"""Tests for encryption module."""

import pytest
from pathlib import Path
import tempfile


class TestEncryption:
    """Test cases for encryption module."""

    def test_derive_key(self):
        """Test key derivation from passphrase."""
        from env_pro.core.encryption import derive_key, generate_salt

        passphrase = "test-passphrase"
        salt = generate_salt()

        key1 = derive_key(passphrase, salt)
        key2 = derive_key(passphrase, salt)

        assert len(key1) == 32
        assert key1 == key2

    def test_generate_key(self):
        """Test random key generation."""
        from env_pro.core.encryption import generate_key, verify_key

        key = generate_key()
        assert verify_key(key)
        assert len(key) == 32

    def test_generate_salt(self):
        """Test salt generation."""
        from env_pro.core.encryption import generate_salt

        salt = generate_salt()
        assert len(salt) == 16

    def test_generate_nonce(self):
        """Test nonce generation."""
        from env_pro.core.encryption import generate_nonce

        nonce = generate_nonce()
        assert len(nonce) == 12

    def test_encrypt_decrypt_value(self, mocker):
        """Test encryption and decryption of a value."""
        from env_pro.core.encryption import (
            encrypt_value, decrypt_value, generate_key, store_key_in_keyring
        )

        mocker.patch('keyring.set_password', return_value=None)
        mocker.patch('keyring.get_password', return_value=None)

        key = generate_key()
        store_key_in_keyring(key)

        original = "my-secret-value"
        encrypted = encrypt_value(original, key)
        decrypted = decrypt_value(encrypted, key)

        assert decrypted == original
        assert encrypted != original

    def test_encrypt_value_different_each_time(self):
        """Test that encryption produces different outputs."""
        from env_pro.core.encryption import encrypt_value, generate_key

        key = generate_key()
        original = "same-value"

        encrypted1 = encrypt_value(original, key)
        encrypted2 = encrypt_value(original, key)

        assert encrypted1 != encrypted2

    def test_encrypt_file_structure(self):
        """Test file encryption produces valid structure."""
        from env_pro.core.encryption import encrypt_file, generate_key

        key = generate_key()
        content = "DATABASE_URL=postgresql://localhost:5432/db\nDEBUG=true"

        result = encrypt_file(content, key)

        assert "salt" in result
        assert "nonce" in result
        assert "ciphertext" in result

    def test_decrypt_file(self):
        """Test file decryption."""
        from env_pro.core.encryption import encrypt_file, decrypt_file, generate_key

        key = generate_key()
        original = "SECRET_KEY=my-secret\nAPI_KEY=12345"

        encrypted = encrypt_file(original, key)
        decrypted = decrypt_file(encrypted, key)

        assert decrypted == original


class TestEncryptionErrors:
    """Test cases for encryption errors."""

    def test_invalid_encrypted_value(self):
        """Test decryption of invalid data."""
        from env_pro.core.encryption import decrypt_value, EncryptionError

        with pytest.raises(EncryptionError):
            decrypt_value("invalid-base64-data!!!")