//! Request signing through http signatures.

use std::path::Path;

use openssl::pkey::{PKey, Private};

use reqwest::Request;
use crate::Result;

/// Something that has the capability to sign a [`Request`].
pub trait Sign {

    /// Sign the request in accordance with the http-signatures standard.
	fn sign (&self, req: &mut Request) -> Result<()>;

}

/// A private key with a key ID.
#[derive(Clone)]
pub struct Key {
    /// The key ID.
    url: crate::Id,
    /// The actual private key.
    key: PKey<Private>,
}

impl Key {

    /// Load a PEM-encoded private key from a file on disk
	pub fn load (url: crate::Id, path: impl AsRef<Path>) -> Result<Key> {
		let s = std::fs::read_to_string(path).unwrap();

        let bytes = s.as_bytes();
        let key = PKey::private_key_from_pem(&bytes)
            .or_else(|_| PKey::private_key_from_pkcs8(&bytes))
            .or_else(|_| PKey::private_key_from_der(&bytes))
            .map_err(crate::err)?;

        Ok (Key {
            url,
            key,
        })
	}

}

impl Sign for Key {
    fn sign (&self, req: &mut Request) -> Result<()> {
        todo!()
    }
}