using StellaOps.Cryptography;
using System;
using static StellaOps.Localization.T;

namespace StellaOps.Configuration;

public sealed partial class AuthorityAckTokenOptions
{
    internal void Validate()
    {
        if (!Enabled)
        {
            return;
        }

        if (string.IsNullOrWhiteSpace(PayloadType))
        {
            throw new InvalidOperationException(_t("config.ack_token.payload_type_required"));
        }

        if (DefaultLifetime <= TimeSpan.Zero)
        {
            throw new InvalidOperationException(_t("config.ack_token.default_lifetime_invalid"));
        }

        if (MaxLifetime <= TimeSpan.Zero || MaxLifetime < DefaultLifetime)
        {
            throw new InvalidOperationException(_t("config.ack_token.max_lifetime_invalid"));
        }

        if (string.IsNullOrWhiteSpace(ActiveKeyId))
        {
            throw new InvalidOperationException(_t("config.ack_token.key_id_required"));
        }

        if (string.IsNullOrWhiteSpace(KeyPath))
        {
            throw new InvalidOperationException(_t("config.ack_token.key_path_required"));
        }

        if (string.IsNullOrWhiteSpace(KeySource))
        {
            KeySource = "file";
        }

        if (string.IsNullOrWhiteSpace(Algorithm))
        {
            Algorithm = SignatureAlgorithms.Es256;
        }

        if (string.IsNullOrWhiteSpace(KeyUse))
        {
            KeyUse = "notify-ack";
        }

        foreach (var additional in AdditionalKeys)
        {
            additional.Validate(KeySource);
        }

        if (JwksCacheLifetime <= TimeSpan.Zero || JwksCacheLifetime > TimeSpan.FromHours(1))
        {
            throw new InvalidOperationException(_t("config.ack_token.jwks_cache_range"));
        }
    }
}