use rpki::data_model::tal::{Tal, TalDecodeError};

fn mk_tal(uris: &[&str], b64_lines: &[&str]) -> String {
    let mut out = String::new();
    out.push_str("# comment\n");
    for u in uris {
        out.push_str(u);
        out.push('\n');
    }
    out.push('\n'); // separator
    for l in b64_lines {
        out.push_str(l);
        out.push('\n');
    }
    out
}

#[test]
fn tal_rejects_missing_separator() {
    let s = "# c\nhttps://example.invalid/ta.cer\nAAAA\n";
    assert!(matches!(
        Tal::decode_bytes(s.as_bytes()),
        Err(TalDecodeError::MissingSeparatorEmptyLine)
    ));
}

#[test]
fn tal_rejects_missing_uris() {
    let s = "# c\n\nAAAA\n";
    assert!(matches!(Tal::decode_bytes(s.as_bytes()), Err(TalDecodeError::MissingTaUris)));
}

#[test]
fn tal_rejects_unsupported_scheme() {
    let s = mk_tal(&["ftp://example.invalid/ta.cer"], &["AAAA"]);
    assert!(matches!(
        Tal::decode_bytes(s.as_bytes()),
        Err(TalDecodeError::UnsupportedUriScheme(_))
    ));
}

#[test]
fn tal_rejects_directory_uri() {
    let s = mk_tal(&["https://example.invalid/dir/"], &["AAAA"]);
    assert!(matches!(
        Tal::decode_bytes(s.as_bytes()),
        Err(TalDecodeError::UriIsDirectory(_))
    ));
}

#[test]
fn tal_rejects_comment_after_header() {
    let s = "# c\nhttps://example.invalid/ta.cer\n# late\n\nAAAA\n";
    assert!(matches!(Tal::decode_bytes(s.as_bytes()), Err(TalDecodeError::CommentAfterHeader)));
}

#[test]
fn tal_rejects_invalid_base64() {
    let s = mk_tal(&["https://example.invalid/ta.cer"], &["not-base64!!!"]);
    assert!(matches!(
        Tal::decode_bytes(s.as_bytes()),
        Err(TalDecodeError::SpkiBase64Decode)
    ));
}

#[test]
fn tal_rejects_invalid_utf8() {
    let bytes = [0xFFu8, 0xFEu8];
    assert!(matches!(Tal::decode_bytes(&bytes), Err(TalDecodeError::InvalidUtf8)));
}