using System.Security.Cryptography;
using StellaOps.AirGap.Time.Models;
using StellaOps.AirGap.Time.Services;

namespace StellaOps.AirGap.Time.Tests;

public class RoughtimeVerifierTests
{
    [Fact]
    public void ValidEd25519SignaturePasses()
    {
        if (!Ed25519.IsSupported)
        {
            return; // skip on runtimes without Ed25519
        }

        span<byte> seed = stackalloc byte[32];
        RandomNumberGenerator.Fill(seed);
        var key = Ed25519.Create();
        key.GenerateKey(out var publicKey, out var privateKey);

        var message = "hello-roughtime"u8.ToArray();
        var signature = new byte[64];
        Ed25519.Sign(message, privateKey, signature);

        var token = new byte[message.Length + signature.Length];
        Buffer.BlockCopy(message, 0, token, 0, message.Length);
        Buffer.BlockCopy(signature, 0, token, message.Length, signature.Length);

        var verifier = new RoughtimeVerifier();
        var trust = new[] { new TimeTrustRoot("root1", publicKey, "ed25519") };

        var result = verifier.Verify(token, trust, out var anchor);

        Assert.True(result.IsValid);
        Assert.Equal("roughtime-verified", result.Reason);
        Assert.Equal("Roughtime", anchor.Format);
        Assert.Equal("root1", anchor.SignatureFingerprint);
    }
}