import json, hashlib, sys
from pathlib import Path
import pytest

REPO_ROOT = Path(__file__).parent.parent
sys.path.insert(0, str(REPO_ROOT / "tools"))

from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives import serialization

from deploy_firmware import deploy


@pytest.fixture()
def key_pem(tmp_path):
    key = ec.generate_private_key(ec.SECP256R1())
    pem_path = tmp_path / "key.pem"
    pem_path.write_bytes(key.private_bytes(
        serialization.Encoding.PEM,
        serialization.PrivateFormat.PKCS8,
        serialization.NoEncryption(),
    ))
    return pem_path


def test_deploy_writes_all_artifacts(tmp_path, key_pem):
    firmware = tmp_path / "firmware.bin"
    firmware.write_bytes(b"fake firmware" * 200)
    out_dir = tmp_path / "server_firmware"

    deploy(firmware_path=firmware, key_path=key_pem,
           version="1.2.3", output_dir=out_dir)

    assert (out_dir / "current.bin").exists()
    assert (out_dir / "current.sig").exists()
    assert (out_dir / "manifest.json").exists()


def test_manifest_contents(tmp_path, key_pem):
    data = b"firmware payload"
    firmware = tmp_path / "fw.bin"
    firmware.write_bytes(data)
    out_dir = tmp_path / "out"

    deploy(firmware_path=firmware, key_path=key_pem,
           version="2.0.1", output_dir=out_dir)

    manifest = json.loads((out_dir / "manifest.json").read_text())
    assert manifest["version"] == "2.0.1"
    assert manifest["size"] == len(data)
    assert manifest["sha256"] == hashlib.sha256(data).hexdigest()


def test_signature_is_64_bytes(tmp_path, key_pem):
    firmware = tmp_path / "fw.bin"
    firmware.write_bytes(b"fw")
    out_dir = tmp_path / "out"

    deploy(firmware_path=firmware, key_path=key_pem,
           version="1.0.0", output_dir=out_dir)

    sig = (out_dir / "current.sig").read_bytes()
    assert len(sig) == 64