from __future__ import annotations

import subprocess
from pathlib import Path
from tempfile import TemporaryDirectory

from django import forms
from django.test import SimpleTestCase

from pobsync_backend.forms import normalize_private_key, validate_ssh_private_key


class SshCredentialValidationTests(SimpleTestCase):
    def test_normalize_private_key_repairs_wrapped_openssh_body(self) -> None:
        with TemporaryDirectory() as tmp:
            key_path = Path(tmp) / "identity"
            subprocess.run(
                ["ssh-keygen", "-t", "ed25519", "-N", "", "-C", "test", "-f", str(key_path)],
                check=True,
                stdout=subprocess.PIPE,
                stderr=subprocess.PIPE,
                text=True,
            )
            private_key = key_path.read_text(encoding="utf-8")

        begin_marker = "-----BEGIN OPENSSH PRIVATE KEY-----"
        end_marker = "-----END OPENSSH PRIVATE KEY-----"
        body = private_key.split(begin_marker, 1)[1].split(end_marker, 1)[0]
        damaged_body = " \n ".join(body.split())
        damaged_key = f"{begin_marker}\n{damaged_body}\n{end_marker}"

        normalized_key = normalize_private_key(damaged_key)

        self.assertEqual(validate_ssh_private_key(normalized_key), validate_ssh_private_key(private_key))

    def test_validate_private_key_rejects_pem_key_with_actionable_message(self) -> None:
        with self.assertRaises(forms.ValidationError) as exc:
            validate_ssh_private_key("-----BEGIN RSA PRIVATE KEY-----\nabc\n-----END RSA PRIVATE KEY-----")

        self.assertIn("PEM private keys are not supported", str(exc.exception))