-module(x509_test).

-include_lib("eunit/include/eunit.hrl").

%% remove_poison_test_() ->
%%     {foreach,
%%      fun() -> {ok, Pem} = file:read(File), Pem end,
%%      fun(_) -> ok end,
%%      fun(ChainPem) ->
%%              [CleanPem = x509:detox_precert(ChainPem),
%%               ?_assertEqual(CleanPem, )]
%%                  }.

-include("x509_test.hrl").
valid_cert_test_() ->
    C0 = ?C0,
    C1 = ?C1,
    [
     %% Root not in chain but in trust store.
     ?_assertMatch(true, x509:valid_chain_p([C1], [C0], 10)),
     ?_assertMatch(true, x509:valid_chain_p([C1], [C0], 2)),
     %% Chain too long.
     ?_assertMatch(false, x509:valid_chain_p([C1], [C0], 1)),
     %% Root in chain and in trust store.
     ?_assertMatch(true, x509:valid_chain_p([C1], [C0, C1], 2)),
     %% Chain too long.
     ?_assertMatch(false, x509:valid_chain_p([C1], [C0, C1], 1)),
     %% Root not in trust store.
     ?_assertMatch(false, x509:valid_chain_p([], [C0, C1], 10)),
     %% Invalid signer.
     ?_assertMatch(false, x509:valid_chain_p([C0], [C0, C1], 10)),
     ?_assertMatch(false, x509:valid_chain_p([C0], [C1], 10)),
     %% Selfsigned. Actually OK.
     ?_assertMatch(true, x509:valid_chain_p([C0], [C0], 10)),
     ?_assertMatch(true, x509:valid_chain_p([C0], [C0], 1)),
     %% Max chain length 0 is not OK.
     ?_assertMatch(false, x509:valid_chain_p([C0], [C0], 0))
     %% ?_assertMatch(true, x509:valid_chain_p(certs_from_file(certfile(cabundle)),
     %%                                        certs_from_file(certfile(0)))),
     %% ?_assertEqual(false, x509:valid_chain_p(certs_from_file(certfile(cabundle)),
     %%                                         certs_from_file(certfile(1))))
    ].

certfile(cabundle) ->
    "../certs/testcerts/acceptable_roots.pem";
certfile(0) ->
    "../certs/testcerts/cert1.txt";
certfile(1) ->
    "../certs/testcerts/cert2.txt".

certs_from_file(Fname) ->
    {ok, Pems}  = file:read_file(Fname),
    public_key:pem_decode(Pems).