# This file is part of the Trezor project.
#
# Copyright (C) 2012-2019 SatoshiLabs and contributors
#
# This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License version 3
# as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the License along with this library.
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.

import pytest

from trezorlib import webauthn
from trezorlib.exceptions import Cancelled, TrezorFailure

from ..common import MNEMONIC12

CRED1 = bytes.fromhex(
    "f1d00200f8221312f7898e31ea5ec30409527c2b0bde0b9dfdd7eaab4424173f"
    "bf75ab67627fff60974460d903d7d96bb9e974c169a01b2c38cf2305da304169"
    "d4e28f59053a2564bebb3eb3f06c2182f1ea4a2f7cebd8f92a930a76f3b45334"
    "1e3f3285a575a54bcba9cf8a088dbfe24e8e691a5926160174e03aa941828f49"
    "e42b47804d"
)

CRED2 = bytes.fromhex(
    "f1d00200eb3b566f4ea0a219552b2efd2c76e1ffc2e641d3bf91ec92d47a4ed4"
    "d78cf42845248c4e982a503618bac0cecfb0fa91fa10821df1efe1d59ac8314e"
    "b57eb7f32a1a605f91e8692daf1a679b55ab1acadfded5e0c7fd1365e2801759"
    "bd3a4450dd5589586ab072da79"
)

CRED3 = bytes.fromhex(
    "f1d00200ebee50034eb7affb555602eed0812b63d158b57a4188523ad064a719"
    "febf477c52cfcc7ded8d7a7a83af52287ed1ecee9f74f62b7e55ad8e814c062e"
    "009bb3b3391dfec79dc93053b0279eca7207358a0962865da55668b2509de773"
    "8c819dbeead9997778319ac1f1c7318fd6"
)

CREDS = [
    bytes.fromhex(
        "f1d0020029a297837485bf2b43f2a8cc53b759a03201cf6902cf25794a375214"
        "aea1357cee1e2fa9188e8fb74e5b5501767ca740cd1f0c745bb72afd"
    ),
    bytes.fromhex(
        "f1d00200ce4e44a4d5076b7d3037ca039894738183f18b0ef5edfa84b59ba4e9"
        "2e9ce5fe02ddd6cd397c459636dfb45af740d268bd67610578581cc1"
    ),
    bytes.fromhex(
        "f1d00200776ac8476ac5a621c135e9ab3d5c5c1d836843eddad88f94ff044989"
        "cc941f5971bd3df1a3008e12ad16a11753cdfe113d023784a29bbbe0"
    ),
    bytes.fromhex(
        "f1d00200f4bf428bc3ea21a64691bc1cfb3ae14d4ed29621777856ea81b8936e"
        "51293fb8b073ab1c03fe7016b01f9e2bcac796f3c3c33515ffbf88c2"
    ),
    bytes.fromhex(
        "f1d0020055e4d0a8b06951564f71dd601287929b396013d1b1cfd1ab237a6e1d"
        "b53b7f562465ed53b3fc8ba7f0b5e05498fd13badfaac358694e76f2"
    ),
    bytes.fromhex(
        "f1d00200ea2b8789416aa55dac3e8446da76a9fba3f52722329bf4820480faf1"
        "ed35f2eb8577a0e3bbcecd6177d1a4c21faafc3411281ebbc2a8f100"
    ),
    bytes.fromhex(
        "f1d0020043e37bb7c62fd11b6d446da96741123b38ab9123d695537357373970"
        "8d0e7aaff1ed90306da2779c23fde88c68cd37171c871af4f6c6cc08"
    ),
    bytes.fromhex(
        "f1d00200309ced39cf016b1ae284cd63e48310dd73e14f5f3af681fcfd84e121"
        "6cbab4b1d00f505445b839bca1909521e4ba06209fd161bb98eb2b7d"
    ),
    bytes.fromhex(
        "f1d00200c19e3a3e2ce982419b52487e84ceb42a92bbda1c029b1bb3e832ffa7"
        "0321c22edfb6163ee5ec2be03b1b291f451667a6020a720c41653745"
    ),
    bytes.fromhex(
        "f1d0020046ce52d1ed50a900687d6ba20863cc9c0cd6ee9fb72129a0f63eb598"
        "dcd3cd79c449d251240e2098f4b29e4cfa28ab7b45b77f045589312d"
    ),
    bytes.fromhex(
        "f1d002004f92099262dbedc059237e3aff412204131dad9cbad98147322b00ed"
        "988cd7f7b2ea2f34b0388b3efa1246477d058e4d94773a38355bc2e7"
    ),
    bytes.fromhex(
        "f1d00200ac93867d1bfbe6a6be75d943354f280e32fafce204bcee65db097666"
        "e805b80d38f4f3094f334fb310d4f5cc80ccef603fdd6ba320b4eb73"
    ),
    bytes.fromhex(
        "f1d002006d5d6efbe81fe81927029727409d0f242a4da827947ec55e118cd65c"
        "e6f0d1ae4c7ac578f3682806b5e0e5bfaaf7d0416960ece3fc219516"
    ),
    bytes.fromhex(
        "f1d00200e231eba4d9875231644ff1e38c83be7ce3508401b6184320a2ea3dc2"
        "6092f807aba192c6fc5e7286dfc0e5ccc4738d6d8c8a1a440140b47a"
    ),
    bytes.fromhex(
        "f1d002008841311e477753cbfa4b21779d4c04e7c5532f956f2c6995b99e1392"
        "1143b64b4099c98b4b1c012ef06c1bfa673f192fec193f05cf26c0cc"
    ),
]


