using System.Buffers.Text;
using System.Security.Cryptography;
using IdentityShroud.Core.Contracts;
using IdentityShroud.Core.Model;
using IdentityShroud.Core.Security;
using IdentityShroud.Core.Security.Keys;
using IdentityShroud.Core.Services;
using IdentityShroud.TestUtils.Substitutes;

namespace IdentityShroud.Api.Tests.Mappers;

public class KeyServiceTests
{
    private readonly IDekEncryptionService _dekEncryptionService = EncryptionServiceSubstitute.CreatePassthrough();

    //private readonly IDataEncryptionService _dataEncryptionService = Substitute.For<IDataEncryptionService>();
    //private readonly IKeyProviderFactory _keyProviderFactory = Substitute.For<IKeyProviderFactory>();

    [Fact]
    public void Test()
    {
        // Setup
        using RSA rsa = RSA.Create(2048);

        RSAParameters parameters = rsa.ExportParameters(includePrivateParameters: false);

        DekId kid = DekId.NewId();
        
        RealmKey realmKey = new()
        {
            Id = new("60bb79cf-4bac-4521-87f2-ac87cc15541f"),
            KeyType = "RSA",
            Key = new(EncryptionServiceSubstitute.KeyId, rsa.ExportPkcs8PrivateKey()),
            CreatedAt = DateTime.UtcNow,
            Priority = 10,
        };
        
        // Act
        KeyService sut = new(_dekEncryptionService, new KeyProviderFactory(), new ClockService());
        var jwk = sut.CreateJsonWebKey(realmKey);

        Assert.NotNull(jwk);
        Assert.Equal("RSA", jwk.KeyType);
        Assert.Equal(realmKey.Id.ToString(), jwk.KeyId);
        Assert.Equal("sig", jwk.Use);
        Assert.Equal(parameters.Exponent, Base64Url.DecodeFromChars(jwk.Exponent));
        Assert.Equal(parameters.Modulus, Base64Url.DecodeFromChars(jwk.Modulus));
    }
}