using Shouldly;
using ZB.MOM.NatsNet.Server;
using ZB.MOM.NatsNet.Server.Auth.CertificateIdentityProvider;

namespace ZB.MOM.NatsNet.Server.Tests.Auth.CertificateIdentityProvider;

/// <summary>
/// Tests for the certidp module, mirroring certidp_test.go and ocsp_responder_test.go.
/// </summary>
public sealed class CertificateIdentityProviderTests
{
    [Theory]
    [InlineData(0, "good")]
    [InlineData(1, "revoked")]
    [InlineData(2, "unknown")]
    [InlineData(42, "unknown")] // Invalid → defaults to unknown (never good)
    public void GetStatusAssertionStr_ShouldMapCorrectly(int input, string expected)
    {
        // Mirror: TestGetStatusAssertionStr
        OcspStatusAssertionExtensions.GetStatusAssertionStr(input).ShouldBe(expected);
    }

    [Fact]
    public void EncodeOCSPRequest_ShouldProduceUrlSafeBase64()
    {
        // Mirror: TestEncodeOCSPRequest
        var data = "test data for OCSP request"u8.ToArray();
        var encoded = OcspResponder.EncodeOCSPRequest(data);

        // Should not contain unescaped base64 chars that are URL-unsafe.
        encoded.ShouldNotContain("+");
        encoded.ShouldNotContain("/");
        encoded.ShouldNotContain("=");

        // Should round-trip: URL-unescape → base64-decode → original bytes.
        var unescaped = Uri.UnescapeDataString(encoded);
        var decoded = Convert.FromBase64String(unescaped);
        decoded.ShouldBe(data);
    }

    [Fact]
    public void ParseOCSPPeer_UnknownField_ReturnsError()
    {
        Dictionary<string, object?> map = new()
        {
            ["unexpected"] = true,
        };

        var (config, err) = OcspHandler.ParseOCSPPeer(map);

        config.ShouldBeNull();
        err.ShouldNotBeNull();
    }
}