
          expect(Chef::Key.list_by_user("foobar")).to eq(response)
        end

        it "inflate all keys" do
          allow(Chef::Key).to receive(:load_by_user).with(user_key.actor, "foobar").and_return(user_key)
          expect(rest).to receive(:get).with("users/#{user_key.actor}/keys").and_return(response)
          expect(Chef::Key.list_by_user("foobar", true)).to eq(inflated_response)
        end

      end

      context "when listing keys for a client" do
        let(:response) { [{ "uri" => "http://www.example.com/users/keys/foobar", "name" => "foobar", "expired" => false }] }
        let(:inflated_response) { { "foobar" => client_key } }

        it "lists all keys" do
          expect(rest).to receive(:get).with("clients/#{client_key.actor}/keys").and_return(response)
          expect(Chef::Key.list_by_client("foobar")).to eq(response)
        end

        it "inflate all keys" do
          allow(Chef::Key).to receive(:load_by_client).with(client_key.actor, "foobar").and_return(client_key)
          expect(rest).to receive(:get).with("clients/#{user_key.actor}/keys").and_return(response)
          expect(Chef::Key.list_by_client("foobar", true)).to eq(inflated_response)
        end

      end
    end

    describe "create" do
      shared_examples_for "create key" do
        context "when a field is missing" do
          it "should raise a MissingKeyAttribute" do
            expect { key.create }.to raise_error(Chef::Exceptions::MissingKeyAttribute)
          end
        end

        context "when the name field is missing" do
          before do
            key.public_key public_key_string
            key.expiration_date "2020-12-24T21:00:00Z"
          end

          it "creates a new key via the API with the fingerprint as the name" do
            expect(rest).to receive(:post).with(url,
              { "name" => "12:3e:33:73:0b:f4:ec:72:dc:f0:4c:51:62:27:08:76:96:24:f4:4a",
                "public_key" => key.public_key,
                "expiration_date" => key.expiration_date }).and_return({})
            key.create
          end
        end

        context "when every field is populated" do
          before do
            key.name "key_name"
            key.public_key public_key_string
            key.expiration_date "2020-12-24T21:00:00Z"
            key.create_key false
          end

          context "when create_key is false" do
            it "creates a new key via the API" do
              expect(rest).to receive(:post).with(url,
                { "name" => key.name,
                  "public_key" => key.public_key,
                  "expiration_date" => key.expiration_date }).and_return({})
              key.create
            end
          end

          context "when create_key is true and public_key is nil" do

            before do
              key.delete_public_key
              key.create_key true
              $expected_output = {
                actor_type => "foobar",
                "name" => key.name,
                "create_key" => true,
                "expiration_date" => key.expiration_date,
              }
              $expected_input = {
                "name" => key.name,
                "create_key" => true,
                "expiration_date" => key.expiration_date,
              }
            end

            it "should create a new key via the API" do
              expect(rest).to receive(:post).with(url, $expected_input).and_return({})
              key.create
            end

            context "when the server returns the private_key via key.create" do
              before do
                allow(rest).to receive(:post).with(url, $expected_input).and_return({ "private_key" => "this_private_key" })
              end

              it "key.create returns the original key plus the private_key" do
                expect(key.create.to_hash).to eq($expected_output.merge({ "private_key" => "this_private_key" }))
              end
            end
          end

          context "when create_key is false and public_key is nil" do
            before do
              key.delete_public_key
              key.create_key false
            end
            it "should raise an InvalidKeyArgument" do
              expect { key.create }.to raise_error(Chef::Exceptions::MissingKeyAttribute)
            end
          end
        end
      end

      context "when creating a user key" do
        it_should_behave_like "create key" do
          let(:url) { "users/#{key.actor}/keys" }
          let(:key) { user_key }
          let(:actor_type) { "user" }
        end
      end

      context "when creating a client key" do
        it_should_behave_like "create key" do
          let(:url) { "clients/#{client_key.actor}/keys" }
          let(:key) { client_key }
          let(:actor_type) { "client" }
        end
      end
    end # create

