/**
 * DTOs for the federation enrollment flow (FED-M2-07).
 *
 * CreateEnrollmentTokenDto  — admin generates a single-use enrollment token
 * RedeemEnrollmentTokenDto  — remote peer submits CSR to redeem the token
 */

import { IsInt, IsNotEmpty, IsOptional, IsString, IsUUID, Max, Min } from 'class-validator';

export class CreateEnrollmentTokenDto {
  /** UUID of the federation grant this token will activate on redemption. */
  @IsUUID()
  grantId!: string;

  /** UUID of the peer record that will receive the issued cert on redemption. */
  @IsUUID()
  peerId!: string;

  /**
   * Token lifetime in seconds. Default 900 (15 min). Min 60. Max 900.
   * After this time the token is rejected even if unused.
   */
  @IsOptional()
  @IsInt()
  @Min(60)
  @Max(900)
  ttlSeconds: number = 900;
}

export class RedeemEnrollmentTokenDto {
  /** PEM-encoded PKCS#10 Certificate Signing Request from the remote peer. */
  @IsString()
  @IsNotEmpty()
  csrPem!: string;
}