use base64ct::{Base64, Encoding};
use crate::error::Error;
const WEBSOCKET_GUID: &str = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
pub fn calculate_accept(nonce: &[u8; 16]) -> String {
let key = Base64::encode_string(nonce.as_slice());
calculate_accept_from_key(&key)
}
pub fn calculate_accept_from_key(key: &str) -> String {
let combined = format!("{}{}", key, WEBSOCKET_GUID);
let hash = sha1_digest(combined.as_bytes());
Base64::encode_string(hash.as_ref())
}
fn sha1_digest(data: &[u8]) -> [u8; 20] {
let hash = aws_lc_rs::digest::digest(&aws_lc_rs::digest::SHA1_FOR_LEGACY_USE_ONLY, data);
let mut out = [0u8; 20];
out.copy_from_slice(hash.as_ref());
out
}
pub(crate) fn validate_key(key: &str) -> Result<(), Error> {
let decoded = Base64::decode_vec(key)
.map_err(|_| Error::handshake_rejected("invalid Sec-WebSocket-Key"))?;
if decoded.len() != 16 {
return Err(Error::handshake_rejected("invalid Sec-WebSocket-Key"));
}
Ok(())
}