    describe "update" do
      shared_examples_for "update key" do
        context "when name is missing and no argument was passed to update" do
          it "should raise an MissingKeyAttribute" do
            expect { key.update }.to raise_error(Chef::Exceptions::MissingKeyAttribute)
          end
        end

        context "when some fields are populated" do
          before do
            key.name "key_name"
            key.expiration_date "2020-12-24T21:00:00Z"
          end

          it "should update the key via the API" do
            expect(rest).to receive(:put).with(url, key.to_hash).and_return({})
            key.update
          end
        end

        context "when @name is not nil and a arg is passed to update" do
          before do
            key.name "new_name"
          end

          it "passes @name in the body and the arg in the PUT URL" do
            expect(rest).to receive(:put).with(update_name_url, key.to_hash).and_return({})
            key.update("old_name")
          end
        end

        context "when the server returns a public_key and create_key is true" do
          before do
            key.name "key_name"
            key.create_key true
            allow(rest).to receive(:put).with(url, key.to_hash).and_return({
                                                                                  "key" => "key_name",
                                                                                  "public_key" => public_key_string,
                                                                                })

          end

          it "returns a key with public_key populated" do
            new_key = key.update
            expect(new_key.public_key).to eq(public_key_string)
          end

          it "returns a key without create_key set" do
            new_key = key.update
            expect(new_key.create_key).to be_nil
          end
        end
      end

      context "when updating a user key" do
        it_should_behave_like "update key" do
          let(:url) { "users/#{key.actor}/keys/#{key.name}" }
          let(:update_name_url) { "users/#{key.actor}/keys/old_name" }
          let(:key) { user_key }
        end
      end

      context "when updating a client key" do
        it_should_behave_like "update key" do
          let(:url) { "clients/#{client_key.actor}/keys/#{key.name}" }
          let(:update_name_url) { "clients/#{client_key.actor}/keys/old_name" }
          let(:key) { client_key }
        end
      end

    end # update

    describe "load" do
      shared_examples_for "load" do
        it "should load a named key from the API" do
          expect(rest).to receive(:get).with(url).and_return({ "user" => "foobar", "name" => "test_key_name", "public_key" => public_key_string, "expiration_date" => "infinity" })
          key = Chef::Key.send(load_method, "foobar", "test_key_name")
          expect(key.actor).to eq("foobar")
          expect(key.name).to eq("test_key_name")
          expect(key.public_key).to eq(public_key_string)
          expect(key.expiration_date).to eq("infinity")
        end
      end

      describe "load_by_user" do
        it_should_behave_like "load" do
          let(:load_method) { :load_by_user }
          let(:url) { "users/foobar/keys/test_key_name" }
        end
      end

      describe "load_by_client" do
        it_should_behave_like "load" do
          let(:load_method) { :load_by_client }
          let(:url) { "clients/foobar/keys/test_key_name" }
        end
      end

    end # load

    describe "destroy" do
      shared_examples_for "destroy key" do
        context "when name is missing" do
          it "should raise an MissingKeyAttribute" do
            expect { Chef::Key.new("username", "user").destroy }.to raise_error(Chef::Exceptions::MissingKeyAttribute)
          end
        end

        before do
          key.name "key_name"
        end
        context "when name is not missing" do
          it "should delete the key via the API" do
            expect(rest).to receive(:delete).with(url).and_return({})
            key.destroy
          end
        end
      end

      context "when destroying a user key" do
        it_should_behave_like "destroy key" do
          let(:url) { "users/#{key.actor}/keys/#{key.name}" }
          let(:key) { user_key }
        end
      end

      context "when destroying a client key" do
        it_should_behave_like "destroy key" do
          let(:url) { "clients/#{client_key.actor}/keys/#{key.name}" }
          let(:key) { client_key }
        end
      end
    end
  end # API Interactions
end