//! Shared test helpers: minting an Aura CA + leaf certs, and wiring an in-memory duplex transport.

#![allow(dead_code)] // each integration test binary uses a different subset of these helpers

use aura_pki::AuraCa;
use aura_proto::{ClientConfig, ServerConfig};

/// A minted PKI fixture: a CA, a server cert/key, and a client cert/key.
pub struct Pki {
    pub ca_cert_pem: String,
    pub server_cert_pem: String,
    pub server_key_pem: String,
    pub client_cert_pem: String,
    pub client_key_pem: String,
    pub server_name: String,
    pub client_id: String,
}

/// Mint a CA plus a server cert (for `server_name`) and a client cert (CN = `client_id`).
pub fn mint_pki(server_name: &str, client_id: &str) -> Pki {
    let ca = AuraCa::generate("Aura Test Root CA").expect("generate CA");
    let server = ca
        .issue_server_cert(server_name)
        .expect("issue server cert");
    let client = ca.issue_client_cert(client_id).expect("issue client cert");
    Pki {
        ca_cert_pem: ca.ca_cert_pem(),
        server_cert_pem: server.cert_pem,
        server_key_pem: server.key_pem,
        client_cert_pem: client.cert_pem,
        client_key_pem: client.key_pem,
        server_name: server_name.to_string(),
        client_id: client_id.to_string(),
    }
}

impl Pki {
    /// Build a matching [`ClientConfig`] from this fixture.
    pub fn client_config(&self) -> ClientConfig {
        ClientConfig {
            ca_cert_pem: self.ca_cert_pem.clone(),
            client_cert_pem: self.client_cert_pem.clone(),
            client_key_pem: self.client_key_pem.clone(),
            server_name: self.server_name.clone(),
        }
    }

    /// Build a matching [`ServerConfig`] from this fixture.
    pub fn server_config(&self) -> ServerConfig {
        ServerConfig {
            ca_cert_pem: self.ca_cert_pem.clone(),
            server_cert_pem: self.server_cert_pem.clone(),
            server_key_pem: self.server_key_pem.clone(),
        }
    }
}