#!/usr/bin/env bats
# Unit tests for security hardening functions

# Add bats library to BATS_LIB_PATH
export BATS_LIB_PATH="/usr/lib/bats-core"

load 'bats-support/load'
load 'bats-assert/load'
load 'bats-file/load'
load '../test_helper/common.bash'

@test "create_wifi_blacklist creates correct configuration" {
    source "${PROJECT_ROOT}/src/security-hardening.sh"
    
    local test_output="$TEST_TEMP_DIR/blacklist-wifi.conf"
    create_wifi_blacklist "$test_output"
    
    assert [ -f "$test_output" ]
    assert_file_contains "$test_output" "blacklist cfg80211"
    assert_file_contains "$test_output" "blacklist mac80211"
    assert_file_contains "$test_output" "blacklist iwlwifi"
}

@test "create_bluetooth_blacklist creates correct configuration" {
    source "${PROJECT_ROOT}/src/security-hardening.sh"
    
    local test_output="$TEST_TEMP_DIR/blacklist-bluetooth.conf"
    create_bluetooth_blacklist "$test_output"
    
    assert [ -f "$test_output" ]
    assert_file_contains "$test_output" "blacklist btusb"
    assert_file_contains "$test_output" "blacklist bluetooth"
}

@test "configure_ssh creates secure configuration" {
    source "${PROJECT_ROOT}/src/security-hardening.sh"
    
    local test_output="$TEST_TEMP_DIR/sshd_config"
    configure_ssh "$test_output"
    
    assert [ -f "$test_output" ]
    assert_file_contains "$test_output" "PermitRootLogin no"
    assert_file_contains "$test_output" "PasswordAuthentication yes"
    assert_file_contains "$test_output" "MaxAuthTries 3"
}

@test "configure_password_policy creates secure policy" {
    source "${PROJECT_ROOT}/src/security-hardening.sh"
    
    local test_output="$TEST_TEMP_DIR/pwquality.conf"
    configure_password_policy "$test_output"
    
    assert [ -f "$test_output" ]
    assert_file_contains "$test_output" "minlen = 14"
    assert_file_contains "$test_output" "dcredit = -1"
    assert_file_contains "$test_output" "ucredit = -1"
}