package chain

import (
	"testing"

	tocrypto "github.com/tolelom/tolchain/crypto"
)

func TestEncryptDecryptV2_Roundtrip(t *testing.T) {
	s := newTestService()
	priv, _, err := tocrypto.GenerateKeyPair()
	if err != nil {
		t.Fatal(err)
	}
	cipherHex, nonceHex, saltHex, err := s.encryptPrivKeyV2(priv, 42)
	if err != nil {
		t.Fatal(err)
	}
	got, err := s.decryptPrivKeyV2(cipherHex, nonceHex, saltHex, 42)
	if err != nil {
		t.Fatal(err)
	}
	if got.Hex() != priv.Hex() {
		t.Errorf("roundtrip mismatch: got %s, want %s", got.Hex(), priv.Hex())
	}
}

func TestDecryptV2_WrongUserID_Fails(t *testing.T) {
	s := newTestService()
	priv, _, _ := tocrypto.GenerateKeyPair()
	cipherHex, nonceHex, saltHex, _ := s.encryptPrivKeyV2(priv, 42)
	_, err := s.decryptPrivKeyV2(cipherHex, nonceHex, saltHex, 99)
	if err == nil {
		t.Error("expected error for wrong userID")
	}
}

func TestV1V2_DifferentCiphertext(t *testing.T) {
	s := newTestService()
	priv, _, _ := tocrypto.GenerateKeyPair()
	v1cipher, _, _ := s.encryptPrivKey(priv)
	v2cipher, _, _, _ := s.encryptPrivKeyV2(priv, 1)
	if v1cipher == v2cipher {
		t.Error("v1 and v2 should produce different ciphertext")
	}
}