# This file is part of the Trezor project.
#
# Copyright (C) 2012-2019 SatoshiLabs and contributors
#
# This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License version 3
# as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the License along with this library.
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.

import pytest

from trezorlib import device, messages
from trezorlib.exceptions import TrezorFailure

PIN4 = "1234"
PIN6 = "789456"


pytestmark = pytest.mark.skip_t2


def _check_pin(client, pin):
    client.clear_session()
    with client:
        client.use_pin_sequence([pin])
        client.set_expected_responses([messages.PinMatrixRequest(), messages.Address()])
        client.call(messages.GetAddress())


def _check_no_pin(client):
    client.clear_session()
    with client:
        client.set_expected_responses([messages.Address()])
        client.call(messages.GetAddress())


def test_set_pin(client):
    assert client.features.pin_protection is False

    # Check that there's no PIN protection
    _check_no_pin(client)

    # Let's set new PIN
    with client:
        client.use_pin_sequence([PIN6, PIN6])
        client.set_expected_responses(
            [
                messages.ButtonRequest(code=messages.ButtonRequestType.ProtectCall),
                messages.PinMatrixRequest(),
                messages.PinMatrixRequest(),
                messages.Success(),
                messages.Features(),
            ]
        )
        device.change_pin(client)

    # Check that there's PIN protection now
    assert client.features.pin_protection is True
    # Check that the PIN is correct
    _check_pin(client, PIN6)


@pytest.mark.setup_client(pin=PIN4)
def test_change_pin(client):
    assert client.features.pin_protection is True
    # Check that there's PIN protection
    _check_pin(client, PIN4)

    # Let's change PIN
    with client:
        client.use_pin_sequence([PIN4, PIN6, PIN6])
        client.set_expected_responses(
            [
                messages.ButtonRequest(code=messages.ButtonRequestType.ProtectCall),
                messages.PinMatrixRequest(),
                messages.PinMatrixRequest(),
                messages.PinMatrixRequest(),
                messages.Success(),
                messages.Features(),
            ]
        )
        device.change_pin(client)

    # Check that there's still PIN protection now
    assert client.features.pin_protection is True
    # Check that the PIN is correct
    _check_pin(client, PIN6)


@pytest.mark.setup_client(pin=PIN4)
def test_remove_pin(client):
    assert client.features.pin_protection is True
    # Check that there's PIN protection
    _check_pin(client, PIN4)

    # Let's remove PIN
    with client:
        client.use_pin_sequence([PIN4])
        client.set_expected_responses(
            [
                messages.ButtonRequest(code=messages.ButtonRequestType.ProtectCall),
                messages.PinMatrixRequest(),
                messages.Success(),
                messages.Features(),
            ]
        )
        device.change_pin(client, remove=True)

    # Check that there's no PIN protection now
    assert client.features.pin_protection is False
    _check_no_pin(client)


def test_set_mismatch(client):
    assert client.features.pin_protection is False
    # Check that there's no PIN protection
    _check_no_pin(client)

    # Let's set new PIN
    with pytest.raises(TrezorFailure, match="PIN mismatch"), client:
        # use different PINs for first and second attempt. This will fail.
        client.use_pin_sequence([PIN4, PIN6])
        client.set_expected_responses(
            [
                messages.ButtonRequest(code=messages.ButtonRequestType.ProtectCall),
                messages.PinMatrixRequest(),
                messages.PinMatrixRequest(),
                messages.Failure(),
            ]
        )
        device.change_pin(client)

    # Check that there's still no PIN protection now
    client.init_device()
    assert client.features.pin_protection is False
    _check_no_pin(client)


@pytest.mark.setup_client(pin=PIN4)
def test_change_mismatch(client):
    assert client.features.pin_protection is True

    # Let's set new PIN
    with pytest.raises(TrezorFailure, match="PIN mismatch"), client:
        client.use_pin_sequence([PIN4, PIN6, PIN6 + "3"])
        client.set_expected_responses(
            [
                messages.ButtonRequest(code=messages.ButtonRequestType.ProtectCall),
                messages.PinMatrixRequest(),
                messages.PinMatrixRequest(),
                messages.PinMatrixRequest(),
                messages.Failure(),
            ]
        )
        device.change_pin(client)

    # Check that there's still old PIN protection
    client.init_device()
    assert client.features.pin_protection is True
    _check_pin(client, PIN4)


@pytest.mark.parametrize("invalid_pin", ("1204", "", "1234567891"))
def test_set_invalid(client, invalid_pin):
    assert client.features.pin_protection is False

    # Let's set an invalid PIN
    ret = client.call_raw(messages.ChangePin())
    assert isinstance(ret, messages.ButtonRequest)

    # Press button
    client.debug.press_yes()
    ret = client.call_raw(messages.ButtonAck())

    # Send a PIN containing an invalid digit
    assert isinstance(ret, messages.PinMatrixRequest)
    ret = client.call_raw(messages.PinMatrixAck(pin=invalid_pin))

    # Ensure the invalid PIN is detected
    assert isinstance(ret, messages.Failure)

    # Check that there's still no PIN protection now
    client.init_device()
    assert client.features.pin_protection is False
    _check_no_pin(client)


@pytest.mark.parametrize("invalid_pin", ("1204", "", "1234567891"))
@pytest.mark.setup_client(pin=PIN4)
def test_enter_invalid(client, invalid_pin):
    assert client.features.pin_protection is True

    # use an invalid PIN
    ret = client.call_raw(messages.GetAddress())

    # Send a PIN containing an invalid digit
    assert isinstance(ret, messages.PinMatrixRequest)
    ret = client.call_raw(messages.PinMatrixAck(pin=invalid_pin))

    # Ensure the invalid PIN is detected
    assert isinstance(ret, messages.Failure)