#
# Author:: Adam Jacob (<adam@opscode.com>)
# Author:: Christopher Brown (<cb@opscode.com>)
# Author:: Daniel DeLeo (<dan@opscode.com>)
# Copyright:: Copyright (c) 2008 Opscode, Inc.
# Copyright:: Copyright (c) 2010 Opscode, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

require 'spec_helper'
require 'uri'
require 'net/https'

KEY_DOT_PEM=<<-END_RSA_KEY
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA49TA0y81ps0zxkOpmf5V4/c4IeR5yVyQFpX3JpxO4TquwnRh
8VSUhrw8kkTLmB3cS39Db+3HadvhoqCEbqPE6915kXSuk/cWIcNozujLK7tkuPEy
YVsyTioQAddSdfe+8EhQVf3oHxaKmUd6waXrWqYCnhxgOjxocenREYNhZ/OETIei
PbOku47vB4nJK/0GhKBytL2XnsRgfKgDxf42BqAi1jglIdeq8lAWZNF9TbNBU21A
O1iuT7Pm6LyQujhggPznR5FJhXKRUARXBJZawxpGV4dGtdcahwXNE4601aXPra+x
PcRd2puCNoEDBzgVuTSsLYeKBDMSfs173W1QYwIDAQABAoIBAGF05q7vqOGbMaSD
2Q7YbuE/JTHKTBZIlBI1QC2x+0P5GDxyEFttNMOVzcs7xmNhkpRw8eX1LrInrpMk
WsIBKAFFEfWYlf0RWtRChJjNl+szE9jQxB5FJnWtJH/FHa78tR6PsF24aQyzVcJP
g0FGujBihwgfV0JSCNOBkz8MliQihjQA2i8PGGmo4R4RVzGfxYKTIq9vvRq/+QEa
Q4lpVLoBqnENpnY/9PTl6JMMjW2b0spbLjOPVwDaIzXJ0dChjNXo15K5SHI5mALJ
I5gN7ODGb8PKUf4619ez194FXq+eob5YJdilTFKensIUvt3YhP1ilGMM+Chi5Vi/
/RCTw3ECgYEA9jTw4wv9pCswZ9wbzTaBj9yZS3YXspGg26y6Ohq3ZmvHz4jlT6uR
xK+DDcUiK4072gci8S4Np0fIVS7q6ivqcOdzXPrTF5/j+MufS32UrBbUTPiM1yoO
ECcy+1szl/KoLEV09bghPbvC58PFSXV71evkaTETYnA/F6RK12lEepcCgYEA7OSy
bsMrGDVU/MKJtwqyGP9ubA53BorM4Pp9VVVSCrGGVhb9G/XNsjO5wJC8J30QAo4A
s59ZzCpyNRy046AB8jwRQuSwEQbejSdeNgQGXhZ7aIVUtuDeFFdaIz/zjVgxsfj4
DPOuzieMmJ2MLR4F71ocboxNoDI7xruPSE8dDhUCgYA3vx732cQxgtHwAkeNPJUz
dLiE/JU7CnxIoSB9fYUfPLI+THnXgzp7NV5QJN2qzMzLfigsQcg3oyo6F2h7Yzwv
GkjlualIRRzCPaCw4Btkp7qkPvbs1QngIHALt8fD1N69P3DPHkTwjG4COjKWgnJq
qoHKS6Fe/ZlbigikI6KsuwKBgQCTlSLoyGRHr6oj0hqz01EDK9ciMJzMkZp0Kvn8
OKxlBxYW+jlzut4MQBdgNYtS2qInxUoAnaz2+hauqhSzntK3k955GznpUatCqx0R
b857vWviwPX2/P6+E3GPdl8IVsKXCvGWOBZWTuNTjQtwbDzsUepWoMgXnlQJSn5I
YSlLxQKBgQD16Gw9kajpKlzsPa6XoQeGmZALT6aKWJQlrKtUQIrsIWM0Z6eFtX12
2jjHZ0awuCQ4ldqwl8IfRogWMBkHOXjTPVK0YKWWlxMpD/5+bGPARa5fir8O1Zpo
Y6S6MeZ69Rp89ma4ttMZ+kwi1+XyHqC/dlcVRW42Zl5Dc7BALRlJjQ==
-----END RSA PRIVATE KEY-----
  END_RSA_KEY


describe Chef::REST::AuthCredentials do
  before do
    @key_file_fixture = CHEF_SPEC_DATA + '/ssl/private_key.pem'
    @key = OpenSSL::PKey::RSA.new(IO.read(@key_file_fixture).strip)
    @auth_credentials = Chef::REST::AuthCredentials.new("client-name", @key)
  end

  it "has a client name" do
    @auth_credentials.client_name.should == "client-name"
  end

  it "loads the private key when initialized with the path to the key" do
    @auth_credentials.key.should respond_to(:private_encrypt)
    @auth_credentials.key.to_s.should == KEY_DOT_PEM
  end

