;; webid-oidc, implementation of the Solid specification
;; Copyright (C) 2020, 2021  Vivien Kraus

;; This program is free software: you can redistribute it and/or modify
;; it under the terms of the GNU Affero General Public License as
;; published by the Free Software Foundation, either version 3 of the
;; License, or (at your option) any later version.

;; This program is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;; GNU Affero General Public License for more details.

;; You should have received a copy of the GNU Affero General Public License
;; along with this program.  If not, see <https://www.gnu.org/licenses/>.

(use-modules (webid-oidc provider-confirmation)
             (webid-oidc jti)
             (webid-oidc jwk)
             (webid-oidc jws)
             (webid-oidc oidc-configuration)
             (webid-oidc access-token)
             (webid-oidc dpop-proof)
             (webid-oidc resource-server)
             (webid-oidc testing)
             (web uri)
             (web request)
             (srfi srfi-19)
             (web response)
             (ice-9 optargs)
             (ice-9 receive))

(with-test-environment
 "resource-server"
 (lambda ()
   (define jti (make-jti-list))
   (define client-key (generate-key #:n-size 2048))
   (define idp-key (generate-key #:n-size 2048))
   (define jwks (make-jwks (list idp-key)))
   (define jwks-uri (string->uri "https://identity.provider/keys"))
   (define oidc-config
     (make-oidc-configuration
      jwks-uri
      (string->uri "https://identity.provider/authorize")
      (string->uri "https://identity.provider/token")))
   (define oidc-config-uri
     (string->uri
      "https://identity.provider/.well-known/openid-configuration"))
   (define subject (string->uri "https://identity.provider/subject#me"))
   (define* (http-get uri #:key (headers '()))
     (define exp (time-utc->date (make-time time-utc 0 3600)))
     (cond ((equal? uri oidc-config-uri)
            (serve-oidc-configuration exp oidc-config))
           ((equal? uri jwks-uri)
            (serve-jwks exp jwks))
           (else (exit 1))))
   (define access-token
     (issue-access-token
      idp-key
      #:alg 'RS256
      #:webid subject
      #:iss "https://identity.provider"
      #:iat 10
      #:exp 3610
      #:client-key client-key
      #:client-id "https://client"))
   (define uri (string->uri "https://resource.server/resource"))
   (define server-uri (string->uri "https://resource.server/"))
   (define method 'GET)
   (define dpop-proof
     (issue-dpop-proof
      client-key
      #:alg 'RS256
      #:htm method
      #:htu uri
      #:iat (time-utc->date (make-time time-utc 0 15))
      #:access-token access-token))
   (define rq
     (call-with-input-string
         (format #f "GET /resource HTTP/1.1\r\n\
Host: resource.server\r\n\
User-Agent: Test Suite\r\n\
Upgrade-Insecure-Requests: 1\r\n\
Cache-Control: max-age=0\r\n\
Authorization: DPoP ~a\r\n\
DPoP: ~a\r\n\r\n"
                 access-token
                 dpop-proof)
       read-request))
   (define rq-body "")
   (define authenticator
     (make-authenticator
      jti
      #:server-uri server-uri
      #:current-time (lambda () (make-time time-utc 0 20))
      #:http-get http-get))
   (define parsed (authenticator rq rq-body))
   (unless (uri? parsed)
     (exit 2))
   (unless (equal? parsed subject)
     (exit 3))))