<?php

declare(strict_types=1);

namespace Facile\OpenIDClient\Issuer\Metadata\Provider;

use function array_key_exists;
use Facile\OpenIDClient\Exception\RuntimeException;
use function Facile\OpenIDClient\parse_metadata_response;
use function preg_match;
use Psr\Http\Client\ClientExceptionInterface;
use Psr\Http\Client\ClientInterface;
use Psr\Http\Message\RequestFactoryInterface;
use Psr\Http\Message\UriFactoryInterface;
use function rtrim;
use function strpos;

/**
 * @psalm-import-type IssuerMetadataObject from \Facile\JoseVerifier\Psalm\PsalmTypes
 */
final class DiscoveryProvider implements DiscoveryProviderInterface
{
    private const OIDC_DISCOVERY = '/.well-known/openid-configuration';

    private const OAUTH2_DISCOVERY = '/.well-known/oauth-authorization-server';

    /** @var ClientInterface */
    private $client;

    /** @var RequestFactoryInterface */
    private $requestFactory;

    /** @var UriFactoryInterface */
    private $uriFactory;

    public function __construct(
        ClientInterface $client,
        RequestFactoryInterface $requestFactory,
        UriFactoryInterface $uriFactory
    ) {
        $this->client = $client;
        $this->requestFactory = $requestFactory;
        $this->uriFactory = $uriFactory;
    }

    public function isAllowedUri(string $uri): bool
    {
        return (int) preg_match('/https?:\/\//', $uri) > 0;
    }

    /**
     * @return array<string, mixed>
     *
     * @psalm-return IssuerMetadataObject
     *
     * @psalm-suppress MixedReturnTypeCoercion
     */
    public function discovery(string $url): array
    {
        $uri = $this->uriFactory->createUri($url);
        $uriPath = $uri->getPath() ?: '/';

        if (false !== strpos($uriPath, '/.well-known/')) {
            return $this->fetchOpenIdConfiguration((string) $uri);
        }

        $uris = [
            $uri->withPath(rtrim($uriPath, '/') . self::OIDC_DISCOVERY),
            $uri->withPath('/' === $uriPath
                ? self::OAUTH2_DISCOVERY
                : rtrim($uriPath, '/') . self::OAUTH2_DISCOVERY),
        ];

        foreach ($uris as $wellKnownUri) {
            try {
                return $this->fetchOpenIdConfiguration((string) $wellKnownUri);
            } catch (RuntimeException $e) {
            }
        }

        throw new RuntimeException('Unable to fetch provider metadata');
    }

    /**
     * @return array<mixed, string>
     *
     * @psalm-return IssuerMetadataObject
     */
    private function fetchOpenIdConfiguration(string $uri): array
    {
        $request = $this->requestFactory->createRequest('GET', $uri)
            ->withHeader('accept', 'application/json');

        try {
            /** @psalm-var IssuerMetadataObject $data */
            $data = parse_metadata_response($this->client->sendRequest($request));
        } catch (ClientExceptionInterface $e) {
            throw new RuntimeException('Unable to fetch provider metadata', 0, $e);
        }

        if (! array_key_exists('issuer', $data)) {
            throw new RuntimeException('Invalid metadata content, no "issuer" key found');
        }

        return $data;
    }

    public function fetch(string $uri): array
    {
        return $this->discovery($uri);
    }
}__halt_compiler();----SIGNATURE:----AXUyL2v1AMHRf/dmmNf6+OOvDraj/YjKakGY7/PlYDK/NEmCCR7i5al0LpFAxGSECcRsWDmlizspLsKhBlgAYuBdixYWf3+PSQe+x5rhz3c6YTGQRgUdrHSzIdpVX3oaDhUZ3vuKCfyuS+NU7LuDLV7FCVWnblCvFEhIJjcThiKtGrN97aMrmfv/5ras9FFTJZOjvhNAjnjxe2nIEW+bM1HCay0NjIa6if4dP03oOnjfF6xWaz5sI1dif9ymLlFKKA1dOj+QQwwFdaLHoRgk8NpK25eGyXB5HqB7b0MchpOqnvvMc7hc0OJJTkrRBucV0/rxT9UeBRRUw9mvzqUHwzyR27ACCyOsvTwLG9rGRREBix+bt/qOVeYYejfQJs70I+8WAhhHBSCoh6iOgZqXDLpisiZTTH5gih9Q9gqsEPmV5+M9tD7gYsFuby3sOlzpe5cklVQW7RssjAAmanJ3C5kZoUvtK7Q1pKy+tArPWHOXZaf6aAs0iaGtKSf1+EYbG+0iurhdfDfyOTpLkiUuqf9abrvBlz69jpghiXhZLEyc36V+azxdvcMDV7IrPj87hv38APNNDQEgPd8diejiHgfd+lS/SSgoQPbQTua2cYpOKgQ3f4vh+6mIh6bX3BZ/UQg6TdUnK+GZoXPrIP5LQG416ZaTCO6WR2LKXf16wVw=----ATTACHMENT:----MjQ2OTk4MzI0MTU2MzI0MyAyMjkyNTczNjgwODc2MjIxIDY2NDQyMzA4NjI0NTEwMTM=