using System.Runtime.InteropServices;
using Shouldly;
using ZB.MOM.NatsNet.Server.Auth;

namespace ZB.MOM.NatsNet.Server.Tests.Auth;

public sealed class TpmKeyProviderTests
{
    private static bool IsWindows => RuntimeInformation.IsOSPlatform(OSPlatform.Windows);

    [Fact]
    public void LoadJetStreamEncryptionKeyFromTpm_NonWindows_ThrowsPlatformNotSupportedException()
    {
        if (IsWindows)
            return; // This test is for non-Windows only

        var ex = Should.Throw<PlatformNotSupportedException>(() =>
            TpmKeyProvider.LoadJetStreamEncryptionKeyFromTpm("", "keys.json", "password", 22));

        ex.Message.ShouldContain("TPM");
    }

    [Fact]
    public void LoadJetStreamEncryptionKeyFromTpm_Create_ShouldSucceed()
    {
        if (!IsWindows)
            return; // Requires real TPM hardware on Windows

        var tempFile = Path.Combine(Path.GetTempPath(), $"jskeys_{Guid.NewGuid():N}.json");
        try
        {
            if (File.Exists(tempFile)) File.Delete(tempFile);

            var key = TpmKeyProvider.LoadJetStreamEncryptionKeyFromTpm("", tempFile, "password", 22);
            key.ShouldNotBeNullOrEmpty();
        }
        finally
        {
            if (File.Exists(tempFile)) File.Delete(tempFile);
        }
    }
}