<?php

namespace NoccyLabs\Hotfix\Hotfix;

class Loader
{

    protected $signedBy;

    protected $loaders = [];

    public function __construct()
    {
        $this->addLoader(new Loader\FileLoader());
        $this->addLoader(new Loader\HttpLoader());
        $this->addLoader(new Loader\GistLoader());
        $this->addLoader(new Loader\PastebinLoader());
    }

    public function addLoader(Loader\LoaderInterface $loader)
    {
        $this->loaders[] = $loader;
    }

    public function load($fix, $insecure=false)
    {
        foreach ($this->loaders as $loader) {
            $hotfix = $loader->load($fix);
            if ($hotfix === false) {
                continue;
            }
            $sigHeader = '-----BEGIN PGP SIGNATURE-----';
            if (false === strpos($hotfix, $sigHeader)) {
                if (!$insecure) {
                    throw new \Exception("Hotfix is not signed");
                }
                $body = $hotfix;
                $signer = null;
            } else {
                list ($body, $signature) = explode($sigHeader, $hotfix);
                $signature = $sigHeader.$signature;
                $signer = $this->verifySignature($body, $signature);
            }
            return new Hotfix($body, $signer);
        }
        fprintf(STDERR, "Error: Couldn't load '%s'", $fix);
    }

    protected function verifySignature($body, $signature)
    {
        $gpg = gnupg_init();

        $sigInfo = gnupg_verify($gpg, $body, $signature);

        if ($sigInfo === false) {
            throw new \Exception("Hotfix signature is not valid!");
        }

        $keyInfo = gnupg_keyinfo($gpg, $sigInfo[0]['fingerprint']);

        if (empty($keyInfo)) {
            throw new \Exception("Unknown signer (key id {$sigInfo[0]['fingerprint']})");
        }

        return $keyInfo[0];
    }
}