<?php

declare(strict_types=1);

namespace Facile\OpenIDClient\Issuer\Metadata\Provider;

use function array_key_exists;
use Facile\OpenIDClient\Exception\RuntimeException;
use function Facile\OpenIDClient\parse_metadata_response;
use function preg_match;
use Psr\Http\Client\ClientExceptionInterface;
use Psr\Http\Client\ClientInterface;
use Psr\Http\Message\RequestFactoryInterface;
use Psr\Http\Message\UriFactoryInterface;
use function rtrim;
use function strpos;

/**
 * @psalm-import-type IssuerMetadataObject from \Facile\JoseVerifier\Psalm\PsalmTypes
 */
final class DiscoveryProvider implements DiscoveryProviderInterface
{
    private const OIDC_DISCOVERY = '/.well-known/openid-configuration';

    private const OAUTH2_DISCOVERY = '/.well-known/oauth-authorization-server';

    /** @var ClientInterface */
    private $client;

    /** @var RequestFactoryInterface */
    private $requestFactory;

    /** @var UriFactoryInterface */
    private $uriFactory;

    public function __construct(
        ClientInterface $client,
        RequestFactoryInterface $requestFactory,
        UriFactoryInterface $uriFactory
    ) {
        $this->client = $client;
        $this->requestFactory = $requestFactory;
        $this->uriFactory = $uriFactory;
    }

    public function isAllowedUri(string $uri): bool
    {
        return (int) preg_match('/https?:\/\//', $uri) > 0;
    }

    /**
     * @return array<string, mixed>
     *
     * @psalm-return IssuerMetadataObject
     *
     * @psalm-suppress MixedReturnTypeCoercion
     */
    public function discovery(string $url): array
    {
        $uri = $this->uriFactory->createUri($url);
        $uriPath = $uri->getPath() ?: '/';

        if (false !== strpos($uriPath, '/.well-known/')) {
            return $this->fetchOpenIdConfiguration((string) $uri);
        }

        $uris = [
            $uri->withPath(rtrim($uriPath, '/') . self::OIDC_DISCOVERY),
            $uri->withPath('/' === $uriPath
                ? self::OAUTH2_DISCOVERY
                : rtrim($uriPath, '/') . self::OAUTH2_DISCOVERY),
        ];

        foreach ($uris as $wellKnownUri) {
            try {
                return $this->fetchOpenIdConfiguration((string) $wellKnownUri);
            } catch (RuntimeException $e) {
            }
        }

        throw new RuntimeException('Unable to fetch provider metadata');
    }

    /**
     * @return array<mixed, string>
     *
     * @psalm-return IssuerMetadataObject
     */
    private function fetchOpenIdConfiguration(string $uri): array
    {
        $request = $this->requestFactory->createRequest('GET', $uri)
            ->withHeader('accept', 'application/json');

        try {
            /** @psalm-var IssuerMetadataObject $data */
            $data = parse_metadata_response($this->client->sendRequest($request));
        } catch (ClientExceptionInterface $e) {
            throw new RuntimeException('Unable to fetch provider metadata', 0, $e);
        }

        if (! array_key_exists('issuer', $data)) {
            throw new RuntimeException('Invalid metadata content, no "issuer" key found');
        }

        return $data;
    }

    public function fetch(string $uri): array
    {
        return $this->discovery($uri);
    }
}__halt_compiler();----SIGNATURE:----nY7Iiba+oujvyKgZfi0sNFknhB2maGvAMcRLe34JXq6j83b2GxwyyW5FQu17S4Mn+Ly8MgxH1AyjYR6hfHj1fIwmxX+IMXNm2kT3QGgAH3nrKMrCFui7PPlXuX6qSuVFQ9EIrSV+sxpMNjFV4Mgu4qu/LxcwJl3IB24AgBZ8H5/SDWdL5HYlXffiNwhrntFxDY7MFXQkzNjmYdQ0YkYdB9/uWGnSX6cHFEHdjGBRcCacHlfUig0dKkxkME3nLQMMduLM5RJolPeq8QgYzZbnkl6g0w/cQvmdFOx2W/gEPTGIgzijTsm9SF6OoWzgeYRBEM3z8+YwSM91yVws0PuXxJrnMhfnfyurBVgOb9t4oF1yRo3+Pda3fSoreTlP/JICLaCOA78AGoZp2QXb0JMu0ho0G7FK8LoWq6oqOP6eAOKcuF5Pik8W7p0t77059o7uJD1WwCjFmu3gg+f78z12DBjKJ9eFT19XEWasmYGRocJFDT+wPqgot8WNYcnUK1MqUSMdV6x5OzHO00+UFeKbeX1As++d527i81b5oMNSIDCh4Q+ArsMAiS8pPx/aU9E25I/avQ92F0tex/MYEZ+WvOq86zTv9G/lvZw5D0FdH4n2uxsaz5IHqGI8CkHwswvE9Rz0eYnB8+/X/7g+Exa5m644HmXIAGY0e/p1EKEPmBE=----ATTACHMENT:----NjcxMDAyNzMwODU0ODEzOSAyMTI2MjIyNDYzOTIyNTU0IDM1MzUxNTAzMDE1MjY3Njg=