require 'base64'
require 'openssl'

module Cellar
  class AmazonV2RequestSigner
    def initialize(access_key_id, secret_access_key, bucket)
      @access_key_id = access_key_id
      @secret_access_key = secret_access_key
      @bucket = bucket
    end

    def sign(request, key)
      date = Time.now.httpdate
      sig = signature(
        method: request.method,
        key: key,
        date: date,
        checksum: request['Content-MD5'] || '',
        content_type: request.content_type || ''
      )
      request['date'] = date
      request['authorization'] = "AWS #{@access_key_id}:#{sig}"
    end

    def url_signature_params(method:, key:, expires_in:, content_type: '', checksum: '')
      expires = expires_in.from_now.to_i

      {
        AWSAccessKeyId: @access_key_id,
        Expires: expires,
        Signature: signature(method: method, key: key, expires: expires, content_type: content_type, checksum: checksum)
      }
    end

    def signature(method:, key:, expires: '', date: '', content_type: '', checksum: '')
      canonicalized_amz_headers = ""
      canonicalized_resource = "/#{@bucket}/#{key}"
      string_to_sign = "#{method}\n#{checksum}\n#{content_type}\n#{expires}#{date}\n" +
                       "#{canonicalized_amz_headers}#{canonicalized_resource}"
      Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha1'), @secret_access_key, string_to_sign)).strip
    end
  end
end