using System;
using static StellaOps.Localization.T;

namespace StellaOps.Configuration;

public sealed class AuthoritySealedModeOptions
{
    private static readonly TimeSpan _defaultMaxEvidenceAge = TimeSpan.FromHours(6);
    private static readonly TimeSpan _defaultCacheLifetime = TimeSpan.FromMinutes(1);

    /// <summary>
    /// Enables sealed-mode enforcement for clients that declare the requirement.
    /// </summary>
    public bool EnforcementEnabled { get; set; }

    /// <summary>
    /// Path to the latest authority-sealed-ci.json artefact emitted by sealed-mode CI.
    /// </summary>
    public string EvidencePath { get; set; } = "artifacts/sealed-mode-ci/latest/authority-sealed-ci.json";

    /// <summary>
    /// Maximum age accepted for the sealed evidence document.
    /// </summary>
    public TimeSpan MaxEvidenceAge { get; set; } = _defaultMaxEvidenceAge;

    /// <summary>
    /// Cache lifetime for parsed evidence to avoid re-reading the artefact on every request.
    /// </summary>
    public TimeSpan CacheLifetime { get; set; } = _defaultCacheLifetime;

    public bool RequireAuthorityHealthPass { get; set; } = true;
    public bool RequireSignerHealthPass { get; set; } = true;
    public bool RequireAttestorHealthPass { get; set; } = true;
    public bool RequireEgressProbePass { get; set; } = true;

    internal void Validate()
    {
        if (!EnforcementEnabled)
        {
            return;
        }

        if (string.IsNullOrWhiteSpace(EvidencePath))
        {
            throw new InvalidOperationException(_t("config.sealed_mode.evidence_path_required"));
        }

        if (MaxEvidenceAge <= TimeSpan.Zero || MaxEvidenceAge > TimeSpan.FromDays(7))
        {
            throw new InvalidOperationException(_t("config.sealed_mode.max_age_range"));
        }

        if (CacheLifetime <= TimeSpan.Zero || CacheLifetime > MaxEvidenceAge)
        {
            throw new InvalidOperationException(_t("config.sealed_mode.cache_lifetime_range"));
        }
    }
}