using System;

namespace StellaOps.Attestor.Envelope;

/// <summary>
/// Represents a DSSE envelope signature (detached from payload).
/// </summary>
public sealed class EnvelopeSignature
{
    private readonly byte[] signature;

    public EnvelopeSignature(string keyId, string algorithmId, ReadOnlySpan<byte> value)
    {
        if (string.IsNullOrWhiteSpace(keyId))
        {
            throw new ArgumentException("Key identifier is required.", nameof(keyId));
        }

        if (string.IsNullOrWhiteSpace(algorithmId))
        {
            throw new ArgumentException("Algorithm identifier is required.", nameof(algorithmId));
        }

        if (value.Length == 0)
        {
            throw new ArgumentException("Signature bytes must not be empty.", nameof(value));
        }

        KeyId = keyId;
        AlgorithmId = algorithmId;
        signature = value.ToArray();
    }

    /// <summary>
    /// Gets the key identifier associated with the signature.
    /// </summary>
    public string KeyId { get; }

    /// <summary>
    /// Gets the signing algorithm identifier.
    /// </summary>
    public string AlgorithmId { get; }

    /// <summary>
    /// Gets the raw signature bytes.
    /// </summary>
    public ReadOnlyMemory<byte> Value => signature;
}