/*
 * Copyright (c) 2010 Remko Tronçon
 * Licensed under the GNU General Public License v3.
 * See Documentation/Licenses/GPLv3.txt for more information.
 */

#include "Swiften/Base/ByteArray.h"

#include <cppunit/extensions/HelperMacros.h>
#include <cppunit/extensions/TestFactoryRegistry.h>
#include <vector>

#include "Swiften/TLS/ServerIdentityVerifier.h"
#include "Swiften/TLS/SimpleCertificate.h"

using namespace Swift;

class ServerIdentityVerifierTest : public CppUnit::TestFixture {
		CPPUNIT_TEST_SUITE(ServerIdentityVerifierTest);
		CPPUNIT_TEST(testCertificateVerifies_WithoutMatchingDNSName);
		CPPUNIT_TEST(testCertificateVerifies_WithMatchingDNSName);
		CPPUNIT_TEST(testCertificateVerifies_WithSecondMatchingDNSName);
		CPPUNIT_TEST(testCertificateVerifies_WithMatchingInternationalDNSName);
		CPPUNIT_TEST(testCertificateVerifies_WithMatchingDNSNameWithWildcard);
		CPPUNIT_TEST(testCertificateVerifies_WithMatchingDNSNameWithWildcardMatchingNoComponents);
		CPPUNIT_TEST(testCertificateVerifies_WithDNSNameWithWildcardMatchingTwoComponents);
		CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithoutService);
		CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithService);
		CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithServiceAndWildcard);
		CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithDifferentService);
		CPPUNIT_TEST(testCertificateVerifies_WithMatchingXmppAddr);
		CPPUNIT_TEST(testCertificateVerifies_WithMatchingXmppAddrWithWildcard);
		CPPUNIT_TEST(testCertificateVerifies_WithMatchingInternationalXmppAddr);
		CPPUNIT_TEST(testCertificateVerifies_WithMatchingCNWithoutSAN);
		CPPUNIT_TEST(testCertificateVerifies_WithMatchingCNWithSAN);
		CPPUNIT_TEST_SUITE_END();

	public:
		void testCertificateVerifies_WithoutMatchingDNSName() {
			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addDNSName("foo.com");

			CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
		}

		void testCertificateVerifies_WithMatchingDNSName() {
			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addDNSName("bar.com");

			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
		}

		void testCertificateVerifies_WithSecondMatchingDNSName() {
			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addDNSName("foo.com");
			certificate->addDNSName("bar.com");

			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
		}

		void testCertificateVerifies_WithMatchingInternationalDNSName() {
			ServerIdentityVerifier testling(JID("foo@tron\xc3\xa7on.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addDNSName("xn--tronon-zua.com");

			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
		}

		void testCertificateVerifies_WithMatchingDNSNameWithWildcard() {
			ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addDNSName("*.bar.com");

			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
		}

		void testCertificateVerifies_WithMatchingDNSNameWithWildcardMatchingNoComponents() {
			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addDNSName("*.bar.com");

			CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
		}

		void testCertificateVerifies_WithDNSNameWithWildcardMatchingTwoComponents() {
			ServerIdentityVerifier testling(JID("foo@xmpp.im.bar.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addDNSName("*.bar.com");

			CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
		}

		void testCertificateVerifies_WithMatchingSRVNameWithoutService() {
			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addSRVName("bar.com");

			CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
		}

		void testCertificateVerifies_WithMatchingSRVNameWithService() {
			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addSRVName("_xmpp-client.bar.com");

			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
		}

		void testCertificateVerifies_WithMatchingSRVNameWithServiceAndWildcard() {
			ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addSRVName("_xmpp-client.*.bar.com");

			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
		}

		void testCertificateVerifies_WithMatchingSRVNameWithDifferentService() {
			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addSRVName("_xmpp-server.bar.com");

			CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
		}

		void testCertificateVerifies_WithMatchingXmppAddr() {
			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addXMPPAddress("bar.com");

			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
		}

		void testCertificateVerifies_WithMatchingXmppAddrWithWildcard() {
			ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addXMPPAddress("*.bar.com");

			CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
		}

		void testCertificateVerifies_WithMatchingInternationalXmppAddr() {
			ServerIdentityVerifier testling(JID("foo@tron\xc3\xa7.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addXMPPAddress("tron\xc3\xa7.com");

			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
		}

		void testCertificateVerifies_WithMatchingCNWithoutSAN() {
			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addCommonName("bar.com");

			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
		}

		void testCertificateVerifies_WithMatchingCNWithSAN() {
			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
			SimpleCertificate::ref certificate(new SimpleCertificate());
			certificate->addSRVName("foo.com");
			certificate->addCommonName("bar.com");

			CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
		}
};

CPPUNIT_TEST_SUITE_REGISTRATION(ServerIdentityVerifierTest);