// -----------------------------------------------------------------------------
// ICertificateStatusProvider.cs
// Sprint: SPRINT_20260119_008 Certificate Status Provider
// Task: CSP-001 - Core Abstractions
// Description: Main interface for certificate revocation checking.
// -----------------------------------------------------------------------------

using System.Security.Cryptography.X509Certificates;

namespace StellaOps.Cryptography.CertificateStatus.Abstractions;

/// <summary>
/// Provides certificate revocation status checking via OCSP, CRL, or stapled responses.
/// </summary>
public interface ICertificateStatusProvider
{
    /// <summary>
    /// Checks the revocation status of a certificate.
    /// </summary>
    /// <param name="request">The status check request.</param>
    /// <param name="cancellationToken">Cancellation token.</param>
    /// <returns>The certificate status result.</returns>
    Task<CertificateStatusResult> CheckStatusAsync(
        CertificateStatusRequest request,
        CancellationToken cancellationToken = default);

    /// <summary>
    /// Checks the revocation status of a certificate chain.
    /// </summary>
    /// <param name="chain">The certificate chain to check.</param>
    /// <param name="options">Status check options.</param>
    /// <param name="cancellationToken">Cancellation token.</param>
    /// <returns>Status results for each certificate in the chain.</returns>
    Task<ChainStatusResult> CheckChainStatusAsync(
        X509Chain chain,
        CertificateStatusOptions? options = null,
        CancellationToken cancellationToken = default);

    /// <summary>
    /// Fetches revocation data for stapling (OCSP response and/or CRL).
    /// </summary>
    /// <param name="certificate">The certificate to get revocation data for.</param>
    /// <param name="issuer">The issuer certificate.</param>
    /// <param name="cancellationToken">Cancellation token.</param>
    /// <returns>Stapled revocation data for bundling.</returns>
    Task<StapledRevocationData?> FetchRevocationDataAsync(
        X509Certificate2 certificate,
        X509Certificate2 issuer,
        CancellationToken cancellationToken = default);
}