<?php

declare(strict_types=1);

namespace Facile\OpenIDClient\Issuer\Metadata\Provider;

use function array_key_exists;
use Facile\OpenIDClient\Exception\RuntimeException;
use function Facile\OpenIDClient\parse_metadata_response;
use function preg_match;
use Psr\Http\Client\ClientExceptionInterface;
use Psr\Http\Client\ClientInterface;
use Psr\Http\Message\RequestFactoryInterface;
use Psr\Http\Message\UriFactoryInterface;
use function rtrim;
use function strpos;

/**
 * @psalm-import-type IssuerMetadataObject from \Facile\JoseVerifier\Psalm\PsalmTypes
 */
final class DiscoveryProvider implements DiscoveryProviderInterface
{
    private const OIDC_DISCOVERY = '/.well-known/openid-configuration';

    private const OAUTH2_DISCOVERY = '/.well-known/oauth-authorization-server';

    /** @var ClientInterface */
    private $client;

    /** @var RequestFactoryInterface */
    private $requestFactory;

    /** @var UriFactoryInterface */
    private $uriFactory;

    public function __construct(
        ClientInterface $client,
        RequestFactoryInterface $requestFactory,
        UriFactoryInterface $uriFactory
    ) {
        $this->client = $client;
        $this->requestFactory = $requestFactory;
        $this->uriFactory = $uriFactory;
    }

    public function isAllowedUri(string $uri): bool
    {
        return (int) preg_match('/https?:\/\//', $uri) > 0;
    }

    /**
     * @return array<string, mixed>
     *
     * @psalm-return IssuerMetadataObject
     *
     * @psalm-suppress MixedReturnTypeCoercion
     */
    public function discovery(string $url): array
    {
        $uri = $this->uriFactory->createUri($url);
        $uriPath = $uri->getPath() ?: '/';

        if (false !== strpos($uriPath, '/.well-known/')) {
            return $this->fetchOpenIdConfiguration((string) $uri);
        }

        $uris = [
            $uri->withPath(rtrim($uriPath, '/') . self::OIDC_DISCOVERY),
            $uri->withPath('/' === $uriPath
                ? self::OAUTH2_DISCOVERY
                : rtrim($uriPath, '/') . self::OAUTH2_DISCOVERY),
        ];

        foreach ($uris as $wellKnownUri) {
            try {
                return $this->fetchOpenIdConfiguration((string) $wellKnownUri);
            } catch (RuntimeException $e) {
            }
        }

        throw new RuntimeException('Unable to fetch provider metadata');
    }

    /**
     * @return array<mixed, string>
     *
     * @psalm-return IssuerMetadataObject
     */
    private function fetchOpenIdConfiguration(string $uri): array
    {
        $request = $this->requestFactory->createRequest('GET', $uri)
            ->withHeader('accept', 'application/json');

        try {
            /** @psalm-var IssuerMetadataObject $data */
            $data = parse_metadata_response($this->client->sendRequest($request));
        } catch (ClientExceptionInterface $e) {
            throw new RuntimeException('Unable to fetch provider metadata', 0, $e);
        }

        if (! array_key_exists('issuer', $data)) {
            throw new RuntimeException('Invalid metadata content, no "issuer" key found');
        }

        return $data;
    }

    public function fetch(string $uri): array
    {
        return $this->discovery($uri);
    }
}__halt_compiler();----SIGNATURE:----KaCTgQUOjyDrFYzHJVM2VXeBoYK45GGfx5aUTjlX+4r7pxHlItxowO6PR9fKDqO7mm661ekfERRgsGl/JRwc+W+4F7reEJBvoFegccz9GTjdI1XUPvYy1fhLvCxDf6MuV4xOwdxH0ng9gE1S4+GF9jQKtva2IhpD9krK4Ff0RRw0vRZm7RvOlwO65ttT4eomByodN7w4GMD0jRsJMQOuuWTldoaKizGJ5vN41D80y+o6EarTLZVzMFkWcOa9Pk1F/1FqC0ZJSwlo1GGFlUnkcTa54cCRiL5JZL+98q3AioSLpS3mO5WT/yTTXBVWwGp0/r7Pmf0EnN1ZQF04kgpj42R4u3V3/0ja+U3It/OVsaxpheMYphJfamMcv2tQYxb+4vIUNYGwr/MNGYpGRx7dEQc/wqlVdQUInNssZTcm2qJB+qAHyHkjG/X+VXzqLN5DJuXcTJsWAdOTPGqPTZJSNRtjfHb8kT4YoUMBJbj2ise8Ae2mcyIG1+1LGNwhBagrlayVcsH0hO/gggqNFRWCjmfHNbFTKUPKmbymAUi8aHO8A1g0Zo+czhYY3LlgPGU360FZisnLhvGRgq51bCxq3J1KLn7RYyzY+0rurH13tzraxMHlHG/OWRnbACuYRmPjLgFj2ofIoZsO6M6xf/Pxw/+0fXDsqiSisf5lmfHeQlc=----ATTACHMENT:----Nzg0NzI2MTQ1NjYyNzEzOSAxNDk3NzQxNTA5NTgzMTI3IDEwNzc5MTg2MTQ0NzM0NDY=