<?php

namespace App\Util\HttpSignatures;

class Key
{
    /** @var string */
    private $id;

    /** @var string */
    private $secret;

    /** @var resource */
    private $certificate;

    /** @var resource */
    private $publicKey;

    /** @var resource */
    private $privateKey;

    /** @var string */
    private $type;

    /**
     * @param string       $id
     * @param string|array $secret
     */
    public function __construct($id, $item)
    {
        $this->id = $id;
        if (Key::hasX509Certificate($item) || Key::hasPublicKey($item)) {
            $publicKey = Key::getPublicKey($item);
        } else {
            $publicKey = null;
        }
        if (Key::hasPrivateKey($item)) {
            $privateKey = Key::getPrivateKey($item);
        } else {
            $privateKey = null;
        }
        if (($publicKey || $privateKey)) {
            $this->type = 'asymmetric';
            if ($publicKey && $privateKey) {
                $publicKeyPEM = openssl_pkey_get_details($publicKey)['key'];
                $privateKeyPublicPEM = openssl_pkey_get_details($privateKey)['key'];
                if ($privateKeyPublicPEM != $publicKeyPEM) {
                    throw new KeyException('Supplied Certificate and Key are not related');
                }
            }
            $this->privateKey = $privateKey;
            $this->publicKey = $publicKey;
            $this->secret = null;
        } else {
            $this->type = 'secret';
            $this->secret = $item;
            $this->publicKey = null;
            $this->privateKey = null;
        }
    }

    /**
     * Retrieves private key resource from a input string or
     * array of strings.
     *
     * @param string|array $object PEM-format Private Key or file path to same
     *
     * @return resource|false
     */
    public static function getPrivateKey($object)
    {
        if (is_array($object)) {
            foreach ($object as $candidateKey) {
                $privateKey = Key::getPrivateKey($candidateKey);
                if ($privateKey) {
                    return $privateKey;
                }
            }
        } else {
            // OpenSSL libraries don't have detection methods, so try..catch
            try {
                $privateKey = openssl_get_privatekey($object);

                return $privateKey;
            } catch (\Exception $e) {
                return null;
            }
        }
    }

    /**
     * Retrieves public key resource from a input string or
     * array of strings.
     *
     * @param string|array $object PEM-format Public Key or file path to same
     *
     * @return resource|false
     */
    public static function getPublicKey($object)
    {
        if (is_array($object)) {
            // If we implement key rotation in future, this should add to a collection
            foreach ($object as $candidateKey) {
                $publicKey = Key::getPublicKey($candidateKey);
                if ($publicKey) {
                    return $publicKey;
                }
            }
        } else {
            // OpenSSL libraries don't have detection methods, so try..catch
            try {
                $publicKey = openssl_get_publickey($object);

                return $publicKey;
            } catch (\Exception $e) {
                return null;
            }
        }
    }

    /**
     * Signing HTTP Messages 'keyId' field.
     *
     * @return string
     *
     * @throws KeyException
     */
    public function getId()
    {
        return $this->id;
    }

    /**
     * Retrieve Verifying Key - Public Key for Asymmetric/PKI, or shared secret for HMAC.
     *
     * @return string Shared Secret or PEM-format Public Key
     *
     * @throws KeyException
     */
    public function getVerifyingKey()
    {
        switch ($this->type) {
        case 'asymmetric':
            if ($this->publicKey) {
                return openssl_pkey_get_details($this->publicKey)['key'];
            } else {
                return null;
            }
            break;
        case 'secret':
            return $this->secret;
        default:
            throw new KeyException("Unknown key type $this->type");
        }
    }

    /**
     * Retrieve Signing Key - Private Key for Asymmetric/PKI, or shared secret for HMAC.
     *
     * @return string Shared Secret or PEM-format Private Key
     *
     * @throws KeyException
     */
    public function getSigningKey()
    {
        switch ($this->type) {
        case 'asymmetric':
            if ($this->privateKey) {
                openssl_pkey_export($this->privateKey, $pem);

                return $pem;
            } else {
                return null;
            }
            break;
        case 'secret':
            return $this->secret;
        default:
            throw new KeyException("Unknown key type $this->type");
        }
    }

    /**
     * @return string 'secret' for HMAC or 'asymmetric'
     */
    public function getType()
    {
        return $this->type;
    }

    /**
     * Test if $object is, points to or contains, X.509 PEM-format certificate.
     *
     * @param string|array $object PEM Format X.509 Certificate or file path to one
     *
     * @return bool
     */
    public static function hasX509Certificate($object)
    {
        if (is_array($object)) {
            foreach ($object as $candidateCertificate) {
                $result = Key::hasX509Certificate($candidateCertificate);
                if ($result) {
                    return $result;
                }
            }
        } else {
            // OpenSSL libraries don't have detection methods, so try..catch
            try {
                openssl_x509_export($object, $null);

                return true;
            } catch (\Exception $e) {
                return false;
            }
        }
    }

    /**
     * Test if $object is, points to or contains, PEM-format Public Key.
     *
     * @param string|array $object PEM-format Public Key or file path to one
     *
     * @return bool
     */
    public static function hasPublicKey($object)
    {
        if (is_array($object)) {
            foreach ($object as $candidatePublicKey) {
                $result = Key::hasPublicKey($candidatePublicKey);
                if ($result) {
                    return $result;
                }
            }
        } else {
            return false == !openssl_pkey_get_public($object);
        }
    }

    /**
     * Test if $object is, points to or contains, PEM-format Private Key.
     *
     * @param string|array $object PEM-format Private Key or file path to one
     *
     * @return bool
     */
    public static function hasPrivateKey($object)
    {
        if (is_array($object)) {
            foreach ($object as $candidatePrivateKey) {
                $result = Key::hasPrivateKey($candidatePrivateKey);
                if ($result) {
                    return $result;
                }
            }
        } else {
            return  false != openssl_pkey_get_private($object);
        }
    }
}