package kate

import (
	"bytes"
	"crypto/rand"
	"fmt"
	"testing"
	"testing/quick"
)

func TestEncryptDecryptRoundtrip(t *testing.T) {
	property := func(data []byte) bool {
		var key [naclKeyLen]byte
		if _, err := rand.Read(key[:]); err != nil {
			return false
		}

		encryption := encryption{Key: key}
		token := encryption.Encrypt(data)
		decryptedData, success := encryption.Decrypt(token)

		if !bytes.Equal(decryptedData, data) {
			fmt.Printf("expected %v, got %v\n", data, decryptedData)
		}
		return success && bytes.Equal(decryptedData, data)
	}

	if err := quick.Check(property, nil); err != nil {
		t.Errorf("Encrypt/Decrypt roundtrip property failed: %v", err)
	}
}

func TestEncryptionFromHexKey(t *testing.T) {
	tests := []struct {
		name    string
		key     string
		wantErr bool
	}{
		{
			name:    "valid hex key",
			key:     "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
			wantErr: false,
		},
		{
			name:    "key too short",
			key:     "0123456789abcdef",
			wantErr: true,
		},
		{
			name:    "key too long",
			key:     "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00",
			wantErr: true,
		},
		{
			name:    "invalid hex characters",
			key:     "0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdef0123456789abcdef",
			wantErr: true,
		},
		{
			name:    "empty key",
			key:     "",
			wantErr: true,
		},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			if _, err := encryptionFromHexKey(tt.key); (err != nil) != tt.wantErr {
				t.Errorf("encryptionFromHexKey() error = %v, wantErr %v", err, tt.wantErr)
			}
		})
	}
}

func TestDecryptInvalidTokens(t *testing.T) {
	var key [naclKeyLen]byte
	if _, err := rand.Read(key[:]); err != nil {
		t.Fatal(err)
	}
	enc := encryption{Key: key}

	tests := []struct {
		name  string
		token string
	}{
		{
			name:  "invalid hex token",
			token: "invalid_hex_string",
		},
		{
			name:  "token with wrong MAC",
			token: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
		},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			data, ok := enc.Decrypt(tt.token)
			if ok {
				t.Errorf("Decrypt() should have failed for %s, but returned data: %v", tt.name, data)
			}
		})
	}
}

func TestEncryptEmptyData(t *testing.T) {
	var key [naclKeyLen]byte
	if _, err := rand.Read(key[:]); err != nil {
		t.Fatal(err)
	}
	enc := encryption{Key: key}

	token := enc.Encrypt([]byte{})
	if token == "" {
		t.Error("Encrypt() should return non-empty token even for empty data")
	}

	data, ok := enc.Decrypt(token)
	if !ok {
		t.Error("Decrypt() should succeed for encrypted empty data")
	}
	if len(data) != 0 {
		t.Errorf("Decrypt() should return empty data, got %v", data)
	}
}

func TestEncryptLargeData(t *testing.T) {
	var key [naclKeyLen]byte
	if _, err := rand.Read(key[:]); err != nil {
		t.Fatal(err)
	}
	enc := encryption{Key: key}

	largeData := make([]byte, 10000)
	if _, err := rand.Read(largeData); err != nil {
		t.Fatal(err)
	}

	token := enc.Encrypt(largeData)
	if token == "" {
		t.Error("Encrypt() should return non-empty token for large data")
	}

	decryptedData, ok := enc.Decrypt(token)
	if !ok {
		t.Error("Decrypt() should succeed for encrypted large data")
	}
	if !bytes.Equal(decryptedData, largeData) {
		t.Error("Decrypt() should return original large data")
	}
}