"""Tests for A2A mutual TLS (#806)."""

import sys
import tempfile
from pathlib import Path

sys.path.insert(0, str(Path(__file__).parent.parent))


def test_import():
    """Module imports cleanly."""
    from agent.a2a_mtls import get_server_ssl_context, get_client_ssl_context, verify_agent_cert
    assert callable(get_server_ssl_context)
    assert callable(get_client_ssl_context)
    assert callable(verify_agent_cert)


def test_default_paths():
    """Default cert paths resolve correctly."""
    from agent.a2a_mtls import DEFAULT_CERTS_DIR
    assert DEFAULT_CERTS_DIR is not None
    assert "fleet-certs" in str(DEFAULT_CERTS_DIR)


def test_server_context_creation():
    """Server SSL context can be created with agent name."""
    # This will fail if certs don't exist, which is expected
    from agent.a2a_mtls import get_server_ssl_context
    try:
        ctx = get_server_ssl_context(agent_name="timmy")
        assert ctx is not None
    except FileNotFoundError:
        pass  # Expected when certs don't exist


def test_client_context_creation():
    """Client SSL context can be created with agent name."""
    from agent.a2a_mtls import get_client_ssl_context
    try:
        ctx = get_client_ssl_context(agent_name="timmy")
        assert ctx is not None
    except FileNotFoundError:
        pass  # Expected when certs don't exist


def test_verify_agent_cert_invalid():
    """Invalid cert returns False."""
    from agent.a2a_mtls import verify_agent_cert
    valid, msg = verify_agent_cert("not a cert")
    assert not valid


if __name__ == "__main__":
    tests = [test_import, test_default_paths, test_server_context_creation,
             test_client_context_creation, test_verify_agent_cert_invalid]
    for t in tests:
        print(f"Running {t.__name__}...")
        t()
        print("  PASS")
    print("\nAll tests passed.")