package crypto

import (
	"testing"
)

func TestAESEncryptor(t *testing.T) {
	encryptor := NewAESEncryptor("test-secret-key")

	tests := []struct {
		name      string
		plaintext string
	}{
		{"simple password", "password123"},
		{"harbor password", "BWGDIP@ssw0rd1401#"},
		{"empty string", ""},
		{"long certificate", "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pP"},
		{"unicode", "密码123!@#"},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			// 测试加密
			encrypted, err := encryptor.Encrypt(tt.plaintext)
			if err != nil {
				t.Fatalf("Encrypt failed: %v", err)
			}

			// 空字符串应该返回空
			if tt.plaintext == "" {
				if encrypted != "" {
					t.Errorf("Expected empty encrypted string, got %s", encrypted)
				}
				return
			}

			// 加密后应该不同
			if encrypted == tt.plaintext {
				t.Errorf("Encrypted text should differ from plaintext")
			}

			// 测试解密
			decrypted, err := encryptor.Decrypt(encrypted)
			if err != nil {
				t.Fatalf("Decrypt failed: %v", err)
			}

			// 解密后应该相同
			if decrypted != tt.plaintext {
				t.Errorf("Decrypted text mismatch: got %s, want %s", decrypted, tt.plaintext)
			}
		})
	}
}

func TestMaskSensitiveData(t *testing.T) {
	tests := []struct {
		name     string
		input    string
		expected string
	}{
		{"normal password", "password123", "••••••••"},
		{"empty string", "", ""},
		{"long string", "very-long-password-with-many-characters", "••••••••"},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			result := MaskSensitiveData(tt.input)
			if result != tt.expected {
				t.Errorf("MaskSensitiveData(%s) = %s, want %s", tt.input, result, tt.expected)
			}
		})
	}
}

func TestIsEncrypted(t *testing.T) {
	encryptor := NewAESEncryptor("test-key")

	plaintext := "password123"
	encrypted, _ := encryptor.Encrypt(plaintext)

	tests := []struct {
		name     string
		input    string
		expected bool
	}{
		{"encrypted data", encrypted, true},
		{"plaintext", "password123", false},
		{"empty string", "", false},
		{"short string", "abc", false},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			result := IsEncrypted(tt.input)
			if result != tt.expected {
				t.Errorf("IsEncrypted(%s) = %v, want %v", tt.input, result, tt.expected)
			}
		})
	}
}

func TestEncryptionConsistency(t *testing.T) {
	encryptor := NewAESEncryptor("consistent-key")
	plaintext := "test-password"

	// 多次加密同一内容，结果应该不同（因为使用随机 nonce）
	encrypted1, _ := encryptor.Encrypt(plaintext)
	encrypted2, _ := encryptor.Encrypt(plaintext)

	if encrypted1 == encrypted2 {
		t.Error("Multiple encryptions of same plaintext should produce different ciphertexts")
	}

	// 但解密结果应该相同
	decrypted1, _ := encryptor.Decrypt(encrypted1)
	decrypted2, _ := encryptor.Decrypt(encrypted2)

	if decrypted1 != plaintext || decrypted2 != plaintext {
		t.Error("Decryption should produce original plaintext")
	}
}