namespace HydraterLicense;

class LicenseWriter
{
    /**
     * Create a digitally signed license.json file
     *
     * @param array fileSettings Array of [filename => ["enabled": bool, "expires": string ISO 8601 expiration date, "password": string]]
     * @param array domains       Allowed domain names
     * @param string privateKeyPem Private key in PEM format
     * @param string aesKey        32-byte encryption key
     * @param string aesIV         16-byte initialization vector
     */
    public function createLicenseJson(array fileSettings, array domains, string privateKeyPem, string aesKey, string aesIV, string licenseFile)
    {
        var features = [], filename, setting, feature, plainPassword;
        var license, licenseJson, signature, finalPayload;
        var encrypted, encryptedB64, finalJson, enabled, expires;
        var fileHandle, myfeature;

        // Build feature list
        for filename, setting in fileSettings {
            if typeof setting !== "array" {
                continue;
            }
            if !isset setting["feature"] || !isset setting["enabled"] || !isset setting["password"] {
                continue;
            }
            let myfeature = setting["feature"];

            if !isset setting["expires"] {
                let expires = "*"; // Never Expires
            } else {
                let expires = (string) setting["expires"];
            }

            if ends_with(filename, ".aes") {
                let plainPassword = (string) setting["password"];

                // Encrypt password with AES-256-CBC
                let encrypted = openssl_encrypt(
                    plainPassword,
                    "aes-256-cbc",
                    aesKey,
                    1, // OPENSSL_RAW_DATA
                    aesIV
                );

                // Base64 encode encrypted output
                let encryptedB64 = base64_encode(encrypted);
                if setting["enabled"] == true || setting["enabled"] == 1 {
                    let enabled = true;
                } else {
                    let enabled = false;
                }

                let feature = [
                    "file": filename,
                    "feature": myfeature,
                    "enabled": enabled,
                    "expires": expires,
                    "password": encryptedB64
                ];
                let features[] = feature;
            }
        }

        let license = [
            "features": features,
            "domains": domains
        ];

        // JSON encode license (pretty format)
        let licenseJson = json_encode(license, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);

        // Sign using openssl_sign via PHP
        let signature = "";
        openssl_sign(licenseJson, signature, privateKeyPem, "sha256");

        // Wrap license + signature into final JSON
        let finalPayload = [
            "license": json_decode(licenseJson),
            "signature": base64_encode(signature)
        ];

        let finalJson = json_encode(finalPayload, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);

        // Save to license.json
        let fileHandle = fopen(licenseFile, "w");
        if fileHandle !== false {
            fwrite(fileHandle, finalJson);
            fclose(fileHandle);
        }
    }
}