"""These tests rely on replies from public internet services

TODO: reimplement with local stubs
"""
import httplib2
import os
import pytest
import ssl
import sys
import tests


def test_get_301_via_https():
    # Google always redirects to http://google.com
    http = httplib2.Http()
    response, content = http.request("https://code.google.com/apis/", "GET")
    assert response.status == 200
    assert response.previous.status == 301


def test_get_via_https():
    # Test that we can handle HTTPS
    http = httplib2.Http()
    response, content = http.request("https://google.com/adsense/", "GET")
    assert response.status == 200


def test_get_via_https_spec_violation_on_location():
    # Test that we follow redirects through HTTPS
    # even if they violate the spec by including
    # a relative Location: header instead of an
    # absolute one.
    http = httplib2.Http()
    response, content = http.request("https://google.com/adsense", "GET")
    assert response.status == 200
    assert response.previous is not None


def test_get_via_https_key_cert():
    #  At this point I can only test
    #  that the key and cert files are passed in
    #  correctly to httplib. It would be nice to have
    #  a real https endpoint to test against.
    http = httplib2.Http(timeout=2)
    http.add_certificate("akeyfile", "acertfile", "bitworking.org")
    try:
        http.request("https://bitworking.org", "GET")
    except AttributeError:
        assert http.connections["https:bitworking.org"].key_file == "akeyfile"
        assert http.connections["https:bitworking.org"].cert_file == "acertfile"
    except IOError:
        # Skip on 3.2
        pass

    try:
        http.request("https://notthere.bitworking.org", "GET")
    except httplib2.ServerNotFoundError:
        assert http.connections["https:notthere.bitworking.org"].key_file is None
        assert http.connections["https:notthere.bitworking.org"].cert_file is None
    except IOError:
        # Skip on 3.2
        pass


def test_ssl_invalid_ca_certs_path():
    # Test that we get an ssl.SSLError when specifying a non-existent CA
    # certs file.
    http = httplib2.Http(ca_certs="/nosuchfile")
    with tests.assert_raises(IOError):
        http.request("https://www.google.com/", "GET")


@pytest.mark.xfail(
    sys.version_info <= (3,),
    reason=(
        "FIXME: for unknown reason Python 2.7.10 validates www.google.com "
        "against dummy CA www.example.com"
    ),
)
def test_ssl_wrong_ca():
    # Test that we get a SSLHandshakeError if we try to access
    # https://www.google.com, using a CA cert file that doesn't contain
    # the CA Google uses (i.e., simulating a cert that's not signed by a
    # trusted CA).
    other_ca_certs = os.path.join(
        os.path.dirname(os.path.abspath(httplib2.__file__)), "test", "other_cacerts.txt"
    )
    assert os.path.exists(other_ca_certs)
    http = httplib2.Http(ca_certs=other_ca_certs)
    http.follow_redirects = False
    with tests.assert_raises(ssl.SSLError):
        http.request("https://www.google.com/", "GET")


def test_sni_hostname_validation():
    # TODO: make explicit test server with SNI validation
    http = httplib2.Http()
    http.request("https://google.com/", method="GET")