// signature_test.go - SignatureVerifier / NoopVerifier / DefaultVerifier 接口契约测试.
//
// 实际的 SHA256IntegrityVerifier / RejectUnsignedVerifier 测试见 integrity_test.go.
// 本文件只测 interface 层 + 空实现 + 默认值.

package plugin

import (
	"testing"
)

// TestNoopVerifier 验证 NoopVerifier 对任何输入返回 nil.
// 这是向后兼容性保证: 已有 plugin (没有 plugin.checksum 文件) 不会因为新
// 默认值失败.
func TestNoopVerifier(t *testing.T) {
	v := NoopVerifier{}
	cases := []struct {
		name     string
		dir      string
		manifest *Manifest
	}{
		{"nil manifest", "/tmp/fake", nil},
		{"empty manifest", "/tmp/fake", &Manifest{}},
		{"full manifest", "/tmp/fake", &Manifest{Name: "test", Version: "1.0.0"}},
	}
	for _, c := range cases {
		t.Run(c.name, func(t *testing.T) {
			if err := v.Verify(c.dir, c.manifest); err != nil {
				t.Errorf("NoopVerifier should return nil, got %v", err)
			}
		})
	}
}

// TestDefaultVerifierIsNoop 确认默认 verifier 当前是 NoopVerifier (宽松模式).
// 如果未来切换默认为 SHA256IntegrityVerifier 或严格模式, 此测试应更新.
func TestDefaultVerifierIsNoop(t *testing.T) {
	v := DefaultVerifier()
	// 走一个不存在的路径, 正常应直接 return nil (NoopVerifier 语义)
	if err := v.Verify("/tmp/nonexistent-dir", nil); err != nil {
		t.Errorf("DefaultVerifier() should pass everything (Noop), got %v", err)
	}
}

// TestVerifierInterface 编译时检查: 确保所有实现都满足 SignatureVerifier 接口.
// 失败表现为编译错误, 而非运行时测试失败 - 用这种方式保护 interface 契约,
// 比 run-time type assertion 更早发现问题.
func TestVerifierInterface(t *testing.T) {
	var _ SignatureVerifier = NoopVerifier{}
	var _ SignatureVerifier = SHA256IntegrityVerifier{}
	var _ SignatureVerifier = RejectUnsignedVerifier{}
	var _ SignatureVerifier = DefaultVerifier()
	var _ SignatureVerifier = NewSHA256IntegrityVerifier()
}