namespace StellaOps.Cryptography.Kms;

/// <summary>
/// Configuration for FIDO2-backed signing flows.
/// </summary>
public sealed class Fido2Options
{
    private TimeSpan metadataCacheDuration = TimeSpan.FromMinutes(5);

    /// <summary>
    /// Gets or sets the relying party identifier (rpId) used when registering the credential.
    /// </summary>
    public string RelyingPartyId { get; set; } = string.Empty;

    /// <summary>
    /// Gets or sets the credential identifier (Base64Url encoded string).
    /// </summary>
    public string CredentialId { get; set; } = string.Empty;

    /// <summary>
    /// Gets or sets the PEM-encoded public key associated with the credential.
    /// </summary>
    public string PublicKeyPem { get; set; } = string.Empty;

    /// <summary>
    /// Gets or sets the timestamp when the credential was provisioned.
    /// </summary>
    public DateTimeOffset CreatedAt { get; set; } = DateTimeOffset.UtcNow;

    /// <summary>
    /// Gets or sets the cache duration for metadata lookups.
    /// </summary>
    public TimeSpan MetadataCacheDuration
    {
        get => metadataCacheDuration;
        set => metadataCacheDuration = value <= TimeSpan.Zero ? TimeSpan.FromMinutes(5) : value;
    }

    /// <summary>
    /// Gets or sets an optional authenticator factory hook (mainly for testing or custom integrations).
    /// </summary>
    public Func<IServiceProvider, IFido2Authenticator>? AuthenticatorFactory { get; set; }
}