#!/bin/bash
# tin key test - Test SSH connection to NAS server

set -euo pipefail

# Get tinsnip root and source libraries  
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
TINSNIP_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")"
source "$TINSNIP_ROOT/lib/core.sh"
source "$TINSNIP_ROOT/lib/registry.sh"

show_help() {
    cat << EOF
tin key test - Test SSH connection to NAS server

USAGE:
    tin key test <nas-server> [username]

EXAMPLES:
    tin key test DS412plus.local            # Test connection with current user
    tin key test 192.168.0.206 [username]   # Test connection with specific user
    
DESCRIPTION:
    Tests SSH connectivity to a NAS server using the managed SSH key.
    Verifies that the key is properly installed and working.
    
    Username defaults to current user if not specified.
EOF
}

# Test SSH connection
test_connection() {
    local nas_server="$1"
    local nas_user="${2:-$(whoami)}"
    
    # Check if station is available
    if ! check_tinsnip_station 2>/dev/null; then
        error_with_prefix "Key Test" "topsheet.station-prod not found"
        echo "Set up topsheet first: TIN_SHEET=topsheet tin machine station prod <nas-server>" >&2
        exit 1
    fi
    
    log_with_prefix "Key Test" "Testing SSH connection to: $nas_server"
    echo
    
    local keys_dir="$NAS_CREDENTIALS_DIR/ssh-keys"
    local private_key="$keys_dir/$nas_server.key"
    
    if [[ ! -f "$private_key" ]]; then
        echo "No SSH key found for $nas_server"
        echo "Generate with: tin key generate $nas_server"
        exit 1
    fi
    
    echo "Testing SSH connection..."
    echo "Key file: $private_key"
    echo
    
    # Test SSH connection with timeout
    if timeout 10 ssh -i "$private_key" -o ConnectTimeout=5 -o StrictHostKeyChecking=no -o BatchMode=yes "${nas_user}@$nas_server" "echo 'Connection successful'" 2>/dev/null; then
        echo "✅ SSH connection successful"
        echo "Key is working correctly"
    else
        echo "❌ SSH connection failed"
        echo
        echo "Possible issues:"
        echo "1. Key not installed on NAS server"
        echo "   Try: tin key install $nas_server"
        echo "2. Network connectivity issues"
        echo "3. SSH service not running on NAS"
        echo "4. Key permissions or format issues"
        exit 1
    fi
}

# Main command handler
main() {
    case "${1:-}" in
        help|--help|-h)
            show_help
            ;;
        "")
            echo "Error: NAS server required" >&2
            echo "Usage: tin key test <nas-server> [username]" >&2
            exit 1
            ;;
        *)
            test_connection "$1" "${2:-}"
            ;;
    esac
}

main "$@"