using StellaOps.Cryptography;

namespace StellaOps.Cryptography.Plugin.SimRemote;

internal sealed class SimRemoteSigner : ICryptoSigner
{
    private readonly SimRemoteHttpClient client;

    public SimRemoteSigner(SimRemoteHttpClient client, string algorithmId, string keyId)
    {
        this.client = client ?? throw new ArgumentNullException(nameof(client));
        AlgorithmId = algorithmId ?? throw new ArgumentNullException(nameof(algorithmId));
        KeyId = keyId ?? throw new ArgumentNullException(nameof(keyId));
    }

    public string KeyId { get; }
    public string AlgorithmId { get; }

    public async ValueTask<byte[]> SignAsync(ReadOnlyMemory<byte> data, CancellationToken cancellationToken = default)
    {
        var sig = await client.SignAsync(AlgorithmId, data.ToArray(), cancellationToken).ConfigureAwait(false);
        return Convert.FromBase64String(sig);
    }

    public async ValueTask<bool> VerifyAsync(ReadOnlyMemory<byte> data, ReadOnlyMemory<byte> signature, CancellationToken cancellationToken = default)
    {
        var sigBase64 = Convert.ToBase64String(signature.ToArray());
        return await client.VerifyAsync(AlgorithmId, data.ToArray(), sigBase64, cancellationToken).ConfigureAwait(false);
    }

    public Microsoft.IdentityModel.Tokens.JsonWebKey ExportPublicJsonWebKey()
        => new() { Kid = KeyId, Alg = AlgorithmId, Kty = "oct" };
}