Basic FASP support (#34031)

2025-03-28 13:16:40 +01:00 · 2025-03-28 13:16:40 +01:00 · 97b9994743
commit 97b9994743
parent e5fd61a84e
45 changed files with 1423 additions and 1 deletions
--- a/spec/support/fasp/provider_request_helper.rb
+++ b/spec/support/fasp/provider_request_helper.rb
@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+module ProviderRequestHelper
+  private
+
+  def stub_provider_request(provider, path: '/', method: :get, response_status: 200, response_body: '')
+    response_body = encode_body(response_body)
+    response_headers = {
+      'content-type' => 'application/json',
+    }.merge(response_authentication_headers(provider, response_status, response_body))
+
+    stub_request(method, provider.url(path))
+      .to_return do |_request|
+        {
+          status: response_status,
+          body: response_body,
+          headers: response_headers,
+        }
+      end
+  end
+
+  def request_authentication_headers(provider, url: root_url, method: :get, body: '')
+    body = encode_body(body)
+    headers = {}
+    headers['content-digest'] = content_digest(body)
+    request = Linzer.new_request(method, url, {}, headers)
+    key = private_key_for(provider)
+    signature = sign(request, key, %w(@method @target-uri content-digest))
+    headers.merge(signature.to_h)
+  end
+
+  def response_authentication_headers(provider, status, body)
+    headers = {}
+    headers['content-digest'] = content_digest(body)
+    response = Linzer.new_response(body, status, headers)
+    key = private_key_for(provider)
+    signature = sign(response, key, %w(@status content-digest))
+    headers.merge(signature.to_h)
+  end
+
+  def private_key_for(provider)
+    @cached_provider_keys ||= {}
+    @cached_provider_keys[provider] ||=
+      begin
+        key = OpenSSL::PKey.generate_key('ed25519')
+        provider.update!(provider_public_key_pem: key.public_to_pem)
+        key
+      end
+
+    {
+      id: provider.id.to_s,
+      private_key: @cached_provider_keys[provider].private_to_pem,
+    }
+  end
+
+  def sign(request_or_response, key, components)
+    message = Linzer::Message.new(request_or_response)
+    linzer_key = Linzer.new_ed25519_key(key[:private_key], key[:id])
+    Linzer.sign(linzer_key, message, components)
+  end
+
+  def encode_body(body)
+    return body if body.nil? || body.is_a?(String)
+
+    encoder = ActionDispatch::RequestEncoder.encoder(:json)
+    encoder.encode_params(body)
+  end
+
+  def content_digest(content)
+    "sha-256=:#{OpenSSL::Digest.base64digest('sha256', content)}:"
+  end
+end