#!/usr/bin/env python3
"""
Docker TLS Connection Test Script
Tests the secure TLS connection to Docker daemon
"""

import os
import sys
import docker
from pathlib import Path


def test_tls_connection():
    """Test Docker TLS connection"""
    print("Testing Docker TLS connection...")

    # Configuration from environment or defaults
    docker_host = os.getenv("DOCKER_HOST", "tcp://host.docker.internal:2376")
    ca_cert = os.getenv("DOCKER_CA_CERT", "/etc/docker/certs/ca.pem")
    client_cert = os.getenv("DOCKER_CLIENT_CERT", "/etc/docker/certs/client-cert.pem")
    client_key = os.getenv("DOCKER_CLIENT_KEY", "/etc/docker/certs/client-key.pem")

    print(f"Docker host: {docker_host}")
    print(f"CA cert: {ca_cert}")
    print(f"Client cert: {client_cert}")
    print(f"Client key: {client_key}")

    # Check if certificate files exist
    cert_files = [ca_cert, client_cert, client_key]
    missing_files = [f for f in cert_files if not Path(f).exists()]

    if missing_files:
        print(f"❌ Missing certificate files: {', '.join(missing_files)}")
        print("Run ./docker/scripts/generate-certs.sh to generate certificates")
        return False

    try:
        # Configure TLS
        tls_config = docker.tls.TLSConfig(
            ca_cert=ca_cert, client_cert=(client_cert, client_key), verify=True
        )

        # Create Docker client
        client = docker.from_env()

        # Override with TLS configuration
        client.api = docker.APIClient(
            base_url=docker_host, tls=tls_config, version="auto"
        )

        # Test connection
        client.ping()
        print("✅ Docker TLS connection successful!")

        # Get Docker info
        info = client.info()
        print(f"✅ Docker daemon info retrieved")
        print(f"   Server Version: {info.get('ServerVersion', 'Unknown')}")
        print(
            f"   Containers: {info.get('Containers', 0)} running, {info.get('ContainersStopped', 0)} stopped"
        )

        return True

    except docker.errors.DockerException as e:
        print(f"❌ Docker TLS connection failed: {e}")
        return False
    except Exception as e:
        print(f"❌ Unexpected error: {e}")
        return False


def test_container_operations():
    """Test basic container operations over TLS"""
    print("\nTesting container operations over TLS...")

    try:
        # This would use the same TLS configuration as the session manager
        from main import SessionManager

        manager = SessionManager()
        print("✅ SessionManager initialized with TLS")

        # Test listing containers
        containers = manager.docker_client.containers.list(all=True)
        print(f"✅ Successfully listed containers: {len(containers)} found")

        return True

    except Exception as e:
        print(f"❌ Container operations test failed: {e}")
        return False


if __name__ == "__main__":
    print("Docker TLS Security Test")
    print("=" * 40)

    # Change to the correct directory if running from project root
    if Path("session-manager").exists():
        os.chdir("session-manager")

    # Run tests
    tls_ok = test_tls_connection()
    ops_ok = test_container_operations() if tls_ok else False

    print("\n" + "=" * 40)
    if tls_ok and ops_ok:
        print("✅ All tests passed! Docker TLS is properly configured.")
        sys.exit(0)
    else:
        print("❌ Some tests failed. Check configuration and certificates.")
        sys.exit(1)