<?php
/**
 * Copyright since 2014 Waynet Sp. z o.o.
 * PrestaShop is an International Registered Trademark & Property of PrestaShop SA
 *
 * NOTICE OF LICENSE
 *
 * This source file is subject to the Open Software License (OSL 3.0)
 * that is bundled with this package in the file LICENSE.md.
 * It is also available through the world-wide-web at this URL:
 * https://opensource.org/licenses/OSL-3.0
 * If you did not receive a copy of the license and are unable to
 * obtain it through the world-wide-web, please send an email
 * to kontakt@waynet.pl so we can send you a copy immediately.
 *
 * DISCLAIMER
 *
 * Do not edit or add to this file if you wish to upgrade PrestaShop to newer
 * versions in the future. If you wish to customize PrestaShop for your
 * needs please refer to https://devdocs.prestashop-project.org/ for more information.
 *
 * @author    Waynet Sp. z o.o. <kontakt@waynet.pl>
 * @copyright since 2014 Waynet Sp. z o.o.
 * @license   https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
 */

declare(strict_types=1);

namespace Waynet\Security\OAuth2;

use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Token;
use PrestaShop\Module\PsAccounts\Service\PsAccountsService;
use PrestaShopCorp\Billing\Services\BillingService;
use Waynet\OAuth2\Client\Authentication\AuthenticationMethodInterface;
use Waynet\OAuth2\Client\Grant\ClientCredentialsGrant;
use Waynet\OAuth2\Client\JWT\SignerProviderInterface;
use Waynet\OAuth2\Client\Registration\ClientMetadataProviderInterface;
use Waynet\Security\Exception\NoValidSubscriptionException;
use Waynet\Security\Exception\UnassociatedAccountException;
use Waynet\Security\Repository\Configuration\ShopConfigurationRepository;

class ClientMetadataProvider implements ClientMetadataProviderInterface
{
    private $module;
    private $context;
    private $shopConfiguration;
    private $signerProvider;
    private $authenticationMethod;
    private $billingsService;
    private $accountsService;

    public function __construct(
        \Module $module,
        \Context $context,
        ShopConfigurationRepository $shopConfiguration,
        SignerProviderInterface $signerProvider,
        AuthenticationMethodInterface $authenticationMethod,
        BillingService $billingsService,
        PsAccountsService $accountsService = null
    ) {
        $this->module = $module;
        $this->context = $context;
        $this->shopConfiguration = $shopConfiguration;
        $this->signerProvider = $signerProvider;
        $this->authenticationMethod = $authenticationMethod;
        $this->billingsService = $billingsService;
        $this->accountsService = $accountsService;
    }

    public function getClientMetadata(string $clientRegistrationEndpointUri): array
    {
        if (null === $this->accountsService || !$shopUuid = $this->accountsService->getShopUuid()) {
            throw new UnassociatedAccountException('Shop is not associated with a PrestaShop Accounts');
        }

        $subscription = $this->billingsService->getCurrentSubscription();
        if (!$subscription['success']) {
            throw new NoValidSubscriptionException($subscription, 'Could not verify subscription status');
        }

        $softwareStatement = $this->buildSoftwareStatement(
            $shopUuid,
            $subscription['body']['id'],
            $clientRegistrationEndpointUri
        );

        return ['software_statement' => $softwareStatement->toString()];
    }

    private function buildSoftwareStatement(
        string $shopUuid,
        string $subscriptionId,
        string $clientRegistrationEndpointUri
    ): Token {
        $now = new \DateTimeImmutable();

        return (new Builder())
            ->issuedBy($shopUuid)
            ->relatedTo($subscriptionId)
            ->permittedFor($clientRegistrationEndpointUri)
            ->issuedAt($now)
            ->canOnlyBeUsedAfter($now)
            ->expiresAt($now->add(new \DateInterval('PT5M')))
            ->withClaim('token_endpoint_auth_method', $this->authenticationMethod->getIdentifier())
            ->withClaim('grant_types', [ClientCredentialsGrant::IDENTIFIER])
            ->withClaim('software_id', $this->module->name)
            ->withClaim('software_version', $this->module->version)
            ->withClaim('client_name', $this->shopConfiguration->getShopName())
            ->withClaim('client_uri', \Tools::getHttpHost(true))
            ->withClaim('jwks_uri', $this->context->link->getModuleLink($this->module->name, 'jwks', [], true))
            ->withHeader('kid', $this->signerProvider->getKeyId())
            ->getToken(
                $this->signerProvider->getSigner(),
                $this->signerProvider->getKey()
            );
    }
}