package edgeencrypt

import (
	"context"
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha256"
	_ "embed"
	"testing"

	"github.com/google/uuid"
)

var (
	//go:embed testdata/tlog.json
	tlog []byte
)

func TestEncryptDecryptData(t *testing.T) {
	// Generate RSA key pair
	// we will be using gcp kms for this
	privateKey, err := rsa.GenerateKey(rand.Reader, RSA2048)
	if err != nil {
		t.Fatalf("failed to generate private key: %v", err)
	}
	publicKey := &privateKey.PublicKey

	pemPublicKey, err := ConvertRSAPublicKeyToPEM(publicKey)
	if err != nil {
		t.Fatalf("failed to convert public key to pem: %v", err)
	}

	// Encrypt data
	data, err := EncryptData(pemPublicKey, tlog)
	if err != nil {
		t.Fatalf("failed to encrypt data: %v", err)
	}

	e := &EncryptedData{
		BannerEdgeID: uuid.NewString(),
		Channel:      "my-channel",
		ChannelID:    uuid.NewString(),
		KeyVersion:   "1",
		Data:         data,
	}
	err = e.Valid()
	if err != nil {
		t.Fatalf("invalid encrypted data: %v", err)
	}

	ec := &EncryptionClaims{
		ChannelID: e.ChannelID,
		Channel:   DecryptionJWTSecret,
		Role:      Decryption,
	}
	err = ec.Valid()
	if err != nil {
		t.Fatalf("invalid encryption claims data: %v", err)
	}

	// Decrypt data
	decryptedData, err := DecryptData(context.Background(), e, ec,
		func(_ context.Context, _, _, _ string, aesKey []byte) ([]byte, error) {
			return rsa.DecryptOAEP(sha256.New(), rand.Reader, privateKey, aesKey, nil)
		})
	if err != nil {
		t.Fatalf("failed to decrypt data: %v", err)
	}

	if string(tlog) != string(decryptedData) {
		t.Fatalf("decrypted data is not equal to original data")
	}
}