//! `test_full_handshake_loopback` — a full client+server handshake over an in-memory duplex.

mod common;

use aura_proto::{client_handshake, server_handshake};
use tokio::io::split;

#[tokio::test]
async fn test_full_handshake_loopback() {
    let pki = common::mint_pki("vpn.aura.example", "client-alpha");
    let client_cfg = pki.client_config();
    let server_cfg = pki.server_config();

    // Connected in-memory transport; split each end into independent read/write halves so the
    // handshake can use separate reader + writer (matching quinn's split streams).
    let (client_end, server_end) = tokio::io::duplex(64 * 1024);
    let (c_read, c_write) = split(client_end);
    let (s_read, s_write) = split(server_end);

    let client = tokio::spawn(async move {
        client_handshake(c_read, c_write, &client_cfg)
            .await
            .map(|s| s.peer_id().map(str::to_string))
    });
    let server = tokio::spawn(async move {
        server_handshake(s_read, s_write, &server_cfg)
            .await
            .map(|s| s.peer_id().map(str::to_string))
    });

    let (client_res, server_res) = tokio::join!(client, server);
    let client_peer = client_res
        .expect("client task")
        .expect("client handshake ok");
    let server_peer = server_res
        .expect("server task")
        .expect("server handshake ok");

    // Server learned the client id from the verified client certificate.
    assert_eq!(server_peer.as_deref(), Some("client-alpha"));
    // Client recorded the server name it authenticated.
    assert_eq!(client_peer.as_deref(), Some("vpn.aura.example"));
}