/**
 * StoreKit 2 signed-transaction verification.
 *
 * A StoreKit 2 transaction is an Apple JWS whose x5c chain ends at Apple Root
 * CA - G3, so the whole job lives in applejws.ts: walk the chain, check every
 * validity window, pin the root, verify the ES256 signature with the leaf key.
 * This file keeps the typed seam, so tests can swap in a fake and skip real
 * certificates.
 */
import type { JWSTransaction } from "./transaction.ts";
import { verifyAppleJWS } from "./applejws.ts";

/** Verifier signature, so tests can swap in a fake and skip real certificates. */
export type TransactionVerifier = (
  jws: string,
  appleRootSha256: string,
) => Promise<JWSTransaction>;

export const verifyTransactionJWS: TransactionVerifier = async (
  jws,
  appleRootSha256,
) => (await verifyAppleJWS(jws, appleRootSha256)) as JWSTransaction;
