import { createPrivateKey, sign } from 'node:crypto';

import { canonicalJson } from './canonicalJson.mjs';

export function b64url(buf) {
  return Buffer.from(buf)
    .toString('base64')
    .replace(/\+/g, '-')
    .replace(/\//g, '_')
    .replace(/=+$/u, '');
}

export function signPayload(payload, privateKeyPem) {
  const key = createPrivateKey(privateKeyPem);
  const body = canonicalJson(payload);
  const sig = sign(null, Buffer.from(body, 'utf8'), key);
  return `${b64url(Buffer.from(body, 'utf8'))}.${b64url(sig)}`;
}