using System.Diagnostics.CodeAnalysis;

namespace StellaOps.Cryptography.Kms;

/// <summary>
/// Configuration for the AWS KMS-backed <see cref="IKmsClient"/>.
/// </summary>
public sealed class AwsKmsOptions
{
    private TimeSpan metadataCacheDuration = TimeSpan.FromMinutes(5);
    private TimeSpan publicKeyCacheDuration = TimeSpan.FromMinutes(10);

    /// <summary>
    /// Gets or sets the AWS region identifier (e.g. <c>us-east-1</c>).
    /// </summary>
    public string Region { get; set; } = "us-east-1";

    /// <summary>
    /// Gets or sets an optional custom service endpoint (useful for local stacks or VPC endpoints).
    /// </summary>
    public string? Endpoint { get; set; }

    /// <summary>
    /// Gets or sets a value indicating whether to use the FIPS endpoint for AWS KMS.
    /// </summary>
    public bool UseFipsEndpoint { get; set; }

    /// <summary>
    /// Gets or sets the cache duration for key metadata lookups.
    /// </summary>
    public TimeSpan MetadataCacheDuration
    {
        get => metadataCacheDuration;
        set => metadataCacheDuration = EnsurePositive(value, TimeSpan.FromMinutes(5));
    }

    /// <summary>
    /// Gets or sets the cache duration for exported public key material.
    /// </summary>
    public TimeSpan PublicKeyCacheDuration
    {
        get => publicKeyCacheDuration;
        set => publicKeyCacheDuration = EnsurePositive(value, TimeSpan.FromMinutes(10));
    }

    /// <summary>
    /// Gets or sets an optional factory that can provide a custom AWS facade. Primarily used for testing.
    /// </summary>
    public Func<IServiceProvider, IAwsKmsFacade>? FacadeFactory { get; set; }

    private static TimeSpan EnsurePositive(TimeSpan value, TimeSpan @default)
        => value <= TimeSpan.Zero ? @default : value;
}