module Trupanion
  class AuthorizationHeaders
    def initialize(client, request)
      @client = client
      @request = request
    end

    def call
      return default_headers unless request.body

      default_headers.merge(
        "Content-Md5" => md5,
      )
    end

    private

    attr_reader :request, :client

    def default_headers
      @_default_headers ||= {
        "TimeStamp" => timestamp,
        "Content-Type" => "application/json",
        "Content-Length" => "0",
        "Authorization" => authorization_header,
      }
    end

    def md5
      return unless request.body
      @_md5 ||= Digest::MD5.base64digest(request.body.to_json)
    end

    def timestamp
      @_timestamp ||= Time.now.utc.strftime("%a, %d %b %Y %H:%M:%S GMT")
    end

    def http_verb
      @_http_verb ||= request.method.to_s.upcase
    end

    def authorization_header
      "TruID #{client.api_key}:#{authorization_hash}"
    end

    def authorization_hash
      Base64.strict_encode64(
        OpenSSL::HMAC.digest(
          "sha256", client.api_secret, authorization_message
        ),
      )
    end

    def authorization_message
      "#{http_verb}\n#{md5}\napplication/json\n#{timestamp}\n#{request.path}"
    end
  end
end