import os
import subprocess
from subprocess import DEVNULL
import tempfile

import ldap3

from ceo_common.krb5.utils import get_fwd_tgt, store_fwd_tgt_creds


def test_fwd_tgt(cfg):
    realm = cfg.get('ldap_sasl_realm')
    ldap_server = cfg.get('ldap_server_url')
    old_krb5ccname = os.environ['KRB5CCNAME']
    f1 = tempfile.NamedTemporaryFile()
    d2 = tempfile.TemporaryDirectory()

    try:
        subprocess.run(
            ['kinit', '-c', 'FILE:' + f1.name, 'regular1'],
            text=True, input='krb5', check=True, stdout=DEVNULL)
        subprocess.run(
            ['kinit', '-c', 'DIR:' + d2.name, 'ctdalek'],
            text=True, input='krb5', check=True, stdout=DEVNULL)
        os.environ['KRB5CCNAME'] = 'FILE:' + f1.name
        b = get_fwd_tgt('phosphoric-acid')
        os.environ['KRB5CCNAME'] = 'DIR:' + d2.name
        # make sure that we can import the creds from regular1 into the
        # cache collection
        with store_fwd_tgt_creds(b) as name:
            assert name == 'regular1@' + realm

            kwargs = {
                'server': ldap_server, 'auto_bind': True,
                'authentication': ldap3.SASL, 'sasl_mechanism': ldap3.KERBEROS,
            }
            conn = ldap3.Connection(**kwargs, user='regular1')
            assert conn.extend.standard.who_am_i().startswith('dn:uid=regular1,')
            conn.unbind()
    finally:
        os.environ['KRB5CCNAME'] = old_krb5ccname
        f1.close()
        d2.cleanup()