package main

import (
	"crypto/hmac"
	"crypto/sha1"
	"crypto/sha256"
	"encoding/hex"
	"net/http"
	"testing"
)

func computeHMACSHA256(secret, body string) string {
	mac := hmac.New(sha256.New, []byte(secret))
	mac.Write([]byte(body))
	return "sha256=" + hex.EncodeToString(mac.Sum(nil))
}

func computeHMACSHA1(secret, body string) string {
	mac := hmac.New(sha1.New, []byte(secret))
	mac.Write([]byte(body))
	return "sha1=" + hex.EncodeToString(mac.Sum(nil))
}

func TestNewVerifier_hmacSHA256(t *testing.T) {
	v, err := NewVerifier("hmac-sha256")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if v == nil {
		t.Fatal("expected verifier, got nil")
	}
}

func TestNewVerifier_hmacSHA1(t *testing.T) {
	v, err := NewVerifier("hmac-sha1")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if v == nil {
		t.Fatal("expected verifier, got nil")
	}
}

func TestNewVerifier_unknown(t *testing.T) {
	_, err := NewVerifier("unknown-method")
	if err == nil {
		t.Fatal("expected error for unknown method")
	}
}

func TestHMACSHA256_validSignature(t *testing.T) {
	secret := "test-secret"
	body := `{"action":"push"}`
	sig := computeHMACSHA256(secret, body)

	v, _ := NewVerifier("hmac-sha256")
	headers := http.Header{"X-Hub-Signature-256": {sig}}
	err := v.Verify([]byte(body), headers, secret, "X-Hub-Signature-256")
	if err != nil {
		t.Fatalf("expected valid signature, got error: %v", err)
	}
}

func TestHMACSHA256_invalidSignature(t *testing.T) {
	v, _ := NewVerifier("hmac-sha256")
	headers := http.Header{"X-Hub-Signature-256": {"sha256=deadbeef"}}
	err := v.Verify([]byte("body"), headers, "secret", "X-Hub-Signature-256")
	if err == nil {
		t.Fatal("expected error for invalid signature")
	}
}

func TestHMACSHA256_missingHeader(t *testing.T) {
	v, _ := NewVerifier("hmac-sha256")
	headers := http.Header{}
	err := v.Verify([]byte("body"), headers, "secret", "X-Hub-Signature-256")
	if err == nil {
		t.Fatal("expected error for missing signature header")
	}
}

func TestHMACSHA1_validSignature(t *testing.T) {
	secret := "test-secret"
	body := `{"action":"push"}`
	sig := computeHMACSHA1(secret, body)

	v, _ := NewVerifier("hmac-sha1")
	headers := http.Header{"X-Hub-Signature": {sig}}
	err := v.Verify([]byte(body), headers, secret, "X-Hub-Signature")
	if err != nil {
		t.Fatalf("expected valid signature, got error: %v", err)
	}
}

func TestHMACSHA256_wrongPrefix(t *testing.T) {
	v, _ := NewVerifier("hmac-sha256")
	headers := http.Header{"X-Hub-Signature-256": {"sha1=abc123"}}
	err := v.Verify([]byte("body"), headers, "secret", "X-Hub-Signature-256")
	if err == nil {
		t.Fatal("expected error for wrong prefix")
	}
}

func TestHMACSHA256_invalidHex(t *testing.T) {
	v, _ := NewVerifier("hmac-sha256")
	headers := http.Header{"X-Hub-Signature-256": {"sha256=not-hex!"}}
	err := v.Verify([]byte("body"), headers, "secret", "X-Hub-Signature-256")
	if err == nil {
		t.Fatal("expected error for invalid hex")
	}
}

func TestHMACSHA1_invalidSignature(t *testing.T) {
	v, _ := NewVerifier("hmac-sha1")
	headers := http.Header{"X-Hub-Signature": {"sha1=deadbeef"}}
	err := v.Verify([]byte("body"), headers, "secret", "X-Hub-Signature")
	if err == nil {
		t.Fatal("expected error for invalid signature")
	}
}