<?php

declare(strict_types=1);

namespace Tests\Unit;

use PHPUnit\Framework\TestCase;
use App\Services\Security\HmacService;

final class HmacTest extends TestCase
{
    private HmacService $service;

    protected function setUp(): void
    {
        $this->service = new HmacService();
    }

    public function test_it_verifies_valid_signature(): void
    {
        $secret = 'test-secret';
        $nonce = 'nonce-123';
        $timestamp = (string)time();
        $payload = json_encode(['foo' => 'bar']);
        
        $signature = $this->service->sign($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $payload);
        
        $this->assertTrue($this->service->verify($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $payload, $signature));
    }

    public function test_it_rejects_tampered_payload(): void
    {
        $secret = 'test-secret';
        $nonce = 'nonce-123';
        $timestamp = (string)time();
        $payload = json_encode(['foo' => 'bar']);
        
        $signature = $this->service->sign($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $payload);
        
        $tamperedPayload = json_encode(['foo' => 'baz']);
        
        $this->assertFalse($this->service->verify($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $tamperedPayload, $signature));
    }
}