//go:build !darwin
// +build !darwin

package secret

import (
	"fmt"

	"filippo.io/age"
	"github.com/awnumar/memguard"
	"github.com/spf13/afero"
)

// KeychainUnlockerMetadata is a stub for non-Darwin platforms
type KeychainUnlockerMetadata struct {
	UnlockerMetadata
	KeychainItemName string `json:"keychainItemName"`
}

// KeychainUnlocker is a stub for non-Darwin platforms
type KeychainUnlocker struct {
	Directory string
	Metadata  UnlockerMetadata
	fs        afero.Fs
}

var errKeychainNotSupported = fmt.Errorf("keychain unlockers are only supported on macOS")

// GetIdentity returns an error on non-Darwin platforms
func (k *KeychainUnlocker) GetIdentity() (*age.X25519Identity, error) {
	return nil, errKeychainNotSupported
}

// GetType returns the unlocker type
func (k *KeychainUnlocker) GetType() string {
	return "keychain"
}

// GetMetadata returns the unlocker metadata
func (k *KeychainUnlocker) GetMetadata() UnlockerMetadata {
	return k.Metadata
}

// GetDirectory returns the unlocker directory
func (k *KeychainUnlocker) GetDirectory() string {
	return k.Directory
}

// GetID returns the unlocker ID
func (k *KeychainUnlocker) GetID() string {
	return fmt.Sprintf("%s-keychain", k.Metadata.CreatedAt.Format("2006-01-02.15.04"))
}

// GetKeychainItemName returns an error on non-Darwin platforms
func (k *KeychainUnlocker) GetKeychainItemName() (string, error) {
	return "", errKeychainNotSupported
}

// Remove returns an error on non-Darwin platforms
func (k *KeychainUnlocker) Remove() error {
	return errKeychainNotSupported
}

// NewKeychainUnlocker creates a stub KeychainUnlocker on non-Darwin platforms.
// The returned instance's methods that require macOS functionality will return errors.
func NewKeychainUnlocker(fs afero.Fs, directory string, metadata UnlockerMetadata) *KeychainUnlocker {
	return &KeychainUnlocker{
		Directory: directory,
		Metadata:  metadata,
		fs:        fs,
	}
}

// CreateKeychainUnlocker returns an error on non-Darwin platforms
func CreateKeychainUnlocker(_ afero.Fs, _ string) (*KeychainUnlocker, error) {
	return nil, errKeychainNotSupported
}

// getLongTermPrivateKey returns an error on non-Darwin platforms
func getLongTermPrivateKey(_ afero.Fs, _ VaultInterface) (*memguard.LockedBuffer, error) {
	return nil, errKeychainNotSupported
}