// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package logical

import (
	"crypto/sha256"
	"encoding/base64"
	"encoding/json"
	"testing"
)

func TestJSONSerialization(t *testing.T) {
	tt := TokenTypeDefaultBatch
	s, err := json.Marshal(tt)
	if err != nil {
		t.Fatal(err)
	}

	var utt TokenType
	err = json.Unmarshal(s, &utt)
	if err != nil {
		t.Fatal(err)
	}

	if tt != utt {
		t.Fatalf("expected %v, got %v", tt, utt)
	}

	utt = TokenTypeDefault
	err = json.Unmarshal([]byte(`"default-batch"`), &utt)
	if err != nil {
		t.Fatal(err)
	}
	if tt != utt {
		t.Fatalf("expected %v, got %v", tt, utt)
	}

	// Test on an empty value, which should unmarshal into TokenTypeDefault
	tt = TokenTypeDefault
	err = json.Unmarshal([]byte(`""`), &utt)
	if err != nil {
		t.Fatal(err)
	}
	if tt != utt {
		t.Fatalf("expected %v, got %v", tt, utt)
	}
}

// TestCreateClientID verifies that CreateClientID uses the entity ID for a token
// entry if one exists, and creates an appropriate client ID otherwise.
func TestCreateClientID(t *testing.T) {
	entry := TokenEntry{NamespaceID: "namespaceFoo", Policies: []string{"bar", "baz", "foo", "banana"}}
	id, isTWE := entry.CreateClientID()
	if !isTWE {
		t.Fatalf("TWE token should return true value in isTWE bool")
	}
	expectedIDPlaintext := "banana" + string(SortedPoliciesTWEDelimiter) + "bar" +
		string(SortedPoliciesTWEDelimiter) + "baz" +
		string(SortedPoliciesTWEDelimiter) + "foo" + string(ClientIDTWEDelimiter) + "namespaceFoo"

	hashed := sha256.Sum256([]byte(expectedIDPlaintext))
	expectedID := base64.StdEncoding.EncodeToString(hashed[:])
	if expectedID != id {
		t.Fatalf("wrong ID: expected %s, found %s", expectedID, id)
	}
	// Test with entityID
	entry = TokenEntry{EntityID: "entityFoo", NamespaceID: "namespaceFoo", Policies: []string{"bar", "baz", "foo", "banana"}}
	id, isTWE = entry.CreateClientID()
	if isTWE {
		t.Fatalf("token with entity should return false value in isTWE bool")
	}
	if id != "entityFoo" {
		t.Fatalf("client ID should be entity ID")
	}

	// Test without namespace
	entry = TokenEntry{Policies: []string{"bar", "baz", "foo", "banana"}}
	id, isTWE = entry.CreateClientID()
	if !isTWE {
		t.Fatalf("TWE token should return true value in isTWE bool")
	}
	expectedIDPlaintext = "banana" + string(SortedPoliciesTWEDelimiter) + "bar" +
		string(SortedPoliciesTWEDelimiter) + "baz" +
		string(SortedPoliciesTWEDelimiter) + "foo" + string(ClientIDTWEDelimiter)

	hashed = sha256.Sum256([]byte(expectedIDPlaintext))
	expectedID = base64.StdEncoding.EncodeToString(hashed[:])
	if expectedID != id {
		t.Fatalf("wrong ID: expected %s, found %s", expectedID, id)
	}

	// Test without policies
	entry = TokenEntry{NamespaceID: "namespaceFoo"}
	id, isTWE = entry.CreateClientID()
	if !isTWE {
		t.Fatalf("TWE token should return true value in isTWE bool")
	}
	expectedIDPlaintext = "namespaceFoo"

	hashed = sha256.Sum256([]byte(expectedIDPlaintext))
	expectedID = base64.StdEncoding.EncodeToString(hashed[:])
	if expectedID != id {
		t.Fatalf("wrong ID: expected %s, found %s", expectedID, id)
	}
}