glitch-soc/spec/support/fasp/provider_request_helper.rb

# frozen_string_literal: true

module ProviderRequestHelper
  private

  def stub_provider_request(provider, path: '/', method: :get, response_status: 200, response_body: '')
    response_body = encode_body(response_body)
    response_headers = {
      'content-type' => 'application/json',
    }.merge(response_authentication_headers(provider, response_status, response_body))

    stub_request(method, provider.url(path))
      .to_return do |_request|
        {
          status: response_status,
          body: response_body,
          headers: response_headers,
        }
      end
  end

  def request_authentication_headers(provider, url: root_url, method: :get, body: '')
    body = encode_body(body)
    headers = {}
    headers['content-digest'] = content_digest(body)
    request = Linzer.new_request(method, url, {}, headers)
    key = private_key_for(provider)
    signature = sign(request, key, %w(@method @target-uri content-digest))
    headers.merge(signature.to_h)
  end

  def response_authentication_headers(provider, status, body)
    headers = {}
    headers['content-digest'] = content_digest(body)
    response = Linzer.new_response(body, status, headers)
    key = private_key_for(provider)
    signature = sign(response, key, %w(@status content-digest))
    headers.merge(signature.to_h)
  end

  def private_key_for(provider)
    @cached_provider_keys ||= {}
    @cached_provider_keys[provider] ||=
      begin
        key = OpenSSL::PKey.generate_key('ed25519')
        provider.update!(provider_public_key_pem: key.public_to_pem)
        key
      end

    {
      id: provider.id.to_s,
      private_key: @cached_provider_keys[provider].private_to_pem,
    }
  end

  def sign(request_or_response, key, components)
    message = Linzer::Message.new(request_or_response)
    linzer_key = Linzer.new_ed25519_key(key[:private_key], key[:id])
    Linzer.sign(linzer_key, message, components)
  end

  def encode_body(body)
    return body if body.nil? || body.is_a?(String)

    encoder = ActionDispatch::RequestEncoder.encoder(:json)
    encoder.encode_params(body)
  end

  def content_digest(content)
    "sha-256=:#{OpenSSL::Digest.base64digest('sha256', content)}:"
  end
end