@pytest.mark.skip_t1
@pytest.mark.altcoin
class TestMsgWebAuthn:
    @pytest.mark.setup_client(mnemonic=MNEMONIC12)
    def test_add_remove(self, client):
        # Remove index 0 should fail.
        with pytest.raises(TrezorFailure):
            webauthn.remove_credential(client, 0)

        # List should be empty.
        assert webauthn.list_credentials(client) == []

        # Add valid credential #1.
        webauthn.add_credential(client, CRED1)

        # Check that the credential was added and parameters are correct.
        creds = webauthn.list_credentials(client)
        assert len(creds) == 1
        assert creds[0].rp_id == "example.com"
        assert creds[0].rp_name == "Example"
        assert creds[0].user_id == bytes.fromhex(
            "3082019330820138A0030201023082019330820138A003020102308201933082"
        )
        assert creds[0].user_name == "johnpsmith@example.com"
        assert creds[0].user_display_name == "John P. Smith"
        assert creds[0].creation_time == 3
        assert creds[0].hmac_secret is True

        # Add valid credential #2, which has same rpId and userId as credential #1.
        webauthn.add_credential(client, CRED2)

        # Check that the credential #2 replaced credential #1 and parameters are correct.
        creds = webauthn.list_credentials(client)
        assert len(creds) == 1
        assert creds[0].rp_id == "example.com"
        assert creds[0].rp_name is None
        assert creds[0].user_id == bytes.fromhex(
            "3082019330820138A0030201023082019330820138A003020102308201933082"
        )
        assert creds[0].user_name == "johnpsmith@example.com"
        assert creds[0].user_display_name is None
        assert creds[0].creation_time == 2
        assert creds[0].hmac_secret is True

        # Adding an invalid credential should appear as if user cancelled.
        with pytest.raises(Cancelled):
            webauthn.add_credential(client, CRED1[:-2])

        # Check that the credential was not added.
        creds = webauthn.list_credentials(client)
        assert len(creds) == 1

        # Add valid credential, which has same userId as #2, but different rpId.
        webauthn.add_credential(client, CRED3)

        # Check that the credential was added.
        creds = webauthn.list_credentials(client)
        assert len(creds) == 2

        # Fill up with 14 more valid credentials.
        for cred in CREDS[:14]:
            webauthn.add_credential(client, cred)

        # Adding one more valid credential to full storage should fail.
        with pytest.raises(TrezorFailure):
            webauthn.add_credential(client, CREDS[14])

        # Remove index 16 should fail.
        with pytest.raises(TrezorFailure):
            webauthn.remove_credential(client, 16)

        # Remove index 2.
        webauthn.remove_credential(client, 2)

        # Check that the credential was removed.
        creds = webauthn.list_credentials(client)
        assert len(creds) == 15

        # Adding another valid credential should succeed now.
        webauthn.add_credential(client, CREDS[14])

        # Check that the credential was added.
        creds = webauthn.list_credentials(client)
        assert len(creds) == 16