rusty_ems/auth/

utils.rs

//! Authentication utilities and helper functions

use super::adapters::{
    BinanceAuthAdapter, BithumbAuthAdapter, BybitAuthAdapter, CoinbaseAuthAdapter, UpbitAuthAdapter,
};
use super::traits::AuthenticationManager;
use crate::error::{EMSError, Result};
use rusty_common::SmartString;
use rusty_common::auth::exchanges::{
    binance::BinanceAuth, bithumb::BithumbAuth, bybit::BybitAuth, coinbase::CoinbaseAuth,
    upbit::UpbitAuth,
};
use rusty_common::auth::pem::validate_pem_format;
use std::str::FromStr;
use std::sync::Arc;
use thiserror::Error;

/// Authentication-specific errors
#[derive(Error, Debug)]
pub enum AuthenticationError {
    /// Invalid exchange name provided
    #[error("Invalid exchange: {0}")]
    InvalidExchange(SmartString),

    /// Authentication method not supported by exchange
    #[error("Authentication method not supported: {0}")]
    UnsupportedMethod(SmartString),

    /// Invalid credentials format or structure
    #[error("Invalid credentials format: {0}")]
    InvalidCredentials(SmartString),

    /// Authentication token or credentials have expired
    #[error("Authentication expired")]
    Expired,

    /// Failed to refresh authentication credentials
    #[error("Authentication refresh failed: {0}")]
    RefreshFailed(SmartString),
}

impl From<AuthenticationError> for EMSError {
    fn from(err: AuthenticationError) -> Self {
        Self::auth(err.to_string())
    }
}

/// Exchange type enumeration for authentication adapter creation
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum ExchangeType {
    /// Binance exchange
    Binance,
    /// Bybit exchange
    Bybit,
    /// Coinbase exchange
    Coinbase,
    /// Upbit exchange
    Upbit,
    /// Bithumb exchange
    Bithumb,
}

impl ExchangeType {
    /// Get exchange name as string
    #[must_use]
    pub const fn as_str(&self) -> &'static str {
        match self {
            Self::Binance => "binance",
            Self::Bybit => "bybit",
            Self::Coinbase => "coinbase",
            Self::Upbit => "upbit",
            Self::Bithumb => "bithumb",
        }
    }
}

impl FromStr for ExchangeType {
    type Err = EMSError;

    fn from_str(s: &str) -> Result<Self> {
        match s.to_lowercase().as_str() {
            "binance" => Ok(Self::Binance),
            "bybit" => Ok(Self::Bybit),
            "coinbase" => Ok(Self::Coinbase),
            "upbit" => Ok(Self::Upbit),
            "bithumb" => Ok(Self::Bithumb),
            _ => Err(AuthenticationError::InvalidExchange(s.into()).into()),
        }
    }
}

/// Create an authentication adapter for the specified exchange type
pub fn create_auth_adapter(
    exchange_type: ExchangeType,
    api_key: impl Into<SmartString>,
    secret_key: impl Into<SmartString>,
    passphrase: Option<impl Into<SmartString>>,
) -> Result<Arc<dyn AuthenticationManager>> {
    let api_key = api_key.into();
    let secret_key = secret_key.into();

    match exchange_type {
        ExchangeType::Binance => {
            let auth = BinanceAuth::new_hmac(api_key, secret_key);
            Ok(Arc::new(BinanceAuthAdapter::new(auth)))
        }

        ExchangeType::Bybit => {
            let auth = BybitAuth::new(api_key, secret_key);
            Ok(Arc::new(BybitAuthAdapter::new(auth)))
        }

        ExchangeType::Coinbase => {
            if let Some(_passphrase) = passphrase {
                // HMAC authentication
                let auth = CoinbaseAuth::new_hmac(api_key, secret_key);
                Ok(Arc::new(CoinbaseAuthAdapter::new(auth)))
            } else {
                // Try ECDSA authentication (secret_key is PEM)
                let auth = CoinbaseAuth::new_ecdsa(api_key, secret_key).map_err(|e| {
                    EMSError::auth(format!("Failed to create Coinbase ECDSA auth: {e}"))
                })?;
                Ok(Arc::new(CoinbaseAuthAdapter::new(auth)))
            }
        }

        ExchangeType::Upbit => {
            let config = rusty_common::auth::exchanges::upbit::UpbitAuthConfig {
                access_key: api_key,
                secret_key,
            };
            let auth = UpbitAuth::new(config);
            Ok(Arc::new(UpbitAuthAdapter::new(auth)))
        }