  describe "when loading the private key" do
    it "strips extra whitespace before checking the key" do
      key_file_fixture = CHEF_SPEC_DATA + '/ssl/private_key_with_whitespace.pem'
      lambda {Chef::REST::AuthCredentials.new("client-name", @key_file_fixture)}.should_not raise_error
    end
  end

  describe "generating signature headers for a request" do
    before do
      @request_time = Time.at(1270920860)
      @request_params = {:http_method => :POST, :path => "/clients", :body => '{"some":"json"}', :host => "localhost"}
    end

    it "generates signature headers for the request" do
      Time.stub(:now).and_return(@request_time)
      actual = @auth_credentials.signature_headers(@request_params)
      actual["HOST"].should                    == "localhost"
      actual["X-OPS-AUTHORIZATION-1"].should == "kBssX1ENEwKtNYFrHElN9vYGWS7OeowepN9EsYc9csWfh8oUovryPKDxytQ/"
      actual["X-OPS-AUTHORIZATION-2"].should == "Wc2/nSSyxdWJjjfHzrE+YrqNQTaArOA7JkAf5p75eTUonCWcvNPjFrZVgKGS"
      actual["X-OPS-AUTHORIZATION-3"].should == "yhzHJQh+lcVA9wwARg5Hu9q+ddS8xBOdm3Vp5atl5NGHiP0loiigMYvAvzPO"
      actual["X-OPS-AUTHORIZATION-4"].should == "r9853eIxwYMhn5hLGhAGFQznJbE8+7F/lLU5Zmk2t2MlPY8q3o1Q61YD8QiJ"
      actual["X-OPS-AUTHORIZATION-5"].should ==  "M8lIt53ckMyUmSU0DDURoiXLVkE9mag/6Yq2tPNzWq2AdFvBqku9h2w+DY5k"
      actual["X-OPS-AUTHORIZATION-6"].should == "qA5Rnzw5rPpp3nrWA9jKkPw4Wq3+4ufO2Xs6w7GCjA=="
      actual["X-OPS-CONTENT-HASH"].should == "1tuzs5XKztM1ANrkGNPah6rW9GY="
      actual["X-OPS-SIGN"].should         =~ %r{(version=1\.0)|(algorithm=sha1;version=1.0;)}
      actual["X-OPS-TIMESTAMP"].should    == "2010-04-10T17:34:20Z"
      actual["X-OPS-USERID"].should       == "client-name"

    end

    describe "when configured for version 1.1 of the authn protocol" do
      before do
        Chef::Config[:authentication_protocol_version] = "1.1"
      end

      after do
        Chef::Config[:authentication_protocol_version] = "1.0"
      end

      it "generates the correct signature for version 1.1" do
        Time.stub(:now).and_return(@request_time)
        actual = @auth_credentials.signature_headers(@request_params)
        actual["HOST"].should                    == "localhost"
        actual["X-OPS-CONTENT-HASH"].should == "1tuzs5XKztM1ANrkGNPah6rW9GY="
        actual["X-OPS-SIGN"].should         == "algorithm=sha1;version=1.1;"
        actual["X-OPS-TIMESTAMP"].should    == "2010-04-10T17:34:20Z"
        actual["X-OPS-USERID"].should       == "client-name"

        # mixlib-authN will test the actual signature stuff for each version of
        # the protocol so we won't test it again here.
      end
    end
  end
end

describe Chef::REST::RESTRequest do
  def new_request(method=nil)
    method ||= :POST
    Chef::REST::RESTRequest.new(method, @url, @req_body, @headers)
  end

  before do
    @auth_credentials = Chef::REST::AuthCredentials.new("client-name", CHEF_SPEC_DATA + '/ssl/private_key.pem')
    @url = URI.parse("http://chef.example.com:4000/?q=chef_is_awesome")
    @req_body = '{"json_data":"as_a_string"}'
    @headers = { "Content-type" =>"application/json",
                 "Accept"=>"application/json",
                 "Accept-Encoding" => Chef::REST::RESTRequest::ENCODING_GZIP_DEFLATE,
                 "Host" => "chef.example.com:4000" }
    @request = Chef::REST::RESTRequest.new(:POST, @url, @req_body, @headers)
  end

  it "stores the url it was created with" do
    @request.url.should == @url
  end

  it "stores the HTTP method" do
    @request.method.should == :POST
  end

  it "adds the chef version header" do
    @request.headers.should == @headers.merge("X-Chef-Version" => ::Chef::VERSION)
  end

  describe "configuring the HTTP request" do
    it "configures GET requests" do
      @req_body = nil
      rest_req = new_request(:GET)
      rest_req.http_request.should be_a_kind_of(Net::HTTP::Get)
      rest_req.http_request.path.should == "/?q=chef_is_awesome"
      rest_req.http_request.body.should be_nil
    end

    it "configures POST requests, including the body" do
      @request.http_request.should be_a_kind_of(Net::HTTP::Post)
      @request.http_request.path.should == "/?q=chef_is_awesome"
      @request.http_request.body.should == @req_body
    end

    it "configures PUT requests, including the body" do
      rest_req = new_request(:PUT)
      rest_req.http_request.should be_a_kind_of(Net::HTTP::Put)
      rest_req.http_request.path.should == "/?q=chef_is_awesome"
      rest_req.http_request.body.should == @req_body
    end

