let () = Mirage_crypto_rng_unix.initialize ()

let csr_privkey =
  lazy
    (`RSA (Mirage_crypto_pk.Rsa.generate ~bits:1024 ()))

let dn_of_name name =
  [X509.(Distinguished_name.Relative_distinguished_name.singleton
           (CN name))]

let csr name =
  X509.Signing_request.create
    (dn_of_name name)
    (Lazy.force csr_privkey)

let check_csr_dn_good () = 
  let name = "reynir" in
  let csr = csr name in
  Alcotest.(check @@ result unit Alcotest.reject)
    "good dn in csr"
    (Ok ())
    (Cert_service.check_csr_dn
       csr name)

let check_csr_dn_different () = 
  let name = "reynir" in
  let csr = csr name in
  match Cert_service.check_csr_dn csr "notreynir" with
  | Ok () -> Alcotest.fail "check succeeded, expected failure"
  | Error (`Msg _) -> ()

let cert_tests = [
  "check_csr_dn_good", `Quick, check_csr_dn_good;
  "check_csr_dn_different", `Quick, check_csr_dn_different;
]

let tests : unit Alcotest.test list= [
  "check_csr_dn", cert_tests
]

let () =
  Alcotest.run
    "Cert-service tests"
    tests