namespace StellaOps.Cryptography.Kms;

/// <summary>
/// Configuration for the Google Cloud KMS-backed <see cref="IKmsClient"/>.
/// </summary>
public sealed class GcpKmsOptions
{
    private TimeSpan metadataCacheDuration = TimeSpan.FromMinutes(5);
    private TimeSpan publicKeyCacheDuration = TimeSpan.FromMinutes(10);

    /// <summary>
    /// Gets or sets the service endpoint (default: <c>kms.googleapis.com</c>).
    /// </summary>
    public string Endpoint { get; set; } = "kms.googleapis.com";

    /// <summary>
    /// Gets or sets the cache duration for crypto key metadata lookups.
    /// </summary>
    public TimeSpan MetadataCacheDuration
    {
        get => metadataCacheDuration;
        set => metadataCacheDuration = EnsurePositive(value, TimeSpan.FromMinutes(5));
    }

    /// <summary>
    /// Gets or sets the cache duration for exported public key material.
    /// </summary>
    public TimeSpan PublicKeyCacheDuration
    {
        get => publicKeyCacheDuration;
        set => publicKeyCacheDuration = EnsurePositive(value, TimeSpan.FromMinutes(10));
    }

    /// <summary>
    /// Gets or sets an optional factory that can construct a custom GCP facade (primarily used for testing).
    /// </summary>
    public Func<IServiceProvider, IGcpKmsFacade>? FacadeFactory { get; set; }

    private static TimeSpan EnsurePositive(TimeSpan value, TimeSpan @default)
        => value <= TimeSpan.Zero ? @default : value;
}