import { encryptAndSign, verifyAndDecrypt } from './crypto';

describe('crypto.ts', () => {
  const secret = 'test-secret-key';
  const data = { foo: 'bar', count: 42 };

  it('should encrypt and decrypt data correctly', () => {
    const encrypted = encryptAndSign(data, secret);
    const decrypted = verifyAndDecrypt(encrypted, secret);
    expect(decrypted).toEqual(data);
  });

  it('should return null if HMAC does not match', () => {
    const encrypted = encryptAndSign(data, secret);
    // Tamper with ciphertext
    const tampered = JSON.stringify({ ...JSON.parse(encrypted), ciphertext: 'invalid' });
    const decrypted = verifyAndDecrypt(tampered, secret);
    expect(decrypted).toBeNull();
  });

  it('should return null if payload is not valid JSON', () => {
    const decrypted = verifyAndDecrypt('not-a-json', secret);
    expect(decrypted).toBeNull();
  });

  it('should return null if ciphertext cannot be decrypted', () => {
    // Valid JSON, but ciphertext is not valid
    const payload = JSON.stringify({ ciphertext: 'invalid', hmac: 'invalid' });
    const decrypted = verifyAndDecrypt(payload, secret);
    expect(decrypted).toBeNull();
  });
});