using Microsoft.IdentityModel.Tokens;
using System;
using System.Security.Cryptography;
using static StellaOps.Localization.T;

namespace StellaOps.Cryptography.Kms;

public sealed partial class Fido2KmsClient
{
    private static byte[] ComputeSha256(ReadOnlyMemory<byte> data)
    {
        var digest = new byte[32];
        if (!SHA256.TryHashData(data.Span, digest, out _))
        {
            throw new InvalidOperationException(_t("crypto.kms.hash_failed"));
        }

        return digest;
    }

    private void ThrowIfDisposed()
    {
        if (_disposed)
        {
            throw new ObjectDisposedException(nameof(Fido2KmsClient));
        }
    }

    private static string ResolveCurveName(ECCurve curve)
    {
        var oid = curve.Oid?.Value;
        return oid switch
        {
            "1.2.840.10045.3.1.7" => JsonWebKeyECTypes.P256,
            "1.3.132.0.34" => JsonWebKeyECTypes.P384,
            "1.3.132.0.35" => JsonWebKeyECTypes.P521,
            _ => throw new InvalidOperationException(_t("crypto.fido2.curve_unsupported", oid ?? string.Empty)),
        };
    }
}