import {CA_CERT, SERVER_CERT} from "jstests/ssl/libs/ssl_helpers.js";

// Neither tlsCAFile nor tlsUseSystemCA
let opts = {
    tlsMode: "requireTLS",
    tlsCertificateKeyFile: SERVER_CERT,
};
assert.throws(
    () => MongoRunner.runMongod(opts),
    [],
    "MongoD started successfully with neither tlsCAFile nor tlsUseSystemCA",
);
assert(
    rawMongoProgramOutput(".*").includes("The use of TLS without specifying a chain of trust is no longer supported"),
);
clearRawMongoProgramOutput();

// Both tlsCAFile and tlsUseSystemCA
opts = {
    tlsMode: "requireTLS",
    tlsCertificateKeyFile: SERVER_CERT,
    tlsCAFile: CA_CERT,
    setParameter: {tlsUseSystemCA: true},
};
assert.throws(
    () => MongoRunner.runMongod(opts),
    [],
    "MongoD started successfully with both tlsCAFile and tlsUseSystemCA",
);
assert(
    rawMongoProgramOutput(".*").includes("The use of both a CA File and the System Certificate store is not supported"),
);
clearRawMongoProgramOutput();

// Both tlsCAFile and tlsUseSystemCA, also tlsClusterCAFile (which is OK)
opts = {
    tlsMode: "requireTLS",
    tlsCertificateKeyFile: SERVER_CERT,
    tlsCAFile: CA_CERT,
    tlsClusterCAFile: CA_CERT,
    setParameter: {tlsUseSystemCA: true},
};
assert.throws(
    () => MongoRunner.runMongod(opts),
    [],
    "MongoD started successfully with both tlsCAFile and tlsUseSystemCA",
);
assert(
    rawMongoProgramOutput(".*").includes("The use of both a CA File and the System Certificate store is not supported"),
);
clearRawMongoProgramOutput();

// tlsClusterCAFile without tlsCAFile
opts = {
    tlsMode: "requireTLS",
    tlsCertificateKeyFile: SERVER_CERT,
    tlsClusterCAFile: CA_CERT,
};
assert.throws(
    () => MongoRunner.runMongod(opts),
    [],
    "MongoD started successfully with tlsClusterCAFile without tlsCAFile",
);
assert(rawMongoProgramOutput(".*").includes("Specifying a tlsClusterCAFile requires a tlsCAFile also be specified"));
clearRawMongoProgramOutput();

// tlsClusterCAFile without tlsCAFile, also tlsSystemCA (which is ignored in favor of former error)
opts = {
    tlsMode: "requireTLS",
    tlsCertificateKeyFile: SERVER_CERT,
    tlsClusterCAFile: CA_CERT,
    setParameter: {tlsUseSystemCA: true},
};
assert.throws(
    () => MongoRunner.runMongod(opts),
    [],
    "MongoD started successfully with tlsClusterCAFile without tlsCAFile",
);
assert(rawMongoProgramOutput(".*").includes("Specifying a tlsClusterCAFile requires a tlsCAFile also be specified"));