package busauth

import (
	"bytes"
	"crypto/ed25519"
	"encoding/hex"
	"testing"

	cs "fn-registry/functions/cybersecurity"

	"github.com/nats-io/nkeys"
)

// TestNkeyRoundTrip is the dedicated sign/verify round-trip the spec requires
// BEFORE the NATS server depends on this conversion. It proves three things end
// to end: (1) ClientNkey produces a signature callback whose output verifies
// under the derived nkey public key; (2) that signature is exactly the Ed25519
// signature of the same identity (the nkey is the same key, not a new one);
// (3) the nkey public string maps back to the identity's Ed25519 hex, which is
// the key the allowlist is indexed by.
func TestNkeyRoundTrip(t *testing.T) {
	id, err := cs.GenerateIdentity()
	if err != nil {
		t.Fatalf("identity: %v", err)
	}

	pub, sign, err := ClientNkey(id.SignPriv)
	if err != nil {
		t.Fatalf("ClientNkey: %v", err)
	}

	// (1) The callback's signature over a server-style nonce verifies under the
	// public nkey, exactly as the NATS server will verify it.
	nonce := []byte("server-presented-nonce-1234567890")
	sig, err := sign(nonce)
	if err != nil {
		t.Fatalf("sign: %v", err)
	}
	kpPub, err := nkeys.FromPublicKey(pub)
	if err != nil {
		t.Fatalf("FromPublicKey: %v", err)
	}
	if err := kpPub.Verify(nonce, sig); err != nil {
		t.Fatalf("nkey verify failed: %v", err)
	}

	// (2) The signature is the very same bytes as a raw Ed25519 sign with the
	// identity's private key — confirming no separate key material was minted.
	want := ed25519.Sign(ed25519.PrivateKey(id.SignPriv), nonce)
	if !bytes.Equal(sig, want) {
		t.Fatalf("nkey signature differs from Ed25519 signature of the same identity")
	}

	// (3) The nkey public maps back to the identity's Ed25519 hex (allowlist key).
	gotHex, err := SignPubHexFromNkey(pub)
	if err != nil {
		t.Fatalf("SignPubHexFromNkey: %v", err)
	}
	if gotHex != hex.EncodeToString(id.SignPub) {
		t.Fatalf("nkey->hex mismatch: got %s want %s", gotHex, hex.EncodeToString(id.SignPub))
	}

	// And NkeyPublicFromSignPub is consistent with ClientNkey's public.
	pub2, err := NkeyPublicFromSignPub(id.SignPub)
	if err != nil {
		t.Fatalf("NkeyPublicFromSignPub: %v", err)
	}
	if pub2 != pub {
		t.Fatalf("public nkey mismatch between derivations: %s vs %s", pub2, pub)
	}
}

// Error path: a wrong-length private key is rejected, not silently misused.
func TestClientNkeyBadKey(t *testing.T) {
	if _, _, err := ClientNkey([]byte("too-short")); err == nil {
		t.Fatalf("expected error for short private key")
	}
}

// Error path: a non-nkey string does not decode to an allowlist key.
func TestSignPubHexFromNkeyBad(t *testing.T) {
	if _, err := SignPubHexFromNkey("not-a-real-nkey"); err == nil {
		t.Fatalf("expected error decoding a bogus nkey")
	}
}