"""Representative scan data fixtures for compliance testing."""

# Sample scan data with realistic values that match the expected structure for the database writer
SAMPLE_SCAN_DATA = {
    "hostname": "test.example.com",
    "ports": [22, 443],
    "scan_results": {
        22: {
            # SSH scan results with the structure expected by the generic writer
            "kex_algorithms": [
                "curve25519-sha256",  # Known to be compliant with BSI standards
                "diffie-hellman-group14-sha256",  # Known to be compliant
                "diffie-hellman-group1-sha1",  # Known to be non-compliant
            ],
            # Expected by the extraction function
            "encryption_algorithms_client_to_server": [
                "chacha20-poly1305@openssh.com",  # Known to be compliant
                "aes256-ctr",  # Known to be compliant
                "aes128-cbc",  # Known to be less secure
            ],
            "encryption_algorithms_server_to_client": [
                "chacha20-poly1305@openssh.com",  # Known to be compliant
                "aes256-ctr",  # Known to be compliant
                "aes128-cbc",  # Known to be less secure
            ],
            # Expected by the extraction function
            "mac_algorithms_client_to_server": [
                "hmac-sha2-256",  # Known to be compliant
                "hmac-sha1",  # Known to be weak
                "hmac-sha2-512",  # Known to be compliant
            ],
            "mac_algorithms_server_to_client": [
                "hmac-sha2-256",  # Known to be compliant
                "hmac-sha1",  # Known to be weak
                "hmac-sha2-512",  # Known to be compliant
            ],
            "host_keys": [
                {
                    "algorithm": "rsa-sha2-512",
                    "type": "rsa",  # Changed from 'key_type' to 'type'
                    "bits": 4096,
                    "fingerprint": "aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:kk:ll:mm:nn:oo:pp",
                },
                {
                    "algorithm": "ecdsa-sha2-nistp256",
                    "type": "ecdsa",  # Changed from 'key_type' to 'type'
                    "bits": 256,
                    "fingerprint": "qq:rr:ss:tt:uu:vv:ww:xx:yy:zz:aa:bb:cc:dd:ee:ff",
                },
                {
                    "algorithm": "ssh-rsa",
                    "type": "rsa",  # Changed from 'key_type' to 'type'
                    "bits": 1024,  # Too weak
                    "fingerprint": "gg:hh:ii:jj:kk:ll:mm:nn:oo:pp:qq:rr:ss:tt:uu:vv",
                },
            ],
        },
        443: {
            "tls_versions": ["TLS_1_2", "TLS_1_3"],
            "cipher_suites": {
                "TLS_1_3": [
                    "TLS_AES_256_GCM_SHA384",  # Known to be compliant
                    "TLS_CHACHA20_POLY1305_SHA256",  # Known to be compliant
                    "TLS_AES_128_GCM_SHA256",  # Known to be compliant
                ],
                "TLS_1_2": [
                    "ECDHE-RSA-AES256-GCM-SHA384",  # Known to be compliant
                    "ECDHE-RSA-AES128-GCM-SHA256",  # Known to be compliant
                    "ECDHE-RSA-AES256-SHA",  # Known to be less secure
                ],
            },
            "supported_groups": [
                "X25519",  # Known to be compliant
                "secp256r1",  # Known to be compliant
                "sect163k1",  # Known to be non-compliant
            ],
            "certificates": [
                {
                    "subject": "CN=test.example.com",
                    "issuer": "CN=Test CA",
                    "key_type": "RSA",
                    "key_bits": 4096,
                    "signature_algorithm": "sha256WithRSAEncryption",
                },
                {
                    "subject": "CN=test.example.com",
                    "issuer": "CN=Weak CA",
                    "key_type": "RSA",
                    "key_bits": 1024,
                    "signature_algorithm": "sha1WithRSAEncryption",
                },
            ],
        },
    },
}