ohttp-gateway 1.0.1

A OHTTP Gateway server, meant to run between a OHTTP Relay and a target web service.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210

use axum::http::StatusCode;
use rand::Rng;

use ohttp_gateway::{key_manager::KeyManager, key_manager::KeyManagerConfig};

mod common;

use common::{LEGACY_KEY_ID, validate_cache_control_header};

// Mock HTTP response structure for testing
struct MockResponse {
    status: StatusCode,
    headers: std::collections::HashMap<String, String>,
    body: Vec<u8>,
}

impl MockResponse {
    fn new(status: StatusCode, body: Vec<u8>) -> Self {
        Self {
            status,
            headers: std::collections::HashMap::new(),
            body,
        }
    }

    fn add_header(&mut self, name: &str, value: &str) {
        self.headers.insert(name.to_string(), value.to_string());
    }

    fn get_header(&self, name: &str) -> Option<&String> {
        self.headers.get(name)
    }
}

// Mock config handler - adapt this to match your actual HTTP handler structure
async fn mock_config_handler(
    manager: &KeyManager,
) -> Result<MockResponse, Box<dyn std::error::Error>> {
    // Generate random cache age between 12-36 hours (mirroring Go implementation)
    use rand::Rng;
    let mut rng = rand::thread_rng();
    let twelve_hours = 12 * 3600;
    let twenty_four_hours = 24 * 3600;
    let max_age = twelve_hours + rng.gen_range(0..twenty_four_hours);

    let encoded_config = manager.get_encoded_config().await?;

    let mut response = MockResponse::new(StatusCode::OK, encoded_config);
    response.add_header("Cache-Control", &format!("max-age={}, private", max_age));
    response.add_header("Content-Type", "application/ohttp-keys");

    Ok(response)
}

async fn mock_legacy_config_handler(
    manager: &KeyManager,
    _key_id: u8,
) -> Result<MockResponse, Box<dyn std::error::Error>> {
    // This would need to be implemented based on your legacy config support
    // For now, return a simple implementation
    let encoded_config = manager.get_encoded_config().await?;

    let mut rng = rand::thread_rng();
    let twelve_hours = 12 * 3600;
    let twenty_four_hours = 24 * 3600;
    let max_age = twelve_hours + rng.gen_range(0..twenty_four_hours);

    let mut response = MockResponse::new(StatusCode::OK, encoded_config);
    response.add_header("Cache-Control", &format!("max-age={}, private", max_age));

    Ok(response)
}

#[tokio::test]
async fn test_config_handler() {
    let config = KeyManagerConfig::default();
    let manager = KeyManager::new(config).await.unwrap();

    let response = mock_config_handler(&manager).await.unwrap();

    // Check status
    assert_eq!(response.status, StatusCode::OK);

    // Check headers
    assert_eq!(
        response.get_header("Content-Type").unwrap(),
        "application/ohttp-keys"
    );

    let cache_control = response.get_header("Cache-Control").unwrap();
    validate_cache_control_header(cache_control).unwrap();

    // Check body is not empty and has expected structure with 2-byte length prefix
    assert!(!response.body.is_empty());
    assert!(response.body.len() >= 4); // At least 2-byte length prefix + some config data

    // Verify the length prefix is correct per RFC 9458
    let length_prefix = u16::from_be_bytes([response.body[0], response.body[1]]);
    assert_eq!(length_prefix as usize, response.body.len() - 2);
}

#[tokio::test]
async fn test_legacy_config_handler() {
    let config = KeyManagerConfig::default();
    let manager = KeyManager::new(config).await.unwrap();

    let response = mock_legacy_config_handler(&manager, LEGACY_KEY_ID)
        .await
        .unwrap();

    // Check status
    assert_eq!(response.status, StatusCode::OK);

    // Check cache control header exists and is valid
    let cache_control = response.get_header("Cache-Control").unwrap();
    validate_cache_control_header(cache_control).unwrap();

    // Check body
    assert!(!response.body.is_empty());
}

#[tokio::test]
async fn test_config_handler_multiple_keys() {
    let config = KeyManagerConfig::default();
    let manager = KeyManager::new(config).await.unwrap();

    // Add another key through rotation
    manager.rotate_keys().await.unwrap();

    let response = mock_config_handler(&manager).await.unwrap();

    assert_eq!(response.status, StatusCode::OK);

    // Body should be larger with multiple keys
    assert!(response.body.len() >= 8); // At least 2 key configs
}

#[tokio::test]
async fn test_config_consistency() {
    let config = KeyManagerConfig::default();
    let manager = KeyManager::new(config).await.unwrap();

    // Get config multiple times
    let response1 = mock_config_handler(&manager).await.unwrap();
    let response2 = mock_config_handler(&manager).await.unwrap();

    // Both responses should be successful
    assert_eq!(response1.status, StatusCode::OK);
    assert_eq!(response2.status, StatusCode::OK);

    // Key content should be the same (though cache headers may differ)
    // Note: In a real implementation, you might want to test deterministic key generation
    assert_eq!(response1.body.len(), response2.body.len());
}

#[tokio::test]
async fn test_config_with_deterministic_seed() {
    let config = KeyManagerConfig::default();
    let seed = vec![0x42u8; 32]; // Fixed seed for deterministic keys

    let manager1 = KeyManager::new_with_seed(config.clone(), seed.clone())
        .await
        .unwrap();
    let manager2 = KeyManager::new_with_seed(config, seed).await.unwrap();

    let response1 = mock_config_handler(&manager1).await.unwrap();
    let response2 = mock_config_handler(&manager2).await.unwrap();

    // Both should succeed
    assert_eq!(response1.status, StatusCode::OK);
    assert_eq!(response2.status, StatusCode::OK);

    // With the same seed, the key configurations should be identical
    // This now works because we're using KeyConfig::derive() for deterministic generation
    assert_eq!(response1.body, response2.body);

    // Also verify the bodies are not empty and have valid structure
    assert!(!response1.body.is_empty());
    assert!(response1.body.len() >= 4);
}

#[tokio::test]
async fn test_cache_control_randomization() {
    let config = KeyManagerConfig::default();
    let manager = KeyManager::new(config).await.unwrap();

    let mut max_ages = std::collections::HashSet::new();

    // Generate multiple responses and collect max-age values
    for _ in 0..10 {
        let response = mock_config_handler(&manager).await.unwrap();
        let cache_control = response.get_header("Cache-Control").unwrap();

        // Extract max-age value
        let max_age_str = cache_control
            .strip_prefix("max-age=")
            .and_then(|s| s.strip_suffix(", private"))
            .unwrap();
        let max_age: u32 = max_age_str.parse().unwrap();

        max_ages.insert(max_age);
    }

    // Should have some variation in max-age values (randomization)
    // Note: This test might occasionally fail due to randomness, but should usually pass
    assert!(
        max_ages.len() > 1,
        "Cache-Control max-age should be randomized"
    );
}