namespace ZB.MOM.NatsNet.Server.Auth.CertificateIdentityProvider;

/// <summary>
/// Error and debug message constants for the OCSP peer identity provider.
/// Mirrors certidp/messages.go.
/// </summary>
public static class OcspMessages
{
    // Returned errors
    public const string ErrIllegalPeerOptsConfig = "expected map to define OCSP peer options, got [{0}]";
    public const string ErrIllegalCacheOptsConfig = "expected map to define OCSP peer cache options, got [{0}]";
    public const string ErrParsingPeerOptFieldGeneric = "error parsing tls peer config, unknown field [\"{0}\"]";
    public const string ErrParsingPeerOptFieldTypeConversion = "error parsing tls peer config, conversion error: {0}";
    public const string ErrParsingCacheOptFieldTypeConversion = "error parsing OCSP peer cache config, conversion error: {0}";
    public const string ErrUnableToPlugTLSEmptyConfig = "unable to plug TLS verify connection, config is nil";
    public const string ErrMTLSRequired = "OCSP peer verification for client connections requires TLS verify (mTLS) to be enabled";
    public const string ErrUnableToPlugTLSClient = "unable to register client OCSP verification";
    public const string ErrUnableToPlugTLSServer = "unable to register server OCSP verification";
    public const string ErrCannotWriteCompressed = "error writing to compression writer: {0}";
    public const string ErrCannotReadCompressed = "error reading compression reader: {0}";
    public const string ErrTruncatedWrite = "short write on body ({0} != {1})";
    public const string ErrCannotCloseWriter = "error closing compression writer: {0}";
    public const string ErrParsingCacheOptFieldGeneric = "error parsing OCSP peer cache config, unknown field [\"{0}\"]";
    public const string ErrUnknownCacheType = "error parsing OCSP peer cache config, unknown type [{0}]";
    public const string ErrInvalidChainlink = "invalid chain link";
    public const string ErrBadResponderHTTPStatus = "bad OCSP responder http status: [{0}]";
    public const string ErrNoAvailOCSPServers = "no available OCSP servers";
    public const string ErrFailedWithAllRequests = "exhausted OCSP responders: {0}";

    // Direct logged errors
    public const string ErrLoadCacheFail = "Unable to load OCSP peer cache: {0}";
    public const string ErrSaveCacheFail = "Unable to save OCSP peer cache: {0}";
    public const string ErrBadCacheTypeConfig = "Unimplemented OCSP peer cache type [{0}]";
    public const string ErrResponseCompressFail = "Unable to compress OCSP response for key [{0}]: {1}";
    public const string ErrResponseDecompressFail = "Unable to decompress OCSP response for key [{0}]: {1}";
    public const string ErrPeerEmptyNoEvent = "Peer certificate is nil, cannot send OCSP peer reject event";
    public const string ErrPeerEmptyAutoReject = "Peer certificate is nil, rejecting OCSP peer";

    // Debug messages
    public const string DbgPlugTLSForKind = "Plugging TLS OCSP peer for [{0}]";
    public const string DbgNumServerChains = "Peer OCSP enabled: {0} TLS server chain(s) will be evaluated";
    public const string DbgNumClientChains = "Peer OCSP enabled: {0} TLS client chain(s) will be evaluated";
    public const string DbgLinksInChain = "Chain [{0}]: {1} total link(s)";
    public const string DbgSelfSignedValid = "Chain [{0}] is self-signed, thus peer is valid";
    public const string DbgValidNonOCSPChain = "Chain [{0}] has no OCSP eligible links, thus peer is valid";
    public const string DbgChainIsOCSPEligible = "Chain [{0}] has {1} OCSP eligible link(s)";
    public const string DbgChainIsOCSPValid = "Chain [{0}] is OCSP valid for all eligible links, thus peer is valid";
    public const string DbgNoOCSPValidChains = "No OCSP valid chains, thus peer is invalid";
    public const string DbgCheckingCacheForCert = "Checking OCSP peer cache for [{0}], key [{1}]";
    public const string DbgCurrentResponseCached = "Cached OCSP response is current, status [{0}]";
    public const string DbgExpiredResponseCached = "Cached OCSP response is expired, status [{0}]";
    public const string DbgOCSPValidPeerLink = "OCSP verify pass for [{0}]";
    public const string DbgMakingCARequest = "Making OCSP CA request to [{0}]";
    public const string DbgResponseExpired = "OCSP response expired: NextUpdate={0}, now={1}, skew={2}";
    public const string DbgResponseTTLExpired = "OCSP response TTL expired: expiry={0}, now={1}, skew={2}";
    public const string DbgResponseFutureDated = "OCSP response is future-dated: ThisUpdate={0}, now={1}, skew={2}";
}