# For use with https://github.com/theforeman/smart_proxy_vault
module Vault
  module Helpers    
    def client_key_path
      Chef::Config[:client_key]
    end

    def node_name
      Chef::Config[:node_name]
    end

    def smartproxy_server
      'smartproxy.example.com'
    end

    def token_url(ttl=nil, port='8443')
      "https://#{smartproxy_server}:%{port}/vault/token/issue%{ttl}" % {ttl: ttl, port: port}
    end

    def sign_request
      rsa = OpenSSL::PKey::RSA.new File.read client_key_path
      body = Digest::MD5.hexdigest rsa.public_key.to_s
      Base64.strict_encode64(rsa.sign(OpenSSL::Digest::SHA512.new, body))
    end

    def vault_http(url)
      uri = URI.parse(url)
      http = Net::HTTP.new(uri.host, uri.port)
      http.use_ssl = true
      # http.verify_mode = OpenSSL::SSL::VERIFY_NONE
      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
      return http, uri
    end

    def vault_request(uri)
      request = Net::HTTP::Get.new(uri.request_uri)
      request['X-VAULT-CLIENT'] = node_name
      request['X-VAULT-SIGNATURE'] = sign_request
      request
    end

    def vault_connection(url)
      http, uri = vault_http(url)
      request = vault_request(uri)
      return http, request
    end

    def success?(status_code)
      Chef::Application.fatal!("Could not get a valid Vault token.") unless status_code.eql? '200'
    end

    def request_token(ttl)
      http, request = vault_connection token_url(ttl)
      response = http.request(request)
      success? response.code
      response.body
    end

    def set_token(ttl='?ttl=10m')
      request_token(ttl)
    end

    def secret(path)
      node.run_state[path].data
    end
  end
end