package security

import (
	"context"
)

// KMS handles key management
type KMS struct {
	provider KMSProvider
}

// NewKMS creates a new KMS handler
func NewKMS(provider KMSProvider) *KMS {
	return &KMS{provider: provider}
}

// KMSProvider interface for key management
type KMSProvider interface {
	Encrypt(ctx context.Context, keyID string, data []byte) ([]byte, error)
	Decrypt(ctx context.Context, keyID string, encrypted []byte) ([]byte, error)
	Sign(ctx context.Context, keyID string, data []byte) ([]byte, error)
}

// Encrypt encrypts data using KMS
func (k *KMS) Encrypt(ctx context.Context, keyID string, data []byte) ([]byte, error) {
	return k.provider.Encrypt(ctx, keyID, data)
}

// Decrypt decrypts data using KMS
func (k *KMS) Decrypt(ctx context.Context, keyID string, encrypted []byte) ([]byte, error) {
	return k.provider.Decrypt(ctx, keyID, encrypted)
}

// Sign signs data using KMS
func (k *KMS) Sign(ctx context.Context, keyID string, data []byte) ([]byte, error) {
	return k.provider.Sign(ctx, keyID, data)
}