horizedEmailAddresses($type = 'authorized'): array {
    $data = $this
      ->getApi($this->settings->get(self::API_KEY_SETTING_NAME))
      ->getAuthorizedEmailAddresses();
    if ($data && $type === 'all') {
      return $data;
    }
    return isset($data[$type]) ? $data[$type] : [];
  }

  /**
   * Create Authorized Email Address
   */
  public function createAuthorizedEmailAddress(string $emailAddress) {
    return $this
      ->getApi($this->settings->get(self::API_KEY_SETTING_NAME))
      ->createAuthorizedEmailAddress($emailAddress);
  }

  /**
   * Get a list of sender domains
   * returns an assoc array of [domainName => Array(DNS responses)]
   * pass in the domain arg to return only the DNS response for the domain
   * For format see @see https://github.com/mailpoet/services-bridge#sender-domains
   */
  public function getAuthorizedSenderDomains($domain = 'all'): array {
    $domain = strtolower($domain);

    $allSenderDomains = [];
    $data = $this->getRawSenderDomainData();
    if ($data === null) {
      return [];
    }

    foreach ($data as $subarray) {
      if (isset($subarray['domain'])) {
        $allSenderDomains[strtolower($subarray['domain'])] = $subarray['dns'] ?? [];
      }
    }

    if ($domain !== 'all') {
      // return an empty array if the provided domain can not be found
      return $allSenderDomains[$domain] ?? [];
    }

    return $allSenderDomains;
  }

  public function getRawSenderDomainData(): ?array {
    return $this
      ->getApi($this->settings->get(self::API_KEY_SETTING_NAME))
      ->getAuthorizedSenderDomains();
  }

  /**
   * Create a new Sender domain record
   * returns an Array of DNS response or array of error
   * @see https://github.com/mailpoet/services-bridge#verify-a-sender-domain for response format
   */
  public function createAuthorizedSenderDomain(string $domain): array {
    $data = $this
      ->getApi($this->settings->get(self::API_KEY_SETTING_NAME))
      ->createAuthorizedSenderDomain($domain);

    return $data['dns'] ?? $data;
  }

  /**
   * Verify Sender Domain records
   * returns an Array of DNS response or an array of error
   * @see https://github.com/mailpoet/services-bridge#verify-a-sender-domain
   */
  public function verifyAuthorizedSenderDomain(string $domain): array {
    return $this
      ->getApi($this->settings->get(self::API_KEY_SETTING_NAME))
      ->verifyAuthorizedSenderDomain($domain);
  }

  public function checkMSSKey($apiKey) {
    $result = $this
      ->getApi($apiKey)
      ->checkMSSKey();
    return $this->processKeyCheckResult($result);
  }

  private function storeSubscriptionType(?string $subscriptionType): void {
    if (in_array($subscriptionType, self::SUBSCRIPTION_TYPES, true)) {
      $this->settings->set(
        self::SUBSCRIPTION_TYPE_SETTING_NAME,
        $subscriptionType
      );
    }
  }

  public function storeMSSKeyAndState($key, $state) {
    return $this->storeKeyAndState(API::KEY_CHECK_TYPE_MSS, $key, $state);
  }

  public function checkPremiumKey($key) {
    $result = $this
      ->getApi($key)
      ->checkPremiumKey();
    return $this->processKeyCheckResult($result);
  }

  private function processKeyCheckResult(array $result) {
    $stateMap = [
      200 => self::KEY_VALID,
      401 => self::KEY_INVALID,
      402 => self::KEY_ALREADY_USED,
      403 => self::KEY_VALID_UNDERPRIVILEGED,
    ];

    if (!empty($result['code']) && isset($stateMap[$result['code']])) {
      if (
        $stateMap[$result['code']] == self::KEY_VALID
        && !empty($result['data']['expire_at'])
      ) {
        $keyState = self::KEY_EXPIRING;
      } else {
        $keyState = $stateMap[$result['code']];
      }
    } else {
      $keyState = self::KEY_CHECK_ERROR;
    }

    // Map of access error messages.
    // The message is set by shop when a subscription has limited access to the feature.
    // Insufficient privileges - is the default state if the plan doesn't include the feature.
    // If the bridge returns 403 and there is a message set by the shop it returns the message.
    $accessRestrictionsMap = [
      API::ERROR_MESSAGE_INSUFFICIENT_PRIVILEGES => self::KEY_ACCESS_INSUFFICIENT_PRIVILEGES,
      API::ERROR_MESSAGE_SUBSCRIBERS_LIMIT_REACHED => self::KEY_ACCESS_SUBSCRIBERS_LIMIT,
      API::ERROR_MESSAGE_EMAIL_VOLUME_LIMIT_REACHED => self::KEY_ACCESS_EMAIL_VOLUME_LIMIT,
    ];

    $accessRestriction = null;
    if (!empty($result['code']) && $result['code'] === 403 && !empty($result['error_message'])) {
      $accessRestriction = $accessRestrictionsMap[$result['error_message']] ?? null;
    }

    return $this->buildKeyState(
      $keyState,
      $result,
      $accessRestriction
    );
  }

  public function storePremiumKeyAndState($key, $state) {
    return $this->storeKeyAndState(API::KEY_CHECK_TYPE_PREMIUM, $key, $state);
  }

  private function storeKeyAndState(string $keyType, ?string $key, ?array $state) {
    if ($keyType === API::KEY_CHECK_TYPE_PREMIUM) {
      $keySettingName = self::PREMIUM_KEY_SETTING_NAME;
      $keyStateSettingName = self::PREMIUM_KEY_STATE_SETTING_NAME;
    } else {
      $keySettingName = self::API_KEY_SETTING_NAME;
      $keyStateSettingName = self::API_KEY_STATE_SETTING_NAME;
    }

    if (
      empty($state['state'])
      || $state['state'] === self::KEY_CHECK_ERROR
    ) {
      return false;
    }

    $previousKey = $this->settings->get($keySettingName);
    // If the key remain the same and the new state is not valid we want to preserve the data from the previous state.
    // The data contain information about state limits. We need those to display the correct information to users.
    if (empty($state['data']) && $previousKey === $key) {
      $previousState = $this->settings->get($keyStateSettingName);
      if (!empty($previousState['data'])) {
        $state['data'] = $previousState['data'];
      }
    }

    // store the key itself
    if ($previousKey !== $key) {
      $this->settings->set(
        $keySettingName,
        $key
      );
    }

    // store the key state
    $this->settings->set(
      $keyStateSettingName,
      $state
    );

    // store the subscription type
    if (!empty($state['data']) && !empty($state['data']['subscription_type'])) {
      $this->storeSubscriptionType($state['data']['subscription_type']);
    }
  }

  private function buildKeyState($keyState, $result, ?string $accessRestriction): array {
    return [
      'state' => $keyState,
      'access_restriction' => $accessRestriction,
      'data' => !empty($result['data']) ? $result['data'] : null,
      'code' => !empty($result['code']) ? $result['code'] : self::CHECK_ERROR_UNKNOWN,
    ];
  }

  public function updateSubscriberCount(string $key, int $count): bool {
    return $this->getApi($key)->updateSubscriberCount($count);
  }

  public function invalidateMssKey() {
    $key = $this->settings->get(self::API_KEY_SETTING_NAME);
    $this->storeMSSKeyAndState($key, $this->buildKeyState(
      self::KEY_INVALID,
      ['code' => API::RESPONSE_CODE_KEY_INVALID],
      null
    ));
  }
}