# Findmbedtls.cmake
#
# Usage:
#   find_package(mbedtls REQUIRED)
#
# Optional cache variables the parent project may set before calling:
#   MBEDTLS_FETCHCONTENT_VERSION   e.g. "v3.6.4" or "mbedtls-4.1.0"
#   MBEDTLS_FETCHCONTENT_GIT_REPOSITORY
#   MBEDTLS_FETCHCONTENT_GIT_TAG
#   MBEDTLS_FETCHCONTENT_BASE_DIR
#   MBEDTLS_BUILD_SHARED      ON/OFF
#
# Provided variables:
#   mbedtls_FOUND
#   MBEDTLS_FOUND
#   MBEDTLS_INCLUDE_DIRS
#   MBEDTLS_LIBRARIES
#
# Provided imported targets:
#   MbedTLS::mbedtls
#   MbedTLS::mbedx509
#   MbedTLS::mbedcrypto

include_guard(GLOBAL)

include(FetchContent)
include(FindPackageHandleStandardArgs)

set(_MBEDTLS_DEFAULT_REPOSITORY "https://github.com/Mbed-TLS/mbedtls.git")
set(_MBEDTLS_DEFAULT_TAG "v4.1.0")

set(MBEDTLS_FETCHCONTENT_GIT_REPOSITORY
  "${_MBEDTLS_DEFAULT_REPOSITORY}"
  CACHE STRING "Git repository for fetching Mbed TLS")

if(DEFINED MBEDTLS_FETCHCONTENT_VERSION AND NOT DEFINED MBEDTLS_FETCHCONTENT_GIT_TAG)
  set(MBEDTLS_FETCHCONTENT_GIT_TAG
    "${MBEDTLS_FETCHCONTENT_VERSION}"
    CACHE STRING "Git tag/branch/commit for fetching Mbed TLS")
endif()

set(MBEDTLS_FETCHCONTENT_GIT_TAG
  "${MBEDTLS_FETCHCONTENT_GIT_TAG}"
  CACHE STRING "Git tag/branch/commit for fetching Mbed TLS")

if(NOT MBEDTLS_FETCHCONTENT_GIT_TAG)
  set(MBEDTLS_FETCHCONTENT_GIT_TAG "${_MBEDTLS_DEFAULT_TAG}" CACHE STRING "" FORCE)
endif()

option(MBEDTLS_BUILD_SHARED "Build Mbed TLS shared libraries" OFF)

# 1) Prefer an installed package config if available.
find_package(MbedTLS CONFIG QUIET)

if(TARGET MbedTLS::mbedtls AND TARGET MbedTLS::mbedx509 AND TARGET MbedTLS::mbedcrypto)
  set(mbedtls_FOUND TRUE)
  set(MBEDTLS_FOUND TRUE)
  set(MBEDTLS_LIBRARIES
    MbedTLS::mbedtls
    MbedTLS::mbedx509
    MbedTLS::mbedcrypto)
  set(MBEDTLS_INCLUDE_DIRS "")
  return()
endif()

# 2) If upstream exported plain targets instead of namespaced ones, alias them.
if(TARGET mbedtls AND TARGET mbedx509 AND TARGET mbedcrypto)
  if(NOT TARGET MbedTLS::mbedtls)
    add_library(MbedTLS::mbedtls INTERFACE IMPORTED)
    target_link_libraries(MbedTLS::mbedtls INTERFACE mbedtls)
  endif()
  if(NOT TARGET MbedTLS::mbedx509)
    add_library(MbedTLS::mbedx509 INTERFACE IMPORTED)
    target_link_libraries(MbedTLS::mbedx509 INTERFACE mbedx509)
  endif()
  if(NOT TARGET MbedTLS::mbedcrypto)
    add_library(MbedTLS::mbedcrypto INTERFACE IMPORTED)
    target_link_libraries(MbedTLS::mbedcrypto INTERFACE mbedcrypto)
  endif()

  set(mbedtls_FOUND TRUE)
  set(MBEDTLS_FOUND TRUE)
  set(MBEDTLS_LIBRARIES
    MbedTLS::mbedtls
    MbedTLS::mbedx509
    MbedTLS::mbedcrypto)
  set(MBEDTLS_INCLUDE_DIRS "")
  return()
endif()

# 3) Fetch and build Mbed TLS.
# Upstream options:
# - USE_STATIC_MBEDTLS_LIBRARY / USE_SHARED_MBEDTLS_LIBRARY
# - ENABLE_PROGRAMS / ENABLE_TESTING
# - MBEDTLS_AS_SUBPROJECT / DISABLE_PACKAGE_CONFIG_AND_INSTALL
# - MBEDTLS_TARGET_PREFIX
#
# These are supported by the upstream CMake build. :contentReference[oaicite:1]{index=1}

set(FETCHCONTENT_QUIET FALSE)

if(MBEDTLS_FETCHCONTENT_BASE_DIR)
  set(FETCHCONTENT_BASE_DIR "${MBEDTLS_FETCHCONTENT_BASE_DIR}")
endif()

