package telegram

import (
	"encoding/base64"
	"testing"
)

func mustKey(t *testing.T) string {
	t.Helper()
	// 32 zero-bytes → stable base64 for test determinism.
	return base64.StdEncoding.EncodeToString(make([]byte, 32))
}

func TestCryptoRoundTrip(t *testing.T) {
	c, err := NewCrypto(mustKey(t))
	if err != nil {
		t.Fatal(err)
	}
	ct, err := c.Encrypt("xing")
	if err != nil {
		t.Fatal(err)
	}
	pt, err := c.Decrypt(ct)
	if err != nil {
		t.Fatal(err)
	}
	if pt != "xing" {
		t.Errorf("roundtrip got %q want %q", pt, "xing")
	}
}

func TestCryptoRejectsShortKey(t *testing.T) {
	short := base64.StdEncoding.EncodeToString(make([]byte, 16))
	if _, err := NewCrypto(short); err == nil {
		t.Error("expected err for 16-byte key")
	}
}

func TestCryptoRejectsTamperedCiphertext(t *testing.T) {
	c, _ := NewCrypto(mustKey(t))
	ct, _ := c.Encrypt("secret")
	ct[len(ct)-1] ^= 0xFF
	if _, err := c.Decrypt(ct); err == nil {
		t.Error("expected tamper detection")
	}
}

func TestCryptoNonceRandomness(t *testing.T) {
	c, _ := NewCrypto(mustKey(t))
	a, _ := c.Encrypt("same")
	b, _ := c.Encrypt("same")
	if string(a) == string(b) {
		t.Error("identical ciphertexts imply nonce reuse")
	}
}