package changeset

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha256"
	"encoding/json"
	"os"
	"testing"

	"golang.org/x/crypto/ssh"
	"golang.org/x/crypto/ssh/agent"
)

func sha256sum(data []byte) []byte {
	h := sha256.New()
	h.Write(data)
	return h.Sum(nil)
}

func TestChangeSetSimpleValidate(t *testing.T) {
	a := agent.NewKeyring()
	key, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		t.Fatal(err)
	}

	err = a.Add(agent.AddedKey{
		PrivateKey: key,
	})
	if err != nil {
		t.Fatal(err)
	}

	slugLoc := "../var/thoth.md"
	data, err := os.ReadFile(slugLoc)
	if err != nil {
		t.Fatal(err)
	}

	checksum := sha256sum(data)
	var sigs []*ssh.Signature
	var pubkeys []ssh.PublicKey
	aPubkeys, err := a.List()
	if err != nil {
		t.Fatal(err)
	}

	for _, ak := range aPubkeys {
		pubkeys = append(pubkeys, ak)
	}

	for _, ak := range pubkeys {
		sig, err := a.Sign(ak, checksum)
		if err != nil {
			t.Fatal(err)
		}

		sig.Rest = []byte(ssh.FingerprintSHA256(ak))

		sigs = append(sigs, sig)
	}

	cs := ChangeSet{
		Metadata: Metadata{
			Name:       "test",
			Version:    "test",
			Hash:       checksum,
			Signatures: sigs,
		},
		SlugFile: slugLoc,
	}

	enc := json.NewEncoder(os.Stdout)
	enc.SetIndent("", "  ")
	enc.Encode(cs)

	err = cs.Validate(pubkeys, 1)
	if err != nil {
		t.Fatal(err)
	}
}