# Avoid polluting the parent build and skip extras we usually do not want.
set(ENABLE_PROGRAMS OFF CACHE BOOL "" FORCE)
set(ENABLE_TESTING OFF CACHE BOOL "" FORCE)
set(DISABLE_PACKAGE_CONFIG_AND_INSTALL ON CACHE BOOL "" FORCE)
set(MBEDTLS_AS_SUBPROJECT ON CACHE BOOL "" FORCE)
set(MBEDTLS_TARGET_PREFIX "" CACHE STRING "" FORCE)

if(MBEDTLS_BUILD_SHARED)
  set(USE_SHARED_MBEDTLS_LIBRARY ON  CACHE BOOL "" FORCE)
  set(USE_STATIC_MBEDTLS_LIBRARY OFF CACHE BOOL "" FORCE)
else()
  set(USE_SHARED_MBEDTLS_LIBRARY OFF CACHE BOOL "" FORCE)
  set(USE_STATIC_MBEDTLS_LIBRARY ON  CACHE BOOL "" FORCE)
endif()

FetchContent_Declare(
  mbedtls_fc
  GIT_REPOSITORY "${MBEDTLS_FETCHCONTENT_GIT_REPOSITORY}"
  GIT_TAG    "${MBEDTLS_FETCHCONTENT_GIT_TAG}"
  GIT_SHALLOW  TRUE
)

FetchContent_MakeAvailable(mbedtls_fc)

# 4) Normalize targets across upstream versions.
#
# Mbed TLS 3.x:
#   mbedtls, mbedx509, mbedcrypto
#
# Mbed TLS 4.x:
#   mbedtls, mbedx509, tfpsacrypto
#
# Map everything to stable namespaced targets for the consumer. :contentReference[oaicite:2]{index=2}

set(_mbedtls_tls_target "")
set(_mbedtls_x509_target "")
set(_mbedtls_crypto_target "")

if(TARGET mbedtls)
  set(_mbedtls_tls_target mbedtls)
elseif(TARGET MbedTLS::mbedtls)
  set(_mbedtls_tls_target MbedTLS::mbedtls)
endif()

if(TARGET mbedx509)
  set(_mbedtls_x509_target mbedx509)
elseif(TARGET MbedTLS::mbedx509)
  set(_mbedtls_x509_target MbedTLS::mbedx509)
endif()

if(TARGET mbedcrypto)
  set(_mbedtls_crypto_target mbedcrypto)
elseif(TARGET tfpsacrypto)
  set(_mbedtls_crypto_target tfpsacrypto)
elseif(TARGET MbedTLS::mbedcrypto)
  set(_mbedtls_crypto_target MbedTLS::mbedcrypto)
endif()

if(_mbedtls_tls_target AND NOT TARGET MbedTLS::mbedtls)
  add_library(MbedTLS::mbedtls INTERFACE IMPORTED)
  target_link_libraries(MbedTLS::mbedtls INTERFACE "${_mbedtls_tls_target}")
endif()

if(_mbedtls_x509_target AND NOT TARGET MbedTLS::mbedx509)
  add_library(MbedTLS::mbedx509 INTERFACE IMPORTED)
  target_link_libraries(MbedTLS::mbedx509 INTERFACE "${_mbedtls_x509_target}")
endif()

if(_mbedtls_crypto_target AND NOT TARGET MbedTLS::mbedcrypto)
  add_library(MbedTLS::mbedcrypto INTERFACE IMPORTED)
  target_link_libraries(MbedTLS::mbedcrypto INTERFACE "${_mbedtls_crypto_target}")
endif()

find_package_handle_standard_args(
  mbedtls
  REQUIRED_VARS
    _mbedtls_tls_target
    _mbedtls_x509_target
    _mbedtls_crypto_target
)

if(mbedtls_FOUND)
  set(MBEDTLS_FOUND TRUE)
  set(MBEDTLS_LIBRARIES
    MbedTLS::mbedtls
    MbedTLS::mbedx509
    MbedTLS::mbedcrypto)

  # Best-effort include directory discovery for legacy consumers.
  get_target_property(_mbedtls_inc "${_mbedtls_tls_target}" INTERFACE_INCLUDE_DIRECTORIES)
  if(_mbedtls_inc)
    set(MBEDTLS_INCLUDE_DIRS "${_mbedtls_inc}")
  else()
    set(MBEDTLS_INCLUDE_DIRS "")
  endif()
endif()