        ExchangeType::Bithumb => {
            let auth = BithumbAuth::new(api_key, secret_key);
            Ok(Arc::new(BithumbAuthAdapter::new(auth)))
        }
    }
}

/// Create a Binance Ed25519 authentication adapter
pub fn create_binance_ed25519_adapter(
    api_key: impl Into<SmartString>,
    private_key_base64: impl Into<SmartString>,
) -> Result<Arc<dyn AuthenticationManager>> {
    let auth = BinanceAuth::new_ed25519(api_key.into(), private_key_base64.into())
        .map_err(|e| EMSError::auth(format!("Failed to create Binance Ed25519 auth: {e}")))?;
    Ok(Arc::new(BinanceAuthAdapter::new(auth)))
}

/// Authentication configuration builder
pub struct AuthConfigBuilder {
    exchange_type: Option<ExchangeType>,
    api_key: Option<SmartString>,
    secret_key: Option<SmartString>,
    passphrase: Option<SmartString>,
    use_ed25519: bool,
}

impl AuthConfigBuilder {
    /// Create a new authentication configuration builder
    #[must_use]
    pub const fn new() -> Self {
        Self {
            exchange_type: None,
            api_key: None,
            secret_key: None,
            passphrase: None,
            use_ed25519: false,
        }
    }

    /// Set exchange type
    #[must_use]
    pub const fn exchange(mut self, exchange_type: ExchangeType) -> Self {
        self.exchange_type = Some(exchange_type);
        self
    }

    /// Set exchange type from string
    pub fn exchange_str(mut self, exchange: &str) -> Result<Self> {
        self.exchange_type = Some(ExchangeType::from_str(exchange)?);
        Ok(self)
    }

    /// Set API key
    pub fn api_key(mut self, api_key: impl Into<SmartString>) -> Self {
        self.api_key = Some(api_key.into());
        self
    }

    /// Set secret key
    pub fn secret_key(mut self, secret_key: impl Into<SmartString>) -> Self {
        self.secret_key = Some(secret_key.into());
        self
    }

    /// Set passphrase (for Coinbase HMAC)
    pub fn passphrase(mut self, passphrase: impl Into<SmartString>) -> Self {
        self.passphrase = Some(passphrase.into());
        self
    }

    /// Use Ed25519 authentication (Binance only)
    #[must_use]
    pub const fn use_ed25519(mut self) -> Self {
        self.use_ed25519 = true;
        self
    }

    /// Build the authentication adapter
    pub fn build(self) -> Result<Arc<dyn AuthenticationManager>> {
        let exchange_type = self
            .exchange_type
            .ok_or_else(|| EMSError::invalid_params("Exchange type not specified"))?;
        let api_key = self
            .api_key
            .ok_or_else(|| EMSError::invalid_params("API key not specified"))?;
        let secret_key = self
            .secret_key
            .ok_or_else(|| EMSError::invalid_params("Secret key not specified"))?;

        if self.use_ed25519 && exchange_type == ExchangeType::Binance {
            create_binance_ed25519_adapter(api_key, secret_key)
        } else {
            create_auth_adapter(exchange_type, api_key, secret_key, self.passphrase)
        }
    }
}

impl Default for AuthConfigBuilder {
    fn default() -> Self {
        Self::new()
    }
}

/// Utility function to extract authentication method from exchange adapter
pub fn get_auth_method_info(adapter: &dyn AuthenticationManager) -> AuthMethodInfo {
    let exchange = adapter.exchange_name();
    let supports_ws_trading = adapter.supports_websocket_trading();
    let requires_refresh = adapter.requires_refresh();
    let refresh_interval = adapter.refresh_interval();

    let method_type = match exchange.to_lowercase().as_str() {
        "binance" => {
            if supports_ws_trading {
                "Ed25519".into()
            } else {
                "HMAC-SHA256".into()
            }
        }
        "bybit" => "HMAC-SHA256".into(),
        "coinbase" => "ECDSA/JWT".into(),
        "upbit" | "bithumb" => "JWT-HMAC".into(),
        _ => "Unknown".into(),
    };

    AuthMethodInfo {
        exchange_name: exchange.into(),
        method_type,
        supports_websocket_trading: supports_ws_trading,
        requires_refresh,
        refresh_interval,
    }
}

