package appleiap

import (
    "errors"
    "github.com/golang-jwt/jwt/v5"
)

func verifyWithEnv(env, token string) (jwt.MapClaims, error) {
    parsed, err := jwt.Parse(token, func(t *jwt.Token) (interface{}, error) {
        h, ok := t.Header["kid"].(string)
        if !ok { return nil, errors.New("kid missing") }
        return GetKey(env, h)
    })
    if err != nil { return nil, err }
    if !parsed.Valid { return nil, errors.New("invalid jws") }
    c, ok := parsed.Claims.(jwt.MapClaims)
    if !ok { return nil, errors.New("claims invalid") }
    return c, nil
}

func VerifyWithEnv(env, token string) (jwt.MapClaims, error) { return verifyWithEnv(env, token) }

func VerifyAutoEnv(token string) (jwt.MapClaims, string, error) {
    c, err := verifyWithEnv("production", token)
    if err == nil { return c, "production", nil }
    c2, err2 := verifyWithEnv("sandbox", token)
    if err2 == nil { return c2, "sandbox", nil }
    return nil, "", err
}