namespace NATS.Server.Tls;

public static class OcspPeerMessages
{
    // Returned errors
    public const string ErrIllegalPeerOptsConfig = "expected map to define OCSP peer options, got [%T]";
    public const string ErrIllegalCacheOptsConfig = "expected map to define OCSP peer cache options, got [%T]";
    public const string ErrParsingPeerOptFieldGeneric = "error parsing tls peer config, unknown field [%q]";
    public const string ErrParsingPeerOptFieldTypeConversion = "error parsing tls peer config, conversion error: %s";
    public const string ErrParsingCacheOptFieldTypeConversion = "error parsing OCSP peer cache config, conversion error: %s";
    public const string ErrUnableToPlugTLSEmptyConfig = "unable to plug TLS verify connection, config is nil";
    public const string ErrMTLSRequired = "OCSP peer verification for client connections requires TLS verify (mTLS) to be enabled";
    public const string ErrUnableToPlugTLSClient = "unable to register client OCSP verification";
    public const string ErrUnableToPlugTLSServer = "unable to register server OCSP verification";
    public const string ErrCannotWriteCompressed = "error writing to compression writer: %w";
    public const string ErrCannotReadCompressed = "error reading compression reader: %w";
    public const string ErrTruncatedWrite = "short write on body (%d != %d)";
    public const string ErrCannotCloseWriter = "error closing compression writer: %w";
    public const string ErrParsingCacheOptFieldGeneric = "error parsing OCSP peer cache config, unknown field [%q]";
    public const string ErrUnknownCacheType = "error parsing OCSP peer cache config, unknown type [%s]";
    public const string ErrInvalidChainlink = "invalid chain link";
    public const string ErrBadResponderHTTPStatus = "bad OCSP responder http status: [%d]";
    public const string ErrNoAvailOCSPServers = "no available OCSP servers";
    public const string ErrFailedWithAllRequests = "exhausted OCSP responders: %w";

    // Direct logged errors
    public const string ErrLoadCacheFail = "Unable to load OCSP peer cache: %s";
    public const string ErrSaveCacheFail = "Unable to save OCSP peer cache: %s";
    public const string ErrBadCacheTypeConfig = "Unimplemented OCSP peer cache type [%v]";
    public const string ErrResponseCompressFail = "Unable to compress OCSP response for key [%s]: %s";
    public const string ErrResponseDecompressFail = "Unable to decompress OCSP response for key [%s]: %s";
    public const string ErrPeerEmptyNoEvent = "Peer certificate is nil, cannot send OCSP peer reject event";
    public const string ErrPeerEmptyAutoReject = "Peer certificate is nil, rejecting OCSP peer";

    // Debug information
    public const string DbgPlugTLSForKind = "Plugging TLS OCSP peer for [%s]";
    public const string DbgNumServerChains = "Peer OCSP enabled: %d TLS server chain(s) will be evaluated";
    public const string DbgNumClientChains = "Peer OCSP enabled: %d TLS client chain(s) will be evaluated";
    public const string DbgLinksInChain = "Chain [%d]: %d total link(s)";
    public const string DbgSelfSignedValid = "Chain [%d] is self-signed, thus peer is valid";
    public const string DbgValidNonOCSPChain = "Chain [%d] has no OCSP eligible links, thus peer is valid";
    public const string DbgChainIsOCSPEligible = "Chain [%d] has %d OCSP eligible link(s)";
    public const string DbgChainIsOCSPValid = "Chain [%d] is OCSP valid for all eligible links, thus peer is valid";
    public const string DbgNoOCSPValidChains = "No OCSP valid chains, thus peer is invalid";
    public const string DbgCheckingCacheForCert = "Checking OCSP peer cache for [%s], key [%s]";
    public const string DbgCurrentResponseCached = "Cached OCSP response is current, status [%s]";
    public const string DbgExpiredResponseCached = "Cached OCSP response is expired, status [%s]";
    public const string DbgOCSPValidPeerLink = "OCSP verify pass for [%s]";
    public const string DbgCachingResponse = "Caching OCSP response for [%s], key [%s]";
    public const string DbgAchievedCompression = "OCSP response compression ratio: [%f]";
    public const string DbgCacheHit = "OCSP peer cache hit for key [%s]";
    public const string DbgCacheMiss = "OCSP peer cache miss for key [%s]";
    public const string DbgPreservedRevocation = "Revoked OCSP response for key [%s] preserved by cache policy";
    public const string DbgDeletingCacheResponse = "Deleting OCSP peer cached response for key [%s]";
    public const string DbgStartingCache = "Starting OCSP peer cache";
    public const string DbgStoppingCache = "Stopping OCSP peer cache";
    public const string DbgLoadingCache = "Loading OCSP peer cache [%s]";
    public const string DbgNoCacheFound = "No OCSP peer cache found, starting with empty cache";
    public const string DbgSavingCache = "Saving OCSP peer cache [%s]";
    public const string DbgCacheSaved = "Saved OCSP peer cache successfully (%d bytes)";
    public const string DbgMakingCARequest = "Trying OCSP responder url [%s]";
    public const string DbgResponseExpired = "OCSP response NextUpdate [%s] is before now [%s] with clockskew [%s]";
    public const string DbgResponseTTLExpired = "OCSP response cache expiry [%s] is before now [%s] with clockskew [%s]";
    public const string DbgResponseFutureDated = "OCSP response ThisUpdate [%s] is before now [%s] with clockskew [%s]";
    public const string DbgCacheSaveTimerExpired = "OCSP peer cache save timer expired";
    public const string DbgCacheDirtySave = "OCSP peer cache is dirty, saving";

    public const string MsgTLSClientRejectConnection = "client not OCSP valid";
    public const string MsgTLSServerRejectConnection = "server not OCSP valid";
    public const string ErrCAResponderCalloutFail = "Attempt to obtain OCSP response from CA responder for [%s] failed: %s";
    public const string ErrNewCAResponseNotCurrent = "New OCSP CA response obtained for [%s] but not current";
    public const string ErrCAResponseParseFailed = "Could not parse OCSP CA response for [%s]: %s";
    public const string ErrOCSPInvalidPeerLink = "OCSP verify fail for [%s] with CA status [%s]";
    public const string MsgAllowWhenCAUnreachableOccurred = "Failed to obtain OCSP CA response for [%s] but AllowWhenCAUnreachable set; no cached revocation so allowing";
    public const string MsgAllowWhenCAUnreachableOccurredCachedRevoke = "Failed to obtain OCSP CA response for [%s] but AllowWhenCAUnreachable set; cached revocation exists so rejecting";
    public const string MsgAllowWarnOnlyOccurred = "OCSP verify fail for [%s] but WarnOnly is true so allowing";
    public const string MsgCacheOnline = "OCSP peer cache online, type [%s]";
    public const string MsgCacheOffline = "OCSP peer cache offline, type [%s]";
    public const string MsgFailedOCSPResponseFetch = "Failed OCSP response fetch";
    public const string MsgOCSPResponseNotEffective = "OCSP response not in effectivity window";
    public const string MsgFailedOCSPResponseParse = "Failed OCSP response parse";
    public const string MsgOCSPResponseInvalidStatus = "Invalid OCSP response status: %s";
    public const string MsgOCSPResponseDelegationInvalid = "Invalid OCSP response delegation: %s";
    public const string MsgCachedOCSPResponseInvalid = "Invalid cached OCSP response for [%s] with fingerprint [%s]";
}