/// Information about authentication method
#[derive(Debug, Clone)]
pub struct AuthMethodInfo {
    /// Name of the exchange
    pub exchange_name: SmartString,
    /// Type of authentication method used
    pub method_type: SmartString,
    /// Whether WebSocket trading is supported
    pub supports_websocket_trading: bool,
    /// Whether authentication requires periodic refresh
    pub requires_refresh: bool,
    /// Interval for refreshing authentication
    pub refresh_interval: Option<std::time::Duration>,
}

/// Validate authentication configuration
pub fn validate_auth_config(
    exchange_type: ExchangeType,
    api_key: &str,
    secret_key: &str,
    passphrase: Option<&str>,
) -> Result<()> {
    // Basic validation
    if api_key.is_empty() {
        return Err(EMSError::invalid_params("API key cannot be empty"));
    }

    if secret_key.is_empty() {
        return Err(EMSError::invalid_params("Secret key cannot be empty"));
    }

    // Exchange-specific validation
    match exchange_type {
        ExchangeType::Coinbase => {
            // Coinbase can use either HMAC (with passphrase) or ECDSA (PEM key)
            if let Some(phrase) = passphrase {
                // HMAC mode - validate passphrase is not empty
                if phrase.is_empty() {
                    return Err(EMSError::invalid_params(
                        "Coinbase passphrase cannot be empty",
                    ));
                }
            } else {
                // ECDSA mode - validate PEM format using proper parser
                validate_pem_format(secret_key)
                    .map_err(|e| EMSError::invalid_params(format!("PEM validation failed: {e}")))?;
            }
        }

        ExchangeType::Binance => {
            // For Ed25519, secret key should be base64 encoded
            if secret_key.len() < 32 {
                return Err(EMSError::invalid_params(
                    "Binance secret key appears too short",
                ));
            }
        }

        ExchangeType::Upbit | ExchangeType::Bithumb => {
            // JWT-based exchanges
            if api_key.len() < 10 {
                return Err(EMSError::invalid_params(
                    "Korean exchange API key appears too short",
                ));
            }
        }

        ExchangeType::Bybit => {
            // Standard HMAC validation
            if secret_key.len() < 20 {
                return Err(EMSError::invalid_params(
                    "Bybit secret key appears too short",
                ));
            }
        }
    }

    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_exchange_type_parsing() {
        assert_eq!(
            ExchangeType::from_str("binance").unwrap(),
            ExchangeType::Binance
        );
        assert_eq!(
            ExchangeType::from_str("BYBIT").unwrap(),
            ExchangeType::Bybit
        );
        assert_eq!(
            ExchangeType::from_str("Coinbase").unwrap(),
            ExchangeType::Coinbase
        );

        assert!(ExchangeType::from_str("invalid").is_err());
    }

    #[test]
    fn test_auth_config_builder() {
        // Test successful builder pattern
        let builder = AuthConfigBuilder::new()
            .exchange(ExchangeType::Binance)
            .api_key("test_api_key")
            .secret_key("test_secret_key_longer_than_32_chars_here");

        // This should succeed for Binance with proper key length
        assert!(builder.build().is_ok());

        // Test invalid PEM format for Coinbase
        let invalid_pem_builder = AuthConfigBuilder::new()
            .exchange(ExchangeType::Coinbase)
            .api_key("test_api_key")
            .secret_key("invalid_pem_key");

        // This should fail due to invalid PEM format
        assert!(invalid_pem_builder.build().is_err());

        // Test valid PEM format for Coinbase
        let valid_pem_builder = AuthConfigBuilder::new()
            .exchange(ExchangeType::Coinbase)
            .api_key("test_api_key")
            .secret_key(
                "-----BEGIN PRIVATE KEY-----\nVEVTVCBLRVkgREFUQQ==\n-----END PRIVATE KEY-----",
            );

        // This should succeed with valid PEM format
        let result = valid_pem_builder.build();
        if let Err(e) = &result {
            eprintln!("PEM validation failed: {e:?}");
        }
        assert!(result.is_ok());
    }

    #[test]
    fn test_auth_validation() {
        // Valid configurations
        assert!(
            validate_auth_config(
                ExchangeType::Binance,
                "test_api_key",
                "test_secret_key_longer_than_32_chars_here",
                None
            )
            .is_ok()
        );

        // Invalid configurations
        assert!(validate_auth_config(ExchangeType::Binance, "", "test_secret", None).is_err());

        assert!(
            validate_auth_config(ExchangeType::Coinbase, "test_api", "short", Some("")).is_err()
        );
    }
}