using System;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.IdentityModel.Tokens;

namespace StellaOps.Cryptography;

/// <summary>
/// Represents an asymmetric signer capable of producing and verifying detached signatures.
/// </summary>
public interface ICryptoSigner
{
    /// <summary>
    /// Gets the key identifier associated with this signer.
    /// </summary>
    string KeyId { get; }

    /// <summary>
    /// Gets the signing algorithm identifier (e.g., ES256).
    /// </summary>
    string AlgorithmId { get; }

    /// <summary>
    /// Signs the supplied payload bytes.
    /// </summary>
    /// <param name="data">Payload to sign.</param>
    /// <param name="cancellationToken">Cancellation token.</param>
    /// <returns>Signature bytes.</returns>
    ValueTask<byte[]> SignAsync(ReadOnlyMemory<byte> data, CancellationToken cancellationToken = default);

    /// <summary>
    /// Verifies a previously produced signature over the supplied payload bytes.
    /// </summary>
    /// <param name="data">Payload that was signed.</param>
    /// <param name="signature">Signature to verify.</param>
    /// <param name="cancellationToken">Cancellation token.</param>
    /// <returns><c>true</c> when the signature is valid; otherwise <c>false</c>.</returns>
    ValueTask<bool> VerifyAsync(ReadOnlyMemory<byte> data, ReadOnlyMemory<byte> signature, CancellationToken cancellationToken = default);

    /// <summary>
    /// Exports the public representation of the key material as a JSON Web Key (JWK).
    /// </summary>
    /// <returns>Public JWK for distribution (no private components).</returns>
    JsonWebKey ExportPublicJsonWebKey();
}