#!/usr/bin/env bats
# Comprehensive unit tests for encryption-validation.sh hook

# Add bats library to BATS_LIB_PATH
export BATS_LIB_PATH="/usr/lib/bats-core"

load 'bats-support/load'
load 'bats-assert/load'
load 'bats-file/load'
load '../test_helper/common.bash'

setup() {
    export TEST_ROOT="${TEST_TEMP_DIR}/encryption-validation"
    mkdir -p "${TEST_ROOT}"
}

@test "encryption-validation.sh exists and is executable" {
    assert_file_exists "${PROJECT_ROOT}/config/hooks/installed/encryption-validation.sh"
    assert [ -x "${PROJECT_ROOT}/config/hooks/installed/encryption-validation.sh" ]
}

@test "encryption-validation.sh validates encryption configuration" {
    source "${PROJECT_ROOT}/config/hooks/installed/encryption-validation.sh"

    # Mock cryptsetup
    cryptsetup() {
        echo "cryptsetup $@"
        return 0
    }
    export -f cryptsetup

    local config_file="${TEST_ROOT}/crypttab"
    echo "sda1_crypt UUID=12345678-1234-1234-1234-123456789012 none luks" > "$config_file"

    validate_encryption_config "$config_file"
    assert_success
}

@test "encryption-validation.sh creates user reminder file" {
    source "${PROJECT_ROOT}/config/hooks/installed/encryption-validation.sh"

    local home_dir="${TEST_ROOT}/home/user"
    mkdir -p "$home_dir"

    create_encryption_reminder "$home_dir"
    assert_file_exists "$home_dir/ENCRYPTION-PASSPHRASE-REMINDER.txt"
    assert_file_contains "$home_dir/ENCRYPTION-PASSPHRASE-REMINDER.txt" "Full Disk Encryption"
    assert_file_contains "$home_dir/ENCRYPTION-PASSPHRASE-REMINDER.txt" "LUKS2"
    assert_file_contains "$home_dir/ENCRYPTION-PASSPHRASE-REMINDER.txt" "14+ characters"
}

@test "encryption-validation.sh creates MOTD messages" {
    source "${PROJECT_ROOT}/config/hooks/installed/encryption-validation.sh"

    local motd_dir="${TEST_ROOT}/motd.d"
    mkdir -p "$motd_dir"

    setup_encryption_motd "$motd_dir"
    assert_file_exists "$motd_dir/10-encryption-status"
    assert_file_contains "$motd_dir/10-encryption-status" "Full Disk Encryption"
}

@test "encryption-validation.sh creates first boot check" {
    source "${PROJECT_ROOT}/config/hooks/installed/encryption-validation.sh"

    local local_bin="${TEST_ROOT}/bin"
    mkdir -p "$local_bin"

    create_first_boot_check "$local_bin"
    assert_file_exists "$local_bin/first-boot-encryption-check.sh"
    assert [ -x "$local_bin/first-boot-encryption-check.sh" ]
}

@test "encryption-validation.sh script is valid bash" {
    run bash -n "${PROJECT_ROOT}/config/hooks/installed/encryption-validation.sh"
    assert_success
}