lmxopcua/tests/ZB.MOM.WW.OtOpcUa.Tests.v1Archive/Security/SecurityProfileResolverTests.cs

using System.Collections.Generic;
using Opc.Ua;
using Shouldly;
using Xunit;
using ZB.MOM.WW.OtOpcUa.Host.OpcUa;

namespace ZB.MOM.WW.OtOpcUa.Tests.Security
{
    public class SecurityProfileResolverTests
    {
        [Fact]
        public void Resolve_DefaultNone_ReturnsSingleNonePolicy()
        {
            var result = SecurityProfileResolver.Resolve(new List<string> { "None" });

            result.Count.ShouldBe(1);
            result[0].SecurityMode.ShouldBe(MessageSecurityMode.None);
            result[0].SecurityPolicyUri.ShouldBe(SecurityPolicies.None);
        }

        [Fact]
        public void Resolve_SignProfile_ReturnsBasic256Sha256Sign()
        {
            var result = SecurityProfileResolver.Resolve(new List<string> { "Basic256Sha256-Sign" });

            result.Count.ShouldBe(1);
            result[0].SecurityMode.ShouldBe(MessageSecurityMode.Sign);
            result[0].SecurityPolicyUri.ShouldBe(SecurityPolicies.Basic256Sha256);
        }

        [Fact]
        public void Resolve_SignAndEncryptProfile_ReturnsBasic256Sha256SignAndEncrypt()
        {
            var result = SecurityProfileResolver.Resolve(new List<string> { "Basic256Sha256-SignAndEncrypt" });

            result.Count.ShouldBe(1);
            result[0].SecurityMode.ShouldBe(MessageSecurityMode.SignAndEncrypt);
            result[0].SecurityPolicyUri.ShouldBe(SecurityPolicies.Basic256Sha256);
        }

        [Fact]
        public void Resolve_MultipleProfiles_ReturnsExpectedPolicies()
        {
            var result = SecurityProfileResolver.Resolve(new List<string>
            {
                "None", "Basic256Sha256-Sign", "Basic256Sha256-SignAndEncrypt"
            });

            result.Count.ShouldBe(3);
            result.ShouldContain(p => p.SecurityMode == MessageSecurityMode.None);
            result.ShouldContain(p => p.SecurityMode == MessageSecurityMode.Sign);
            result.ShouldContain(p => p.SecurityMode == MessageSecurityMode.SignAndEncrypt);
        }

        [Fact]
        public void Resolve_DuplicateProfiles_Deduplicated()
        {
            var result = SecurityProfileResolver.Resolve(new List<string>
            {
                "None", "None", "Basic256Sha256-Sign", "Basic256Sha256-Sign"
            });

            result.Count.ShouldBe(2);
        }

        [Fact]
        public void Resolve_UnknownProfile_SkippedWithWarning()
        {
            var result = SecurityProfileResolver.Resolve(new List<string>
            {
                "None", "SomeUnknownProfile"
            });

            result.Count.ShouldBe(1);
            result[0].SecurityMode.ShouldBe(MessageSecurityMode.None);
        }

        [Fact]
        public void Resolve_EmptyList_FallsBackToNone()
        {
            var result = SecurityProfileResolver.Resolve(new List<string>());

            result.Count.ShouldBe(1);
            result[0].SecurityMode.ShouldBe(MessageSecurityMode.None);
            result[0].SecurityPolicyUri.ShouldBe(SecurityPolicies.None);
        }

        [Fact]
        public void Resolve_NullList_FallsBackToNone()
        {
            var result = SecurityProfileResolver.Resolve(null!);

            result.Count.ShouldBe(1);
            result[0].SecurityMode.ShouldBe(MessageSecurityMode.None);
        }

        [Fact]
        public void Resolve_AllUnknownProfiles_FallsBackToNone()
        {
            var result = SecurityProfileResolver.Resolve(new List<string> { "Bogus", "AlsoBogus" });

            result.Count.ShouldBe(1);
            result[0].SecurityMode.ShouldBe(MessageSecurityMode.None);
        }

        [Fact]
        public void Resolve_CaseInsensitive()
        {
            var result = SecurityProfileResolver.Resolve(new List<string> { "none", "BASIC256SHA256-SIGN" });

            result.Count.ShouldBe(2);
            result.ShouldContain(p => p.SecurityMode == MessageSecurityMode.None);
            result.ShouldContain(p => p.SecurityMode == MessageSecurityMode.Sign);
        }

        [Fact]
        public void Resolve_WhitespaceEntries_Skipped()
        {
            var result = SecurityProfileResolver.Resolve(new List<string> { "", "  ", "None" });

            result.Count.ShouldBe(1);
            result[0].SecurityMode.ShouldBe(MessageSecurityMode.None);
        }

        [Fact]
        public void ValidProfileNames_ContainsExpectedEntries()
        {
            var names = SecurityProfileResolver.ValidProfileNames;

            names.ShouldContain("None");
            names.ShouldContain("Basic256Sha256-Sign");
            names.ShouldContain("Basic256Sha256-SignAndEncrypt");
            names.ShouldContain("Aes128_Sha256_RsaOaep-Sign");
            names.ShouldContain("Aes128_Sha256_RsaOaep-SignAndEncrypt");
            names.ShouldContain("Aes256_Sha256_RsaPss-Sign");
            names.ShouldContain("Aes256_Sha256_RsaPss-SignAndEncrypt");
            names.Count.ShouldBe(7);
        }
    }
}