package state

import (
	"path/filepath"
	"testing"
)

func TestLoadOrCreatePersistsIdentity(t *testing.T) {
	dir := t.TempDir()
	identity, err := LoadOrCreate(dir, "cluster-1", "node-a")
	if err != nil {
		t.Fatalf("load or create: %v", err)
	}
	if identity.NodeFingerprint == "" || identity.PublicKey == "" {
		t.Fatalf("identity missing generated fields: %+v", identity)
	}
	loaded, err := Load(filepath.Join(dir, FileName))
	if err != nil {
		t.Fatalf("load identity: %v", err)
	}
	if loaded.NodeFingerprint != identity.NodeFingerprint {
		t.Fatal("identity fingerprint was not persisted")
	}
}

func TestMarkApprovedUpdatesIdentity(t *testing.T) {
	dir := t.TempDir()
	if _, err := LoadOrCreate(dir, "cluster-1", "node-a"); err != nil {
		t.Fatalf("load or create: %v", err)
	}
	if _, err := MarkEnrollmentSubmitted(dir, "cluster-1", "join-request-1"); err != nil {
		t.Fatalf("mark enrollment submitted: %v", err)
	}
	approved, err := MarkApproved(dir, "node-1", "cluster-1", "active")
	if err != nil {
		t.Fatalf("mark approved: %v", err)
	}
	if approved.NodeID != "node-1" || approved.IdentityStatus != "active" || approved.PendingJoinRequestID != "" {
		t.Fatalf("unexpected approved identity: %+v", approved)
	}
}

func TestMarkApprovedWithAuthorityPinsClusterAuthority(t *testing.T) {
	dir := t.TempDir()
	if _, err := LoadOrCreate(dir, "cluster-1", "node-a"); err != nil {
		t.Fatalf("load or create: %v", err)
	}
	approved, err := MarkApprovedWithAuthority(dir, "node-1", "cluster-1", "active", "public-key-b64", "rap-ca-ed25519-test")
	if err != nil {
		t.Fatalf("mark approved with authority: %v", err)
	}
	if approved.ClusterAuthorityPublicKey != "public-key-b64" || approved.ClusterAuthorityFingerprint != "rap-ca-ed25519-test" {
		t.Fatalf("authority pin was not persisted: %+v", approved)
	}
}