package ueps

import (
	"bufio"
	"bytes"
	"testing"
)

// builder := NewPacketBuilder(0x01, []byte("hello")); frame, _ := builder.MarshalAndSign(secret)
// packet, err := ReadAndVerify(bufio.NewReader(bytes.NewReader(frame)), secret)
// // packet.Header.IntentID == 0x01; packet.Payload == []byte("hello")
func TestReader_ReadAndVerify_Good(t *testing.T) {
	sharedSecret := []byte("test-shared-secret")
	payload := []byte("hello world")
	intentID := uint8(0x01)

	builder := NewPacketBuilder(intentID, payload)
	frame, err := builder.MarshalAndSign(sharedSecret)
	if err != nil {
		t.Fatalf("MarshalAndSign failed: %v", err)
	}

	reader := bufio.NewReader(bytes.NewReader(frame))
	packet, err := ReadAndVerify(reader, sharedSecret)

	if err != nil {
		t.Fatalf("ReadAndVerify failed: %v", err)
	}
	if packet == nil {
		t.Fatal("ReadAndVerify returned nil packet")
	}
	if packet.Header.IntentID != intentID {
		t.Errorf("expected IntentID 0x%02x, got 0x%02x", intentID, packet.Header.IntentID)
	}
	if packet.Header.Version != 0x09 {
		t.Errorf("expected Version 0x09, got 0x%02x", packet.Header.Version)
	}
	if !bytes.Equal(packet.Payload, payload) {
		t.Errorf("expected Payload %q, got %q", payload, packet.Payload)
	}
}

// frame[len(frame)-1] ^= 0xFF // corrupt last byte
// packet, err := ReadAndVerify(bufio.NewReader(bytes.NewReader(frame)), secret)
// // err != nil; "integrity violation" in error message
func TestReader_ReadAndVerify_Bad(t *testing.T) {
	sharedSecret := []byte("test-shared-secret")

	builder := NewPacketBuilder(0x02, []byte("sensitive data"))
	frame, err := builder.MarshalAndSign(sharedSecret)
	if err != nil {
		t.Fatalf("MarshalAndSign failed: %v", err)
	}

	corrupted := make([]byte, len(frame))
	copy(corrupted, frame)
	corrupted[len(corrupted)-1] ^= 0xFF

	reader := bufio.NewReader(bytes.NewReader(corrupted))
	packet, err := ReadAndVerify(reader, sharedSecret)

	if err == nil {
		t.Fatal("expected error for corrupted frame, got nil")
	}
	if packet != nil {
		t.Error("expected nil packet for corrupted frame")
	}
}

// frameWithoutHMAC := []byte{TagVersion, 0x01, 0x09, TagPayload, 'x'}
// packet, err := ReadAndVerify(bufio.NewReader(bytes.NewReader(frameWithoutHMAC)), secret)
// // err == errMissingHMAC (no 0x06 HMAC tag present in stream)
func TestReader_ReadAndVerify_Ugly(t *testing.T) {
	frameWithoutHMAC := []byte{
		TagVersion, 0x01, 0x09, // version TLV
		TagPayload, 'x', // payload tag + data; no HMAC TLV precedes it
	}

	reader := bufio.NewReader(bytes.NewReader(frameWithoutHMAC))
	packet, err := ReadAndVerify(reader, []byte("any-secret"))

	if err == nil {
		t.Fatal("expected errMissingHMAC for frame with no HMAC tag, got nil")
	}
	if err != errMissingHMAC {
		t.Errorf("expected errMissingHMAC, got %v", err)
	}
	if packet != nil {
		t.Error("expected nil packet when HMAC tag is absent")
	}
}