// SPDX-License-Identifier: BUSL-1.1
// Sprint: SPRINT_4100_0006_0002 - eIDAS Crypto Plugin Tests
using System;
using System.IO;
using System.Net.Http;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Microsoft.Extensions.Logging.Abstractions;
using Microsoft.Extensions.Options;
using StellaOps.Cryptography.Plugin.EIDAS;
using StellaOps.Cryptography.Plugin.EIDAS.Configuration;
using StellaOps.Cryptography.Plugin.EIDAS.Models;

namespace StellaOps.Cryptography.Plugin.EIDAS.Tests;

public partial class EidasCryptoProviderTests : IDisposable
{
    private static readonly DateTimeOffset FixedUtcNow = new(2026, 1, 1, 0, 0, 0, TimeSpan.Zero);
    private const string KeystorePassword = "test-password";

    private readonly HttpClient _httpClient;
    private readonly EidasCryptoProvider _provider;
    private readonly string _keystorePath;

    public EidasCryptoProviderTests()
    {
        _keystorePath = CreateTestKeystore();
        var options = CreateOptions(_keystorePath);

        _httpClient = new HttpClient();
        var tspClient = new TrustServiceProviderClient(
            NullLogger<TrustServiceProviderClient>.Instance,
            _httpClient,
            options);
        var localProvider = new LocalEidasProvider(
            NullLogger<LocalEidasProvider>.Instance,
            options);

        _provider = new EidasCryptoProvider(
            NullLogger<EidasCryptoProvider>.Instance,
            options,
            tspClient,
            localProvider);
    }

    public void Dispose()
    {
        _httpClient.Dispose();

        if (File.Exists(_keystorePath))
        {
            File.Delete(_keystorePath);
        }
    }

    private static IOptions<EidasOptions> CreateOptions(string keystorePath)
    {
        var options = new EidasOptions
        {
            SignatureLevel = SignatureLevel.AdES,
            SignatureFormat = SignatureFormat.CAdES,
            DefaultAlgorithm = "ECDSA-P256",
            DigestAlgorithm = "SHA256",
            Local = new LocalSigningOptions
            {
                Type = "PKCS12",
                Path = keystorePath,
                Password = KeystorePassword
            },
            Tsp = new TspOptions
            {
                Endpoint = "https://tsp.example.com",
                ApiKey = "test-api-key",
                TimeoutSeconds = 30
            }
        };

        options.Keys.Add(new EidasKeyConfig
        {
            KeyId = "test-key-local",
            Source = "local"
        });

        options.Keys.Add(new EidasKeyConfig
        {
            KeyId = "test-key-tsp",
            Source = "tsp"
        });

        return Options.Create(options);
    }

    private static string CreateTestKeystore()
    {
        var path = Path.Combine(Path.GetTempPath(), $"eidas-test-{Guid.NewGuid():N}.p12");

        using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
        var request = new CertificateRequest(
            "CN=StellaOps Test",
            ecdsa,
            HashAlgorithmName.SHA256);

        var notBefore = DateTimeOffset.UtcNow.AddDays(-1);
        var notAfter = DateTimeOffset.UtcNow.AddDays(7);
        using var certificate = request.CreateSelfSigned(notBefore, notAfter);

        var pfxBytes = certificate.Export(X509ContentType.Pfx, KeystorePassword);
        File.WriteAllBytes(path, pfxBytes);

        return path;
    }
}