using Microsoft.AspNetCore.Authentication;
using StellaOps.Signer.Infrastructure;
using StellaOps.Signer.Infrastructure.Options;
using StellaOps.Signer.WebService.Endpoints;
using StellaOps.Signer.WebService.Security;
using StellaOps.Cryptography.DependencyInjection;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddLogging();
builder.Services.AddAuthentication(StubBearerAuthenticationDefaults.AuthenticationScheme)
    .AddScheme<AuthenticationSchemeOptions, StubBearerAuthenticationHandler>(
        StubBearerAuthenticationDefaults.AuthenticationScheme,
        _ => { });

builder.Services.AddAuthorization();

builder.Services.AddSignerPipeline();
builder.Services.Configure<SignerEntitlementOptions>(options =>
{
    options.Tokens["valid-poe"] = new SignerEntitlementDefinition(
        LicenseId: "LIC-TEST",
        CustomerId: "CUST-TEST",
        Plan: "pro",
        MaxArtifactBytes: 128 * 1024,
        QpsLimit: 5,
        QpsRemaining: 5,
        ExpiresAtUtc: DateTimeOffset.UtcNow.AddHours(1));
});
builder.Services.Configure<SignerReleaseVerificationOptions>(options =>
{
    options.TrustedScannerDigests.Add("sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef");
});
builder.Services.Configure<SignerCryptoOptions>(_ => { });
builder.Services.AddStellaOpsCryptoRu(builder.Configuration, CryptoProviderRegistryValidator.EnforceRuLinuxDefaults);

var app = builder.Build();

app.UseAuthentication();
app.UseAuthorization();

app.MapGet("/", () => Results.Ok("StellaOps Signer service ready."));
app.MapSignerEndpoints();

app.Run();

public partial class Program;