using System;
using System.Threading;
using System.Threading.Tasks;

namespace StellaOps.Cryptography.Kms;

public sealed partial class FileKmsClient
{
    public async Task<bool> VerifyAsync(
        string keyId,
        string? keyVersion,
        ReadOnlyMemory<byte> data,
        ReadOnlyMemory<byte> signature,
        CancellationToken cancellationToken = default)
    {
        ArgumentException.ThrowIfNullOrWhiteSpace(keyId);
        if (data.IsEmpty || signature.IsEmpty)
        {
            return false;
        }

        await _mutex.WaitAsync(cancellationToken).ConfigureAwait(false);
        try
        {
            var record = await LoadOrCreateMetadataAsync(keyId, cancellationToken, createIfMissing: false).ConfigureAwait(false);
            if (record is null)
            {
                return false;
            }

            var version = ResolveVersion(record, keyVersion);
            if (string.IsNullOrWhiteSpace(version.PublicKey))
            {
                return false;
            }

            return VerifyData(version.CurveName, version.PublicKey, data.Span, signature.Span);
        }
        finally
        {
            _mutex.Release();
        }
    }
}