// Copyright 2017 Brian Smith.
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

#![cfg(feature = "rsa_signing")]

extern crate ring;
extern crate untrusted;

use ring::signature;

#[test]
fn test_rsa_key_pair_from_pkcs8_rsa_encryption_2048() {
    const INPUT: &'static [u8] =
        include_bytes!("pkcs8_test_rsaEncryption_2048_e65537.pk8");
    assert!(signature::RSAKeyPair::from_pkcs8(
        untrusted::Input::from(INPUT)).is_ok());
}

#[test]
fn test_rsa_key_pair_from_pkcs8_rsa_encryption_3072() {
    const INPUT: &'static [u8] =
        include_bytes!("pkcs8_test_rsaEncryption_3072_e65537.pk8");
    assert!(signature::RSAKeyPair::from_pkcs8(
        untrusted::Input::from(INPUT)).is_ok());
}

#[test]
fn test_rsa_key_pair_from_pkcs8_rsa_encryption_invalid_e3() {
    const INPUT: &'static [u8] =
        include_bytes!("pkcs8_test_rsaEncryption_2048_e3.pk8");
    assert!(signature::RSAKeyPair::from_pkcs8(
        untrusted::Input::from(INPUT)).is_err());
}

#[test]
fn test_rsa_key_pair_from_pkcs8_rsa_encryption_2048_truncated() {
    const INPUT: &'static [u8] =
        include_bytes!("pkcs8_test_rsaEncryption_2048_e65537.pk8");
    assert!(signature::RSAKeyPair::from_pkcs8(
        untrusted::Input::from(&INPUT[..(INPUT.len() - 1)])).is_err());
}

#[test]
fn test_rsa_key_pair_from_pkcs8_ecc() {
    // The input is a valid P-256 private key, which isn't a valid RSA key.
    const INPUT: &'static [u8] =
        include_bytes!("pkcs8_test_ecPublicKey_p256.pk8");
    assert!(signature::RSAKeyPair::from_pkcs8(
        untrusted::Input::from(INPUT)).is_err());
}

#[test]
fn test_rsa_key_pair_from_pkcs8_rsa_encryption_ecc() {
    // The input's algorithm ID is rsaEncryption, but it contains a P-256
    // ECPrivateKey.
    const INPUT: &'static [u8] =
        include_bytes!("pkcs8_test_rsaEncryption_ecc.pk8");
    assert!(signature::RSAKeyPair::from_pkcs8(
        untrusted::Input::from(INPUT)).is_err());
}

#[test]
fn test_rsa_key_pair_from_pkcs8_ecc_rsa_private_key() {
    // The input contains an RSAPrivateKey, but marked as an ecPublicKey w/
    // P-256.
    const INPUT: &'static [u8] =
        include_bytes!("pkcs8_test_ecPublicKey_p256_RSAPrivateKey.pk8");
    assert!(signature::RSAKeyPair::from_pkcs8(
        untrusted::Input::from(INPUT)).is_err());
}