package web

import (
	"bytes"
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"encoding/json"
	"encoding/pem"
	"net/http/httptest"
	"testing"

	"github.com/stretchr/testify/assert"
	"mokhan.ca/xlgmokha/idp/pkg/dto"
)

func TestOpenIdConfiguration(t *testing.T) {
	key, _ := rsa.GenerateKey(rand.Reader, 1024)
	b := new(bytes.Buffer)
	pem.Encode(b, &pem.Block{
		Type:  "RSA PRIVATE KEY",
		Bytes: x509.MarshalPKCS1PrivateKey(key),
	})

	h := NewHttpContext(&Configuration{
		Issuer:  "https://example.org",
		KeyData: b.Bytes(),
	})

	t.Run(".well-known/openid-configuration", func(t *testing.T) {
		w := httptest.NewRecorder()
		r := httptest.NewRequest("GET", "/.well-known/openid-configuration", nil)

		h.Router().ServeHTTP(w, r)

		assert.Equal(t, w.Header().Get("Content-Type"), "application/json")

		var c dto.OpenIdConfiguration
		json.NewDecoder(w.Body).Decode(&c)

		assert.Equal(t, c.Issuer, "https://example.org")
		assert.Equal(t, c.AuthorizationEndpoint, "https://example.org/authorize")
		assert.Equal(t, c.TokenEndpoint, "https://example.org/token")
		assert.Equal(t, c.UserInfoEndpoint, "https://example.org/userinfo")
		assert.Equal(t, c.JwksUri, "https://example.org/.well-known/jwks.json")
		assert.Equal(t, c.RevocationEndpoint, "https://example.org/revoke")
		assert.EqualValues(t, c.ScopesSupported, []string{"openid"})
		assert.EqualValues(t, c.ResponseTypesSupported, []string{
			"code id_token token",
			"code id_token",
			"code token",
			"code",
			"id_token token",
			"id_token",
		})
		assert.EqualValues(t, c.ResponseModesSupported, []string{
			"query",
			"fragment",
			"form_post",
		})
		assert.EqualValues(t, c.SubjectTypesSupported, []string{"public"})
		assert.EqualValues(t, c.IdTokenSigningAlgValuesSupported, []string{"RS256"})
		assert.EqualValues(t, c.ClaimsSupported, []string{
			"aud",
			"exp",
			"iat",
			"iss",
			"sub",
		})
	})
}