#!/usr/bin/env python3
"""
Test mTLS Certificate Loading
Tests PFX certificate can be loaded and converted to PEM without making API calls
"""

import sys
import os

sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..'))

from shared.config_loader import load_config
from shared.dam_client import pfx_to_pem

def main():
    print("=" * 60)
    print("Testing mTLS Certificate Loading")
    print("=" * 60)
    print("")

    # Load config
    try:
        config = load_config('config/config.yaml')
        print("✓ Configuration loaded")
    except Exception as e:
        print("✗ Configuration failed: {}".format(e))
        sys.exit(1)

    # Get certificate config
    cert_path = config['dam'].get('mtls_cert_path')
    cert_password = config['dam'].get('mtls_cert_password')

    if not cert_path:
        print("✗ mTLS cert path not configured in config.yaml")
        print("  Set DAM_MTLS_CERT_PATH in .env")
        sys.exit(1)

    print("")
    print("Certificate Configuration:")
    print("  Path: {}".format(cert_path))
    print("  Password: {}".format('*' * len(cert_password) if cert_password else '(none)'))
    print("")

    # Test file exists
    if not os.path.exists(cert_path):
        print("✗ Certificate file not found: {}".format(cert_path))
        sys.exit(1)

    print("✓ Certificate file exists")

    file_size = os.path.getsize(cert_path)
    print("  Size: {} bytes".format(file_size))
    print("")

    # Test loading certificate
    print("Testing certificate loading...")
    try:
        with pfx_to_pem(cert_path, cert_password) as pem_path:
            print("✓ Certificate loaded successfully")
            print("  Temporary PEM file: {}".format(pem_path))

            # Check PEM file was created
            if os.path.exists(pem_path):
                pem_size = os.path.getsize(pem_path)
                print("  PEM size: {} bytes".format(pem_size))

                # Read first few lines to verify format
                with open(pem_path, 'r') as f:
                    first_line = f.readline().strip()
                    if '-----BEGIN' in first_line:
                        print("  Format: Valid PEM (starts with {})".format(first_line))
                    else:
                        print("  Warning: Unexpected PEM format")
            else:
                print("  Warning: PEM file not created")

        print("")
        print("✓ Certificate cleanup successful (temp file deleted)")

    except Exception as e:
        print("✗ Certificate loading failed: {}".format(str(e)))
        import traceback
        traceback.print_exc()
        sys.exit(1)

    print("")
    print("=" * 60)
    print("✓ Certificate test complete - mTLS ready to use!")
    print("=" * 60)
    print("")
    print("Next steps:")
    print("  1. Test connection: python scripts/test_connection.py --auth-pfx")
    print("  2. Test workflow: python scripts/a1_to_a2_download.py --auth-pfx")

if __name__ == '__main__':
    main()