# specific language governing permissions and limitations
# under the License.

# -----------------------------------------------------------------------------
# Apache Maven Encrypt Script
#
# Environment Variable Prerequisites
#
#   JAVA_HOME           (Optional) Points to a Java installation.
#   MAVEN_OPTS          (Optional) Java runtime options used when Maven is executed.

# specific language governing permissions and limitations
# under the License.

# -----------------------------------------------------------------------------
# Apache Maven Encrypt Script
#
# Environment Variable Prerequisites
#
#   JAVA_HOME           (Optional) Points to a Java installation.
#   MAVEN_OPTS          (Optional) Java runtime options used when Maven is executed.

	// the MinIO-internal key derivation.
	MetaIV = "X-Minio-Internal-Server-Side-Encryption-Iv"

	// MetaAlgorithm is the algorithm used to derive internal keys
	// and encrypt the objects.
	MetaAlgorithm = "X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm"

	// MetaSealedKeySSEC is the sealed object encryption key in case of SSE-C.

@REM specific language governing permissions and limitations
@REM under the License.

@REM -----------------------------------------------------------------------------
@REM Apache Maven Encrypt Script
@REM
@REM Environment Variable Prerequisites
@REM
@REM   JAVA_HOME           (Optional) Points to a Java installation.
@REM   MAVEN_BATCH_ECHO    (Optional) Set to 'on' to enable the echoing of the batch commands.

	start_port=$1

	export MINIO_ROOT_USER=minio
	export MINIO_ROOT_PASSWORD=minio123
	export MC_HOST_minio="http://minio:minio123@127.0.0.1:${start_port}/"
	unset MINIO_KMS_AUTO_ENCRYPTION # do not auto-encrypt objects
	export MINIO_CI_CD=1

	MC_BUILD_DIR="mc-$RANDOM"
	if ! git clone --quiet https://github.com/minio/mc "$MC_BUILD_DIR"; then
		echo "failed to download https://github.com/minio/mc"
		purge "${MC_BUILD_DIR}"

    eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m
    0vdXcDazv/wor3ElhVsT/h5/WrQ8
    -----END CERTIFICATE-----
    """.trimIndent().decodeCertificatePem()

  // CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
  val letsEncryptCertificateAuthority =
    """
    -----BEGIN CERTIFICATE-----
    MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/

@REM specific language governing permissions and limitations
@REM under the License.

@REM -----------------------------------------------------------------------------
@REM Apache Maven Encrypt Script
@REM
@REM Environment Variable Prerequisites
@REM
@REM   JAVA_HOME           (Optional) Points to a Java installation.
@REM   MAVEN_BATCH_ECHO    (Optional) Set to 'on' to enable the echoing of the batch commands.

        .toSet()

    // It's safe to assume all platforms will have a major Internet certificate issuer.
    val majorIssuers =
      listOf(
        "DigiCert",
        "Let's Encrypt",
        "ISRG", // Internet Security Research Group (Let's Encrypt parent)
        "GlobalSign",
        "Comodo",
        "Sectigo",
        "GeoTrust",
        "Entrust",
      )
    assertThat(names).matchesPredicate { strings ->

        options.addOption(Option.builder(ENCRYPT_MASTER_PASSWORD)
                .longOpt("encrypt-master-password")
                .hasArg()
                .optionalArg(true)
                .desc("Encrypt master security password")
                .build());
        options.addOption(Option.builder(ENCRYPT_PASSWORD)
                .longOpt("encrypt-password")
                .hasArg()
                .optionalArg(true)

import okhttp3.Request
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.decodeCertificatePem
import org.junit.jupiter.api.Tag
import org.junit.jupiter.api.Test

/**
 * Test for new Let's Encrypt Root Certificate.
 */
@Tag("Remote")
class LetsEncryptClientTest {
  @Test fun get() {
    // These tests wont actually run before Android 8.0 as per
    // https://github.com/mannodermaus/android-junit5