package main

import (
	"strings"
	"testing"
)

func TestVerifySSHKeyOk(t *testing.T) {
	ok_key_keys := []string{
		"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLQlYF3LXI/CMX/yPWRboNiUI6qj+K6/kD6tu+di9zRwtN5jzGh5DTJ2ZaQeDIS8cED62jW7KJySoeMMWRA0W//rp8aRKL7cHWVWEkd2maEmwzdUKx18OoDMqT8wNRd9K66lxUv4lHX9mbM1gd1f3uwgUZMSiIq6p/wh2n/GozFocvasq8Bugl2epLxncnKoDqJIUMUpQUmTI9G7b2pLpI8OCKkoF7VKVrH1nt0yvboZ/4sQ/EYoKj/9/Surqnx/VTs3pfs/gKxw53bMVLN6W4i2FjW4EfN8Cs0zjaddjVaCYRnDmCQQZUckS9/E+rhJGAaD6xNxpP93dwkgqQyj2t markus@comment",
		"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLQlYF3LXI/CMX/yPWRboNiUI6qj+K6/kD6tu+di9zRwtN5jzGh5DTJ2ZaQeDIS8cED62jW7KJySoeMMWRA0W//rp8aRKL7cHWVWEkd2maEmwzdUKx18OoDMqT8wNRd9K66lxUv4lHX9mbM1gd1f3uwgUZMSiIq6p/wh2n/GozFocvasq8Bugl2epLxncnKoDqJIUMUpQUmTI9G7b2pLpI8OCKkoF7VKVrH1nt0yvboZ/4sQ/EYoKj/9/Surqnx/VTs3pfs/gKxw53bMVLN6W4i2FjW4EfN8Cs0zjaddjVaCYRnDmCQQZUckS9/E+rhJGAaD6xNxpP93dwkgqQyj2t",
		"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKuZUxgv5fOU/HXi9NQDcqec06ut+6CTItzlPmgJHZm+ markus@test",
	}

	var err error
	for _, key := range ok_key_keys {
		err = validateSSHkey(key)
		if err != nil {
			t.Error(err)
		}

	}
}

func TestVerifySSHKeyNoSpaces(t *testing.T) {
	err := validateSSHkey("badkey")
	if err == nil {
		t.Error("Key 'badkey' should fail validation")
	}

	if !strings.Contains(err.Error(), "invalid") {
		t.Errorf("Error message should include invalid, but was '%s'", err.Error())
	}
}

func TestVerifySSHKeyNotBase64(t *testing.T) {
	b64_missing_padding := "ssh-rsa dGVzdAo"
	err := validateSSHkey(b64_missing_padding)
	if err == nil {
		t.Errorf("'%s' should fail b64 validation", b64_missing_padding)
	}

	if !strings.Contains(err.Error(), "base64") {
		t.Errorf("Error message should include base64, but was '%s'", err.Error())
	}
}

func TestVerifySSHKeyWrongFormatDSS(t *testing.T) {
	it := "ssh-dss dGVzdAo="
	err := validateSSHkey(it)
	if err == nil {
		t.Errorf("'%s' should fail key format validation", it)
	}

	if !strings.Contains(err.Error(), "format") {
		t.Errorf("Error message should include format, but was '%s'", err.Error())
	}
}

func TestVerifySSHKeyWrongFormatECDSA(t *testing.T) {
	it := "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHeiQG8vUVsIjQdN0O/ovg/NTERdT+KA0JQTNDSNh65Q+XFuw8j0MhbTLHk/yXWJqBp7Vn6eiuPYXJac75P2BJjiQGi0UlfNXpTeYEG48Sdeo4pfguEwbyfnWMDWj4f86k/UjD2bUJBpXVQNs82j0weOG4+SqkA7cFz/E6e7eEfkATVaA== markus@test"
	err := validateSSHkey(it)
	if err == nil {
		t.Errorf("'%s' should fail key format validation", it)
	}

	if !strings.Contains(err.Error(), "format") {
		t.Errorf("Error message should include format, but was '%s'", err.Error())
	}
}

func TestVerifySSHKeyRSAKeyToSmall(t *testing.T) {
	short_rsa := "ssh-rsa dGVzdAo="
	err := validateSSHkey(short_rsa)
	if err == nil {
		t.Errorf("'%s' should fail bit length validation", short_rsa)
	}

	if !strings.Contains(err.Error(), "2048 bit") {
		t.Errorf("Error message should include 2048 bit, but was '%s'", err.Error())
	}

	if !strings.Contains(err.Error(), "Was: 32") {
		t.Errorf("Error message should include original bit length (32), but was '%s'", err.Error())
	}
}

func TestCalcFingerprint(t *testing.T) {
	key := "AAAAC3NzaC1lZDI1NTE5AAAAIKuZUxgv5fOU/HXi9NQDcqec06ut+6CTItzlPmgJHZm+"
	real_fingerprint := "SHA256:Rw71nETy5eL5J7ZK2QZfCZmp6e940ljBesD2COTG4Us="

	fingerprint := calculateFingerprint(key)

	if fingerprint != real_fingerprint {
		t.Errorf("Fingerprint is calculated wrong. Expected: %s, Got: %s", real_fingerprint, fingerprint)
	}
}