package notify

import (
	"encoding/base64"
	"testing"
)

// TestGenerateVAPIDKeys_PublicKeyIs65Bytes verifies that the public key returned
// by GenerateVAPIDKeys is a 65-byte uncompressed P256 EC point (base64url, no padding = 87 chars)
// and the private key is 32 bytes (43 chars). Previously the return values were swapped.
func TestGenerateVAPIDKeys_PublicKeyIs65Bytes(t *testing.T) {
	pub, priv, err := GenerateVAPIDKeys()
	if err != nil {
		t.Fatalf("GenerateVAPIDKeys: %v", err)
	}

	// Public key: 65 bytes → 87 base64url chars (no padding).
	if len(pub) != 87 {
		t.Errorf("public key: want 87 chars (65 bytes), got %d chars (%q)", len(pub), pub)
	}
	pubBytes, err := base64.RawURLEncoding.DecodeString(pub)
	if err != nil {
		t.Fatalf("public key base64url decode: %v", err)
	}
	if len(pubBytes) != 65 {
		t.Errorf("public key bytes: want 65, got %d", len(pubBytes))
	}
	if pubBytes[0] != 0x04 {
		t.Errorf("public key first byte: want 0x04 (uncompressed point), got 0x%02x", pubBytes[0])
	}

	// Private key: 32 bytes → 43 base64url chars (no padding).
	if len(priv) != 43 {
		t.Errorf("private key: want 43 chars (32 bytes), got %d chars (%q)", len(priv), priv)
	}
	privBytes, err := base64.RawURLEncoding.DecodeString(priv)
	if err != nil {
		t.Fatalf("private key base64url decode: %v", err)
	}
	if len(privBytes) != 32 {
		t.Errorf("private key bytes: want 32, got %d", len(privBytes))
	}
}