using Microsoft.IdentityModel.Tokens;
using System.Text.Json;
using static StellaOps.Localization.T;

namespace StellaOps.Auth.Security.Dpop;

public sealed partial class DpopProofValidator
{
    private static string NormalizeHtu(Uri uri)
    {
        var builder = new UriBuilder(uri)
        {
            Fragment = null,
            Query = null
        };
        return builder.Uri.ToString();
    }

    private static bool TryDecodeSegment(
        string token,
        int segmentIndex,
        out JsonElement element,
        out string? error)
    {
        element = default;
        error = null;

        var segments = token.Split('.');
        if (segments.Length != 3)
        {
            error = _t("auth.dpop.token_three_segments");
            return false;
        }

        if (segmentIndex < 0 || segmentIndex > 2)
        {
            error = _t("auth.dpop.segment_out_of_range");
            return false;
        }

        try
        {
            var json = Base64UrlEncoder.Decode(segments[segmentIndex]);
            using var document = JsonDocument.Parse(json);
            element = document.RootElement.Clone();
            return true;
        }
        catch (Exception ex)
        {
            error = ex.Message;
            return false;
        }
    }
}