<?php declare(strict_types = 0);
/*
** Copyright (C) 2001-2025 Zabbix SIA
**
** This program is free software: you can redistribute it and/or modify it under the terms of
** the GNU Affero General Public License as published by the Free Software Foundation, version 3.
**
** This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
** without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
** See the GNU Affero General Public License for more details.
**
** You should have received a copy of the GNU Affero General Public License along with this program.
** If not, see <https://www.gnu.org/licenses/>.
**/


class CApiPskHelper {

	public static function checkPskOfIdentitiesAmongGivenPairs(array $psk_pairs): void {
		$tls_psk_by_identity = [];

		foreach ($psk_pairs as $i => $psk_pair) {
			if (array_key_exists($psk_pair['tls_psk_identity'], $tls_psk_by_identity)
					&& $tls_psk_by_identity[$psk_pair['tls_psk_identity']] !== $psk_pair['tls_psk']) {
				throw new APIException(ZBX_API_ERROR_PARAMETERS, _s('Invalid parameter "%1$s": %2$s.',
					'/'.($i + 1).'/tls_psk',
					_('another tls_psk value is already associated with given tls_psk_identity')
				));
			}

			$tls_psk_by_identity[$psk_pair['tls_psk_identity']] = $psk_pair['tls_psk'];
		}
	}

	public static function checkPskOfIdentitiesInAutoregistration(array $psk_pairs): void {
		$object_indexes = [];
		$psk_conditions = [];

		foreach ($psk_pairs as $i => $psk_pair) {
			if (!array_key_exists($psk_pair['tls_psk_identity'], $object_indexes)) {
				$object_indexes[$psk_pair['tls_psk_identity']] = $i;
				$psk_conditions[] = dbConditionString('tls_psk_identity', [$psk_pair['tls_psk_identity']]).
					' AND '.dbConditionString('tls_psk', [$psk_pair['tls_psk']], true);
			}
		}

		$row = DBfetch(DBselect(
			'SELECT tls_psk_identity'.
			' FROM config_autoreg_tls'.
			' WHERE ('.implode(') OR (', $psk_conditions).')'
		));

		if ($row) {
			$i = $object_indexes[$row['tls_psk_identity']];

			throw new APIException(ZBX_API_ERROR_PARAMETERS, _s('Invalid parameter "%1$s": %2$s.',
				'/'.($i + 1).'/tls_psk', _('another tls_psk value is already associated with given tls_psk_identity')
			));
		}
	}

	public static function checkPskOfIdentityInAutoregistration(array $psk_pair): void {
		$row = DBfetch(DBselect(
			'SELECT NULL'.
			' FROM config_autoreg_tls'.
			' WHERE '.dbConditionString('tls_psk_identity', [$psk_pair['tls_psk_identity']]).
				' AND '.dbConditionString('tls_psk', [$psk_pair['tls_psk']], true),
			1
		));

		if ($row) {
			throw new APIException(ZBX_API_ERROR_PARAMETERS, _s('Invalid parameter "%1$s": %2$s.', '/tls_psk',
				_('another tls_psk value is already associated with given tls_psk_identity')
			));
		}
	}

	public static function checkPskOfIdentitiesAmongHosts(array $psk_pairs, ?array $hostids = null): void {
		$object_indexes = [];
		$psk_conditions = [];

		foreach ($psk_pairs as $i => $psk_pair) {
			if (!array_key_exists($psk_pair['tls_psk_identity'], $object_indexes)) {
				$object_indexes[$psk_pair['tls_psk_identity']] = $i;
				$psk_conditions[] = dbConditionString('tls_psk_identity', [$psk_pair['tls_psk_identity']]).
					' AND '.dbConditionString('tls_psk', [$psk_pair['tls_psk']], true);
			}
		}

		$conditions = $hostids === null
			? '('.implode(') OR (', $psk_conditions).')'
			: '(('.implode(') OR (', $psk_conditions).'))'.
				' AND '.dbConditionId('hostid', $hostids, true);

		$row = DBfetch(DBselect(
			'SELECT tls_psk_identity'.
			' FROM hosts'.
			' WHERE '.$conditions,
			1
		));

		if ($row) {
			$i = $object_indexes[$row['tls_psk_identity']];

			throw new APIException(ZBX_API_ERROR_PARAMETERS, _s('Invalid parameter "%1$s": %2$s.',
				'/'.($i + 1).'/tls_psk', _('another tls_psk value is already associated with given tls_psk_identity')
			));
		}
	}

	public static function checkPskOfIdentitiesAmongProxies(array $psk_pairs, ?array $proxyids = null): void {
		$object_indexes = [];
		$psk_conditions = [];

		foreach ($psk_pairs as $i => $psk_pair) {
			if (!array_key_exists($psk_pair['tls_psk_identity'], $object_indexes)) {
				$object_indexes[$psk_pair['tls_psk_identity']] = $i;
				$psk_conditions[] = dbConditionString('tls_psk_identity', [$psk_pair['tls_psk_identity']]).
					' AND '.dbConditionString('tls_psk', [$psk_pair['tls_psk']], true);
			}
		}

		$conditions = $proxyids === null
			? '('.implode(') OR (', $psk_conditions).')'
			: '(('.implode(') OR (', $psk_conditions).'))'.
				' AND '.dbConditionId('proxyid', $proxyids, true);

		$row = DBfetch(DBselect(
			'SELECT tls_psk_identity'.
			' FROM proxy'.
			' WHERE '.$conditions,
			1
		));

		if ($row) {
			$i = $object_indexes[$row['tls_psk_identity']];

			throw new APIException(ZBX_API_ERROR_PARAMETERS, _s('Invalid parameter "%1$s": %2$s.',
				'/'.($i + 1).'/tls_psk', _('another tls_psk value is already associated with given tls_psk_identity')
			));
		}
	}

	public static function checkPskOfIdentityAmongHosts(array $psk_pair, ?array $hostids = null): void {
		$hostid_condition = $hostids !== null
			? ' AND '.dbConditionId('hostid', $hostids, true)
			: '';

		$row = DBfetch(DBselect(
			'SELECT NULL'.
			' FROM hosts'.
			' WHERE '.dbConditionString('tls_psk_identity', [$psk_pair['tls_psk_identity']]).
				' AND '.dbConditionString('tls_psk', [$psk_pair['tls_psk']], true).
				$hostid_condition,
			1
		));

		if ($row) {
			throw new APIException(ZBX_API_ERROR_PARAMETERS, _s('Invalid parameter "%1$s": %2$s.', '/tls_psk',
				_('another tls_psk value is already associated with given tls_psk_identity')
			));
		}
	}

	public static function checkPskOfIdentityAmongProxies(array $psk_pair): void {
		$row = DBfetch(DBselect(
			'SELECT NULL'.
			' FROM proxy'.
			' WHERE '.dbConditionString('tls_psk_identity', [$psk_pair['tls_psk_identity']]).
				' AND '.dbConditionString('tls_psk', [$psk_pair['tls_psk']], true),
			1
		));

		if ($row) {
			throw new APIException(ZBX_API_ERROR_PARAMETERS, _s('Invalid parameter "%1$s": %2$s.', '/tls_psk',
				_('another tls_psk value is already associated with given tls_psk_identity')
			));
		}
	}
}