<?php

declare(strict_types=1);

namespace KupShop\AgeVerifyBundle\Utils;

use KupShop\AgeVerifyBundle\Exception\BankIdException;
use KupShop\KupShopBundle\Config;
use KupShop\KupShopBundle\Util\System\CurlUtil;
use Symfony\Component\HttpClient\Exception\ClientException;

class BankIdUtil
{
    /** @required */
    public AgeVerifyUtil $ageVerifyUtil;

    /** @required */
    public CurlUtil $curlUtil;

    public const SCOPES = [
        'openid',
        'profile.birthdate',
    ];

    public const BANKID = 'bankId';

    public const SANDBOX_URL = 'https://oidc.sandbox.bankid.cz/';
    public const PROD_URL = '/'; // TODO

    public function fetchData($code)
    {
        $query = [
            'grant_type' => 'authorization_code',
            'client_id' => $this->getClientId(),
            'client_secret' => $this->getClientSecret(),
            'redirect_uri' => $this->getRedirectUri(),
            'code' => $code,
        ];

        $client = $this->curlUtil->getClient(headers: ['Content-Type' => 'application/x-www-form-urlencoded'])
            ->request('POST', $this->getUrl('token'), ['body' => $query]);

        try {
            $response = $client->getContent();
            $response = json_decode($response, true);
        } catch (ClientException $e) {
            throw new BankIdException('Unable to fetch access token');
        }

        if (!isset($response['access_token'])) {
            throw new BankIdException('Unable to fetch access token');
        }

        $client = $this->curlUtil->getClient(['Authorization' => "Bearer {$response['access_token']}"])
            ->request('POST', $this->getUrl('userinfo'));

        try {
            $data = $client->getContent();
        } catch (ClientException $e) {
            throw new BankIdException('Unable to fetch verified birthdate');
        }

        $data = json_decode($data, true);

        if (!isset($data['verified_claims']['claims']['birthdate'])) {
            throw new BankIdException('Unable to fetch verified birthdate');
        }

        $birthdate = $data['verified_claims']['claims']['birthdate'];

        $date = \DateTime::createFromFormat('Y-m-d', $birthdate)->add(\DateInterval::createFromDateString('+18YEARS'));

        $this->ageVerifyUtil->setVerificationData($date <= (new \DateTime()) ? 'Y' : 'N', self::BANKID, $birthdate);
    }

    public function getRedirectUrl()
    {
        $query = http_build_query([
            'client_id' => $this->getClientId(),
            'redirect_uri' => $this->getRedirectUri(),
            'scope' => implode(' ', self::SCOPES),
            'response_type' => 'code',
            'state' => 'BankID',
            'prompt' => 'login',
            'display' => 'page',
            'acr_values' => 'loa2',
        ]);

        return "{$this->getUrl('auth')}?{$query}";
    }

    protected function getUrl($path)
    {
        if (isDevelopment() || \Settings::getDefault()['oauth']['bank_id']['sandbox']) {
            return self::SANDBOX_URL.$path;
        }

        return self::PROD_URL.$path;
    }

    protected function getClientId()
    {
        $settings = \Settings::getDefault();

        return $settings['oauth']['bank_id']['client_id'] ?? '';
    }

    protected function getClientSecret()
    {
        $settings = \Settings::getDefault();

        return $settings['oauth']['bank_id']['client_secret'] ?? '';
    }

    protected function getRedirectUri()
    {
        if (isDevelopment()) {
            return Config::get()['Addr']['full_original'].'_bankid';
        }

        return Config::get()['Addr']['full'].'_bankid';
    }
}