// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
// Any copyright is dedicated to the Public Domain.
// http://creativecommons.org/publicdomain/zero/1.0/
"use strict";

// Tests that the client authentication certificate chooser correctly displays
// provided information and correctly returns user input.

const TEST_HOSTNAME = "Test Hostname";
const TEST_ORG = "Test Org";
const TEST_ISSUER_ORG = "Test Issuer Org";
const TEST_PORT = 123;

var certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
  Ci.nsIX509CertDB
);
/**
 * Test certificate (i.e. build/pgo/certs/mochitest.client).
 *
 * @type {nsIX509Cert}
 */
var cert;

/**
 * Opens the client auth cert chooser dialog.
 *
 * @param {nsIX509Cert} cert The cert to pass to the dialog for display.
 * @returns {Promise}
 *          A promise that resolves when the dialog has finished loading, with
 *          an array consisting of:
 *            1. The window of the opened dialog.
 *            2. The return value nsIWritablePropertyBag2 passed to the dialog.
 */
function openClientAuthDialog(cert) {
  let certList = Cc["@mozilla.org/array;1"].createInstance(Ci.nsIMutableArray);
  certList.appendElement(cert);

  let returnVals = Cc["@mozilla.org/hash-property-bag;1"].createInstance(
    Ci.nsIWritablePropertyBag2
  );
  let win = window.openDialog(
    "chrome://pippki/content/clientauthask.xhtml",
    "",
    "",
    TEST_HOSTNAME,
    TEST_ORG,
    TEST_ISSUER_ORG,
    TEST_PORT,
    certList,
    returnVals
  );
  return TestUtils.topicObserved("cert-dialog-loaded").then(() => [
    win,
    returnVals,
  ]);
}

/**
 * Checks that the contents of the given cert chooser dialog match the details
 * of build/pgo/certs/mochitest.client.
 *
 * @param {window} win The cert chooser window.
 * @param {string} notBefore
 *        The formatted notBefore date of mochitest.client.
 * @param {string} notAfter
 *        The formatted notAfter date of mochitest.client.
 */
function checkDialogContents(win, notBefore, notAfter) {
  is(
    win.document.getElementById("hostname").textContent,
    `${TEST_HOSTNAME}:${TEST_PORT}`,
    "Actual and expected hostname and port should be equal"
  );
  is(
    win.document.getElementById("organization").textContent,
    `Organization: “${TEST_ORG}”`,
    "Actual and expected organization should be equal"
  );
  is(
    win.document.getElementById("issuer").textContent,
    `Issued Under: “${TEST_ISSUER_ORG}”`,
    "Actual and expected issuer organization should be equal"
  );

  is(
    win.document.getElementById("nicknames").label,
    "Mochitest client [03]",
    "Actual and expected selected cert nickname and serial should be equal"
  );
  is(
    win.document.getElementById("nicknames").itemCount,
    1,
    "correct number of items"
  );

  let [subject, serialNum, validity, issuer, tokenName] = win.document
    .getElementById("details")
    .value.split("\n");
  is(
    subject,
    "Issued to: CN=Mochitest client",
    "Actual and expected subject should be equal"
  );
  is(
    serialNum,
    "Serial number: 03",
    "Actual and expected serial number should be equal"
  );
  is(
    validity,
    `Valid from ${notBefore} to ${notAfter}`,
    "Actual and expected validity should be equal"
  );
  is(
    issuer,
    "Issued by: OU=Profile Guided Optimization,O=Mozilla Testing,CN=Temporary Certificate Authority",
    "Actual and expected issuer should be equal"
  );
  is(
    tokenName,
    "Stored on: Software Security Device",
    "Actual and expected token name should be equal"
  );
}

function findCertByCommonName(commonName) {
  for (let cert of certDB.getCerts()) {
    if (cert.commonName == commonName) {
      return cert;
    }
  }
  return null;
}

add_setup(async function () {
  cert = findCertByCommonName("Mochitest client");
  isnot(cert, null, "Should be able to find the test client cert");
});

// Test that the contents of the dialog correspond to the details of the
// provided cert.
add_task(async function testContents() {
  const formatter = new Intl.DateTimeFormat(undefined, {
    dateStyle: "medium",
    timeStyle: "long",
  });
  let [win] = await openClientAuthDialog(cert);
  checkDialogContents(
    win,
    formatter.format(new Date(cert.validity.notBefore / 1000)),
    formatter.format(new Date(cert.validity.notAfter / 1000))
  );
  await BrowserTestUtils.closeWindow(win);
});

// Test that the right values are returned when the dialog is accepted.
add_task(async function testAcceptDialogReturnValues() {
  let [win, retVals] = await openClientAuthDialog(cert);
  win.document.getElementById("rememberBox").checked = true;
  info("Accepting dialog");
  win.document.getElementById("certAuthAsk").acceptDialog();
  await BrowserTestUtils.windowClosed(win);

  ok(
    retVals.get("certChosen"),
    "Return value should signal user chose a certificate"
  );
  is(
    retVals.get("selectedIndex"),
    0,
    "0 should be returned as the selected index"
  );
  ok(
    retVals.get("rememberSelection"),
    "Return value should signal 'Remember this decision' checkbox was checked"
  );
});

// Test that the right values are returned when the dialog is canceled.
add_task(async function testCancelDialogReturnValues() {
  let [win, retVals] = await openClientAuthDialog(cert);
  win.document.getElementById("rememberBox").checked = false;
  info("Canceling dialog");
  win.document.getElementById("certAuthAsk").cancelDialog();
  await BrowserTestUtils.windowClosed(win);

  ok(
    !retVals.get("certChosen"),
    "Return value should signal user did not choose a certificate"
  );
  ok(
    !retVals.get("rememberSelection"),
    "Return value should signal 'Remember this decision' checkbox was unchecked"
  );
});