package notarize_test

import (
	"context"
	"errors"
	"reflect"
	"strings"
	"testing"

	"lmika.dev/actions/wails-release/internal/notarize"
	"lmika.dev/actions/wails-release/internal/runner"
)

func TestSubmit_APIKeyArgs(t *testing.T) {
	f := &runner.Fake{}
	f.On("xcrun", nil).Return([]byte(`{"id":"sub-1","status":"Accepted"}`), nil)

	err := notarize.Submit(context.Background(), f, notarize.Opts{
		ZipPath: "/dist/MyApp.app.zip",
		APIKey:  &notarize.APIKey{KeyPath: "/tmp/key.p8", KeyID: "ABCD1234", IssuerID: "iss"},
	})
	if err != nil {
		t.Fatalf("unexpected: %v", err)
	}
	want := []string{
		"notarytool", "submit", "/dist/MyApp.app.zip",
		"--key", "/tmp/key.p8",
		"--key-id", "ABCD1234",
		"--issuer", "iss",
		"--wait",
		"--output-format", "json",
	}
	if !reflect.DeepEqual(f.Calls[0].Args, want) {
		t.Fatalf("args got %v want %v", f.Calls[0].Args, want)
	}
}

func TestSubmit_AppleIDArgs(t *testing.T) {
	f := &runner.Fake{}
	f.On("xcrun", nil).Return([]byte(`{"id":"1","status":"Accepted"}`), nil)

	err := notarize.Submit(context.Background(), f, notarize.Opts{
		ZipPath: "/dist/MyApp.app.zip",
		AppleID: &notarize.AppleID{Username: "u@x", Password: "pw", TeamID: "TEAM1234"},
	})
	if err != nil {
		t.Fatalf("unexpected: %v", err)
	}
	want := []string{
		"notarytool", "submit", "/dist/MyApp.app.zip",
		"--apple-id", "u@x",
		"--password", "pw",
		"--team-id", "TEAM1234",
		"--wait",
		"--output-format", "json",
	}
	if !reflect.DeepEqual(f.Calls[0].Args, want) {
		t.Fatalf("args got %v want %v", f.Calls[0].Args, want)
	}
}

func TestSubmit_RejectionFetchesLogAndReturnsError(t *testing.T) {
	f := &runner.Fake{}
	// First call: submit returns Invalid status with id.
	f.On("xcrun", []string{
		"notarytool", "submit", "/dist/MyApp.app.zip",
		"--key", "/tmp/key.p8", "--key-id", "K", "--issuer", "I",
		"--wait", "--output-format", "json",
	}).Return([]byte(`{"id":"sub-1","status":"Invalid"}`), nil)

	// Second call: log fetch.
	f.On("xcrun", []string{
		"notarytool", "log", "sub-1",
		"--key", "/tmp/key.p8", "--key-id", "K", "--issuer", "I",
	}).Return([]byte(`{"issues":[{"message":"missing entitlement"}]}`), nil)

	err := notarize.Submit(context.Background(), f, notarize.Opts{
		ZipPath: "/dist/MyApp.app.zip",
		APIKey:  &notarize.APIKey{KeyPath: "/tmp/key.p8", KeyID: "K", IssuerID: "I"},
	})
	if err == nil {
		t.Fatal("expected error")
	}
	if !strings.Contains(err.Error(), "missing entitlement") {
		t.Fatalf("expected log content in error, got %v", err)
	}
}

func TestSubmit_NoCredentialsErrors(t *testing.T) {
	err := notarize.Submit(context.Background(), &runner.Fake{}, notarize.Opts{ZipPath: "/x"})
	if err == nil {
		t.Fatal("expected error")
	}
}

func TestSubmit_ToolFailureWraps(t *testing.T) {
	f := &runner.Fake{}
	f.On("xcrun", nil).Return(nil, errors.New("network down"))
	err := notarize.Submit(context.Background(), f, notarize.Opts{
		ZipPath: "/x",
		APIKey:  &notarize.APIKey{KeyPath: "/k", KeyID: "K", IssuerID: "I"},
	})
	if err == nil {
		t.Fatal("expected error")
	}
}

func TestStaple_BuildsCorrectArgs(t *testing.T) {
	f := &runner.Fake{}
	f.On("xcrun", nil).Return(nil, nil)

	err := notarize.Staple(context.Background(), f, "/build/MyApp.app")
	if err != nil {
		t.Fatalf("unexpected: %v", err)
	}
	want := []string{"stapler", "staple", "/build/MyApp.app"}
	if !reflect.DeepEqual(f.Calls[0].Args, want) {
		t.Fatalf("args got %v want %v", f.Calls[0].Args, want)
	}
}