package webshared

import (
	"crypto/x509"
	"io"
	"net/http"

	"github.com/yaronf/httpsign"

	"git.mstar.dev/mstar/linstrom/config"
)

/*
Links for home:
- https://pkg.go.dev/github.com/yaronf/httpsign#Client.Do
- https://www.ietf.org/archive/id/draft-richanna-http-message-signatures-00.html
- https://github.com/mastodon/mastodon/issues/29905
- https://github.com/fedify-dev/fedify/issues/208
- https://github.com/mastodon/mastodon/issues/21429
- https://github.com/go-ap/fedbox/blob/master/httpsig.go
- https://swicg.github.io/activitypub-http-signature/
- https://datatracker.ietf.org/doc/html/rfc9421
*/

func RequestSigned(
	method, target string,
	body io.Reader,
	keyId string,
	privateKeyBytes []byte,
) (*http.Response, error) {
	req, err := http.NewRequest(method, target, body)
	if err != nil {
		return nil, err
	}
	var signer *httpsign.Signer
	signerFields := httpsign.Headers("@request-target", "content-digest")
	if config.GlobalConfig.Experimental.UseEd25519Keys {
		signer, err = httpsign.NewEd25519Signer(
			privateKeyBytes,
			httpsign.NewSignConfig(),
			signerFields,
		)
	} else {
		key, err := x509.ParsePKCS1PrivateKey(privateKeyBytes)
		if err != nil {
			return nil, err
		}
		signer, err = httpsign.NewRSASigner(*key, httpsign.NewSignConfig(), signerFields)
	}
	client := httpsign.NewClient(
		RequestClient,
		httpsign.NewClientConfig().SetSigner(signer).SetSignatureName("sig1"),
	)
	res, err := client.Do(req)
	return res, err
}