import { decodeJwt, decodeProtectedHeader } from 'jose';
import { RevocationStatusList } from './revocationStatusList.js';
import { TokenStatusList } from './tokenStatusList.js';
import { StatusListDecoder } from './statusListDecoderFactory.js';
import { StatusListCredentialResponse } from '../resolvers/statusListCredentialFetcher.js';

export class TokenStatusListDecoder implements StatusListDecoder {
  getEncodedList(
    data: string | StatusListCredentialResponse,
  ): RevocationStatusList {
    if (typeof data !== 'string') {
      throw new Error('TokenStatusList requires a JWT string');
    }

    const header = decodeProtectedHeader(data);
    if (header.typ !== 'statuslist+jwt') {
      throw new Error(
        `Invalid JWT typ: expected 'statuslist+jwt', got '${header.typ ?? 'undefined'}'`,
      );
    }

    const payload = decodeJwt(data) as Record<string, unknown>;
    const statusList = payload['status_list'] as
      | { bits: number; lst: string }
      | undefined;

    if (!statusList) {
      throw new Error('Missing status_list');
    }

    if (typeof statusList.bits !== 'number') {
      throw new Error('Invalid bits');
    }

    if (typeof statusList.lst !== 'string') {
      throw new Error('Invalid lst');
    }

    return TokenStatusList.fromEncoded(statusList.lst, statusList.bits);
  }
}