<?php

namespace App\Services;

// use PHPUnit\Framework\TestCase;

class BcaSignatureService
{
    
    public function generateSignature($method, $relativeUrl, $accessToken, $body, $timestamp, $apiSecret)
    {
        $bodyHash = hash('sha256', $body);

        $stringToSign = strtoupper($method) . ':' .
                        $relativeUrl . ':' .
                        $accessToken . ':' .
                        strtolower($bodyHash) . ':' .
                        $timestamp;

        return hash_hmac('sha256', $stringToSign, $apiSecret);
    }

    // public function test_generate_signature_post()
    // {
    //     $method = 'POST';
    //     $relativeUrl = '/test/api';
    //     $accessToken = 'dummy_token';
    //     $timestamp = '2026-04-10T10:00:00.000+07:00';
    //     $apiSecret = 'secret123';

    //     $body = json_encode([
    //         "foo" => "bar"
    //     ]);

    //     $signature = $this->generateSignature(
    //         $method,
    //         $relativeUrl,
    //         $accessToken,
    //         $body,
    //         $timestamp,
    //         $apiSecret
    //     );

    //     // Expected manual calculation (hardcode hasil dari tool / Postman)
    //     $expected = hash_hmac('sha256',
    //         'POST:/test/api:dummy_token:' . hash('sha256', $body) . ':' . $timestamp,
    //         $apiSecret
    //     );

    //     $this->assertEquals($expected, $signature);
    // }

    // public function test_generate_signature_get_empty_body()
    // {
    //     $method = 'GET';
    //     $relativeUrl = '/test/api';
    //     $accessToken = 'dummy_token';
    //     $timestamp = '2026-04-10T10:00:00.000+07:00';
    //     $apiSecret = 'secret123';

    //     $body = '';

    //     $signature = $this->generateSignature(
    //         $method,
    //         $relativeUrl,
    //         $accessToken,
    //         $body,
    //         $timestamp,
    //         $apiSecret
    //     );

    //     $expectedBodyHash = hash('sha256', '');

    //     $expected = hash_hmac('sha256',
    //         'GET:/test/api:dummy_token:' . $expectedBodyHash . ':' . $timestamp,
    //         $apiSecret
    //     );

    //     $this->assertEquals($expected, $signature);
    // }

    // public function test_string_to_sign_format()
    // {
    //     $method = 'post'; // sengaja lowercase
    //     $relativeUrl = '/test/api';
    //     $accessToken = 'token';
    //     $timestamp = '2026-04-10T10:00:00.000+07:00';
    //     $body = '{"a":1}';

    //     $bodyHash = hash('sha256', $body);

    //     $stringToSign = strtoupper($method) . ':' .
    //                     $relativeUrl . ':' .
    //                     $accessToken . ':' .
    //                     strtolower($bodyHash) . ':' .
    //                     $timestamp;

    //     $this->assertStringStartsWith('POST:', $stringToSign);
    //     $this->assertStringContainsString($relativeUrl, $stringToSign);
    //     $this->assertStringContainsString($accessToken, $stringToSign);
    // }
}