# frozen_string_literal: true

require 'spec_helper'

describe 'Decryption events' do
  require_enterprise
  min_server_fcv '4.2'
  require_libmongocrypt
  include_context 'define shared FLE helpers'
  require_topology :replica_set
  min_server_version '7.0.0-rc0'

  let(:setup_client) do
    ClientRegistry.instance.new_local_client(
      SpecConfig.instance.addresses,
      SpecConfig.instance.test_options.merge(
        database: SpecConfig.instance.test_db
      )
    )
  end

  let(:collection_name) do
    'decryption_event'
  end

  let(:client_encryption) do
    Mongo::ClientEncryption.new(
      setup_client,
      key_vault_namespace: "#{key_vault_db}.#{key_vault_coll}",
      kms_providers: local_kms_providers
    )
  end

  let(:key_id) do
    client_encryption.create_data_key('local')
  end

  let(:unencrypted_value) do
    'hello'
  end

  let(:ciphertext) do
    client_encryption.encrypt(
      unencrypted_value,
      key_id: key_id,
      algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic'
    )
  end

  let(:malformed_ciphertext) do
    ciphertext.dup.tap do |obj|
      obj.data[-1] = 0.chr
    end
  end

  let(:encrypted_client) do
    ClientRegistry.instance.new_local_client(
      SpecConfig.instance.addresses,
      SpecConfig.instance.test_options.merge(
        auto_encryption_options: {
          key_vault_namespace: "#{key_vault_db}.#{key_vault_coll}",
          kms_providers: local_kms_providers,
          extra_options: extra_options,
        },
        database: SpecConfig.instance.test_db,
        retry_reads: false,
        max_read_retries: 0
      )
    )
  end

  let(:collection) do
    encrypted_client[collection_name]
  end

  let(:subscriber) { Mrss::EventSubscriber.new }

  let(:command_error) do
    {
      'configureFailPoint' => 'failCommand',
      'mode' => { 'times' => 1 },
      'data' => {
        'errorCode' => 123,
        'failCommands' => [ 'aggregate' ]
      }
    }
  end

  let(:network_error) do
    {
      'configureFailPoint' => 'failCommand',
      'mode' => { 'times' => 1 },
      'data' => {
        'errorCode' => 123,
        'closeConnection' => true,
        'failCommands' => [ 'aggregate' ]
      }
    }
  end

  let(:aggregate_event) do
    subscriber.succeeded_events.detect do |evt|
      evt.command_name == 'aggregate'
    end
  end

  before do
    setup_client[collection_name].drop
    setup_client[collection_name].create

    encrypted_client.subscribe(Mongo::Monitoring::COMMAND, subscriber)
  end

  it 'tests command error' do
    setup_client.use(:admin).command(command_error)

    expect do
      collection.aggregate([]).to_a
    end.to raise_error(Mongo::Error::OperationFailure, /Failing command (?:via|due to) 'failCommand' failpoint/)
    expect(subscriber.failed_events.length).to be 1
  end

  it 'tests network error' do
    setup_client.use(:admin).command(network_error)

    expect do
      collection.aggregate([]).to_a
    end.to raise_error(Mongo::Error::SocketError)
    expect(subscriber.failed_events.length).to be 1
  end

  context 'when decrypt error' do
    before do
      collection.insert_one(encrypted: malformed_ciphertext)
    end

    it 'fails' do
      expect { collection.aggregate([]).to_a }.to raise_error(Mongo::Error::CryptError)
      expect(aggregate_event).not_to be_nil
      expect(
        aggregate_event.reply.dig('cursor', 'firstBatch')&.first&.dig('encrypted')
      ).to be_a(BSON::Binary)
    end
  end

  context 'when decrypt success' do
    before do
      collection.insert_one(encrypted: ciphertext)
    end

    it 'succeeds' do
      expect { collection.aggregate([]).to_a }.not_to raise_error
      expect(aggregate_event).not_to be_nil
      expect(
        aggregate_event.reply.dig('cursor', 'firstBatch')&.first&.dig('encrypted')
      ).to be_a(BSON::Binary)
    end
  end
end