// Copyright (c) Microsoft Corporation. All rights reserved. See License.txt in the project root for license information.

using System.IO;
using System.Security.Cryptography;
using System.Text;
using Xunit;
using Assert = Microsoft.TestCommon.AssertEx;

namespace System.Web.Helpers.Test
{
    /// <summary>
    ///This is a test class for CryptoTest and is intended
    ///to contain all CryptoTest Unit Tests
    ///</summary>
    public class CryptoTest
    {
        [Fact]
        public void SHA256HashTest_ReturnsValidData()
        {
            string data = "foo bar";
            string expected = "FBC1A9F858EA9E177916964BD88C3D37B91A1E84412765E29950777F265C4B75";
            string actual;
            actual = Crypto.SHA256(data);
            Assert.Equal(expected, actual);

            actual = Crypto.Hash(Encoding.UTF8.GetBytes(data));
            Assert.Equal(expected, actual);
        }

        [Fact]
        public void GenerateSaltTest()
        {
            string salt = Crypto.GenerateSalt();
            salt = Crypto.GenerateSalt(64);
            Assert.Equal(24, Crypto.GenerateSalt().Length);
            Assert.Equal(12, Crypto.GenerateSalt(8).Length);
            Assert.Equal(88, Crypto.GenerateSalt(64).Length);
            Assert.Equal(44, Crypto.GenerateSalt(32).Length);
        }

        [Fact]
        public void HashPassword_PasswordGeneration()
        {
            // Act - call helper directly
            string generatedHash = Crypto.HashPassword("my-password");
            byte[] salt = new byte[16];
            Buffer.BlockCopy(Convert.FromBase64String(generatedHash), 1, salt, 0, 16); // extract salt from generated hash

            // Act - perform PBKDF2 directly
            string generatedHash2;
            using (var ms = new MemoryStream())
            {
                using (var bw = new BinaryWriter(ms))
                {
                    using (var deriveBytes = new Rfc2898DeriveBytes("my-password", salt, iterations: 1000))
                    {
                        bw.Write((byte)0x00); // version identifier
                        bw.Write(salt); // salt
                        bw.Write(deriveBytes.GetBytes(32)); // subkey
                    }

                    generatedHash2 = Convert.ToBase64String(ms.ToArray());
                }
            }

            // Assert
            Assert.Equal(generatedHash2, generatedHash);
        }

        [Fact]
        public void HashPassword_RoundTripping()
        {
            // Act & assert
            string password = "ImPepper";
            Assert.True(Crypto.VerifyHashedPassword(Crypto.HashPassword(password), password));
            Assert.False(Crypto.VerifyHashedPassword(Crypto.HashPassword(password), "ImSalt"));
            Assert.False(Crypto.VerifyHashedPassword(Crypto.HashPassword("Impepper"), password));
        }

        [Fact]
        public void VerifyHashedPassword_CorrectPassword_ReturnsTrue()
        {
            // Arrange
            string hashedPassword = "ALyuoraY/cIWD1hjo+K81/pf83qo6Q6T+UBYcXN9P3A9WHLvEY10f+lwW5qPG6h9xw=="; // this is for 'my-password'

            // Act
            bool retVal = Crypto.VerifyHashedPassword(hashedPassword, "my-password");

            // Assert
            Assert.True(retVal);
        }

        [Fact]
        public void VerifyHashedPassword_IncorrectPassword_ReturnsFalse()
        {
            // Arrange
            string hashedPassword = "ALyuoraY/cIWD1hjo+K81/pf83qo6Q6T+UBYcXN9P3A9WHLvEY10f+lwW5qPG6h9xw=="; // this is for 'my-password'

            // Act
            bool retVal = Crypto.VerifyHashedPassword(hashedPassword, "some-other-password");

            // Assert
            Assert.False(retVal);
        }

        [Fact]
        public void VerifyHashedPassword_InvalidPasswordHash_ReturnsFalse()
        {
            // Arrange
            string hashedPassword = "AAECAw=="; // this is an invalid password hash

            // Act
            bool retVal = Crypto.VerifyHashedPassword(hashedPassword, "hello-world");

            // Assert
            Assert.False(retVal);
        }

        [Fact]
        public void MD5HashTest_ReturnsValidData()
        {
            string data = "foo bar";
            string expected = "327B6F07435811239BC47E1544353273";
            string actual;
            actual = Crypto.Hash(data, algorithm: "md5");
            Assert.Equal(expected, actual);

            actual = Crypto.Hash(Encoding.UTF8.GetBytes(data), algorithm: "MD5");
            Assert.Equal(expected, actual);
        }

        [Fact]
        public void SHA1HashTest_ReturnsValidData()
        {
            string data = "foo bar";
            string expected = "3773DEA65156909838FA6C22825CAFE090FF8030";
            string actual;
            actual = Crypto.SHA1(data);
            Assert.Equal(expected, actual);

            actual = Crypto.Hash(Encoding.UTF8.GetBytes(data), algorithm: "sha1");
            Assert.Equal(expected, actual);
        }

        [Fact]
        public void SHA1HashTest_WithNull_ThrowsException()
        {
            Assert.Throws<ArgumentNullException>(() => Crypto.SHA1((string)null));
            Assert.Throws<ArgumentNullException>(() => Crypto.Hash((byte[])null, algorithm: "SHa1"));
        }

        [Fact]
        public void SHA256HashTest_WithNull_ThrowsException()
        {
            Assert.Throws<ArgumentNullException>(() => Crypto.SHA256((string)null));
            Assert.Throws<ArgumentNullException>(() => Crypto.Hash((byte[])null, algorithm: "sHa256"));
        }

        [Fact]
        public void MD5HashTest_WithNull_ThrowsException()
        {
            Assert.Throws<ArgumentNullException>(() => Crypto.Hash((string)null, algorithm: "mD5"));
            Assert.Throws<ArgumentNullException>(() => Crypto.Hash((byte[])null, algorithm: "mD5"));
        }

        [Fact]
        public void HashWithUnknownAlg_ThrowsException()
        {
            Assert.Throws<InvalidOperationException>(() => Crypto.Hash("sdflksd", algorithm: "hao"), "The hash algorithm 'hao' is not supported, valid values are: sha256, sha1, md5");
        }
    }
}