    it "configures DELETE requests" do
      rest_req = new_request(:DELETE)
      rest_req.http_request.should be_a_kind_of(Net::HTTP::Delete)
      rest_req.http_request.path.should == "/?q=chef_is_awesome"
      rest_req.http_request.body.should be_nil
    end

    it "configures HTTP basic auth" do
      @url = URI.parse("http://homie:theclown@chef.example.com:4000/?q=chef_is_awesome")
      rest_req = new_request(:GET)
      rest_req.http_request.to_hash["authorization"].should == ["Basic aG9taWU6dGhlY2xvd24="]
    end
  end

  describe "configuring the HTTP client" do
    it "configures the HTTP client for the host and port" do
      http_client = new_request.http_client
      http_client.address.should == "chef.example.com"
      http_client.port.should == 4000
    end

    it "configures the HTTP client with the read timeout set in the config file" do
      Chef::Config[:rest_timeout] = 9001
      new_request.http_client.read_timeout.should == 9001
    end

    describe "for proxy" do
      before do
        Chef::Config[:http_proxy]  = "http://proxy.example.com:3128"
        Chef::Config[:https_proxy] = "http://sproxy.example.com:3129"
        Chef::Config[:http_proxy_user] = nil
        Chef::Config[:http_proxy_pass] = nil
        Chef::Config[:https_proxy_user] = nil
        Chef::Config[:https_proxy_pass] = nil
        Chef::Config[:no_proxy] = nil
      end

      after do
        Chef::Config[:http_proxy]  = nil
        Chef::Config[:https_proxy] = nil
        Chef::Config[:http_proxy_user] = nil
        Chef::Config[:http_proxy_pass] = nil
        Chef::Config[:https_proxy_user] = nil
        Chef::Config[:https_proxy_pass] = nil
        Chef::Config[:no_proxy] = nil
      end

      describe "with :no_proxy nil" do
        it "configures the proxy address and port when using http scheme" do
          http_client = new_request.http_client
          http_client.proxy?.should == true
          http_client.proxy_address.should == "proxy.example.com"
          http_client.proxy_port.should == 3128
          http_client.proxy_user.should be_nil
          http_client.proxy_pass.should be_nil
        end

        it "configures the proxy address and port when using https scheme" do
          @url.scheme = "https"
          http_client = new_request.http_client
          http_client.proxy?.should == true
          http_client.proxy_address.should == "sproxy.example.com"
          http_client.proxy_port.should == 3129
          http_client.proxy_user.should be_nil
          http_client.proxy_pass.should be_nil
        end
      end

      describe "with :no_proxy set" do
        before do
          Chef::Config[:no_proxy] = "10.*,*.example.com"
        end

        it "does not configure the proxy address and port when using http scheme" do
          http_client = new_request.http_client
          http_client.proxy?.should == false
          http_client.proxy_address.should be_nil
          http_client.proxy_port.should be_nil
          http_client.proxy_user.should be_nil
          http_client.proxy_pass.should be_nil
        end

        it "does not configure the proxy address and port when using https scheme" do
          @url.scheme = "https"
          http_client = new_request.http_client
          http_client.proxy?.should == false
          http_client.proxy_address.should be_nil
          http_client.proxy_port.should be_nil
          http_client.proxy_user.should be_nil
          http_client.proxy_pass.should be_nil
        end
      end

      describe "with :http_proxy_user and :http_proxy_pass set" do
        before do
          Chef::Config[:http_proxy_user] = "homie"
          Chef::Config[:http_proxy_pass] = "theclown"
        end

        after do
          Chef::Config[:http_proxy_user] = nil
          Chef::Config[:http_proxy_pass] = nil
        end

        it "configures the proxy user and pass when using http scheme" do
          http_client = new_request.http_client
          http_client.proxy?.should == true
          http_client.proxy_user.should == "homie"
          http_client.proxy_pass.should == "theclown"
        end

        it "does not configure the proxy user and pass when using https scheme" do
          @url.scheme = "https"
          http_client = new_request.http_client
          http_client.proxy?.should == true
          http_client.proxy_user.should be_nil
          http_client.proxy_pass.should be_nil
        end
      end

      describe "with :https_proxy_user and :https_proxy_pass set" do
        before do
          Chef::Config[:https_proxy_user] = "homie"
          Chef::Config[:https_proxy_pass] = "theclown"
        end

        after do
          Chef::Config[:https_proxy_user] = nil
          Chef::Config[:https_proxy_pass] = nil
        end

        it "does not configure the proxy user and pass when using http scheme" do
          http_client = new_request.http_client
          http_client.proxy?.should == true
          http_client.proxy_user.should be_nil
          http_client.proxy_pass.should be_nil
        end

        it "configures the proxy user and pass when using https scheme" do
          @url.scheme = "https"
          http_client = new_request.http_client
          http_client.proxy?.should == true
          http_client.proxy_user.should == "homie"
          http_client.proxy_pass.should == "theclown"
        end
      end
    end
  end

end