# vim: tabstop=4 shiftwidth=4 softtabstop=4

# Copyright 2013 Cloudbase Solutions Srl
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import importlib
import mock
import unittest

from cloudbaseinit import exception
from cloudbaseinit.plugins import base
from cloudbaseinit.plugins import constants

from oslo.config import cfg

CONF = cfg.CONF


class ConfigWinRMCertificateAuthPluginTests(unittest.TestCase):
    def setUp(self):
        self._ctypes_mock = mock.MagicMock()
        self._win32com_mock = mock.MagicMock()
        self._pywintypes_mock = mock.MagicMock()

        self._module_patcher = mock.patch.dict(
            'sys.modules',
            {'ctypes': self._ctypes_mock,
             'win32com': self._win32com_mock,
             'pywintypes': self._pywintypes_mock})
        self._module_patcher.start()

        self.winrmcert = importlib.import_module(
            'cloudbaseinit.plugins.windows.winrmcertificateauth')
        self._certif_auth = self.winrmcert.ConfigWinRMCertificateAuthPlugin()

    def tearDown(self):
        self._module_patcher.stop()

    def _test_get_credentials(self, fake_user, fake_password):
        mock_shared_data = mock.MagicMock()
        mock_shared_data.get.side_effect = [fake_user, fake_password]
        if fake_user is None or fake_password is None:
            self.assertRaises(exception.CloudbaseInitException,
                              self._certif_auth._get_credentials,
                              mock_shared_data)
        else:
            response = self._certif_auth._get_credentials(mock_shared_data)
            expected = [mock.call(constants.SHARED_DATA_USERNAME),
                        mock.call(constants.SHARED_DATA_PASSWORD)]
            self.assertEqual(expected, mock_shared_data.get.call_args_list)

            mock_shared_data.__setitem__.assert_called_once_with(
                'admin_password', None)

            self.assertEqual((fake_user, fake_password), response)

    def test_test_get_credentials(self):
        self._test_get_credentials(fake_user='fake user',
                                   fake_password='fake password')

    def test_test_get_credentials_no_user(self):
        self._test_get_credentials(fake_user=None,
                                   fake_password='fake password')

    def test_test_get_credentials_no_password(self):
        self._test_get_credentials(fake_user='fake user',
                                   fake_password=None)

    @mock.patch('cloudbaseinit.plugins.windows.winrmcertificateauth'
                '.ConfigWinRMCertificateAuthPlugin._get_credentials')
    @mock.patch('cloudbaseinit.utils.windows.winrmconfig.WinRMConfig')
    @mock.patch('cloudbaseinit.utils.windows.x509.CryptoAPICertManager.'
                'import_cert')
    def _test_execute(self, mock_import_cert, mock_WinRMConfig,
                      mock_get_credentials, cert_data, cert_upn):
        mock_service = mock.MagicMock()
        mock_cert_thumprint = mock.MagicMock()
        fake_credentials = ('fake user', 'fake password')
        mock_get_credentials.return_value = fake_credentials
        mock_import_cert.return_value = (mock_cert_thumprint, cert_upn)
        mock_WinRMConfig.get_cert_mapping.return_value = True
        mock_service.get_client_auth_certs.return_value = [cert_data]

        response = self._certif_auth.execute(mock_service,
                                             shared_data='fake data')
        mock_service.get_client_auth_certs.assert_called_once_with()
        if not cert_data:
            self.assertEqual((base.PLUGIN_EXECUTION_DONE, False), response)
        else:
            mock_get_credentials.assert_called_once_with('fake data')
            mock_import_cert.assert_called_once_with(
                cert_data, store_name=self.winrmcert.x509.STORE_NAME_ROOT)

            mock_WinRMConfig().set_auth_config.assert_called_once_with(
                certificate=True)
            mock_WinRMConfig().get_cert_mapping.assert_called_once_with(
                mock_cert_thumprint, cert_upn)
            mock_WinRMConfig().delete_cert_mapping.assert_called_once_with(
                mock_cert_thumprint, cert_upn)
            mock_WinRMConfig().create_cert_mapping.assert_called_once_with(
                mock_cert_thumprint, cert_upn, 'fake user',
                'fake password')
            self.assertEqual((base.PLUGIN_EXECUTION_DONE, False), response)

    def test_execute(self):
        cert_data = 'fake cert data'
        cert_upn = mock.MagicMock()
        self._test_execute(cert_data=cert_data, cert_upn=cert_upn)

    def test_execute_no_cert_data(self):
        cert_upn = mock.MagicMock()
        self._test_execute(cert_data=None, cert_upn=cert_upn)