/*
 * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
 * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
 * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
 * compliance with the Licence. You may obtain a copy of the Licence at:
 * https://joinup.ec.europa.eu/news/understanding-eupl-v12
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the Licence
 * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the Licence for the specific language governing permissions and limitations under
 * the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text file for details on the
 * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
 * works that you distribute must include a readable copy of the "NOTICE" text file.
 */

package at.gv.egiz.eaaf.core.impl.idp.controller;

import java.io.IOException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.text.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

import at.gv.egiz.components.eventlog.api.EventConstants;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.IRequestStorage;
import at.gv.egiz.eaaf.core.api.IStatusMessenger;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.data.ExceptionContainer;
import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;

/**
 * Protocol finialization end-point.
 *
 * @author tlenz
 */
@Controller
public class ProtocolFinalizationController extends AbstractController {
  private static final Logger log = LoggerFactory.getLogger(ProtocolFinalizationController.class);
  public static final String ENDPOINT_FINALIZEPROTOCOL = 
      EaafConstants.ENDPOINT_PREFIX_SECURED + "/finalizeAuthProtocol";
  public static final String ENDPOINT_ERRORHANDLING = 
      EaafConstants.ENDPOINT_PREFIX_SECURED + "/errorHandling";
  public static final String ENDPOINT_ERROR_REDIRECT = 
      EaafConstants.ENDPOINT_PREFIX_SECURED + "/errorRedirect";

  @Autowired(required = true)
  IRequestStorage requestStorage;
  @Autowired
  IPendingRequestIdGenerationStrategy requestIdValidationStragegy;


  /**
   * Handles incoming requests for redirects to IDP.
   * @param req  http request
   * @param resp http response
   * @throws EaafException In case of an internal error
   * @throws IOException   In case of a servlet error
   */
  @RequestMapping(value = ENDPOINT_ERROR_REDIRECT, method = {RequestMethod.GET, RequestMethod.POST})
  public void errorRedirect(final HttpServletRequest req, final HttpServletResponse resp)
      throws EaafException, IOException {

    final String errorToken = StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE));
    if (errorToken != null) {
      IRequest pendingReq = null;
      try {
        String errorId = requestIdValidationStragegy.validateAndGetPendingRequestId(errorToken);
        log.debug("Searching exception with internal error-token: {}", errorId);

        // load stored exception from database
        final ExceptionContainer container = transactionStorage.get(errorId, ExceptionContainer.class);
        if (container != null) {
          // remove exception if it was found
          transactionStorage.remove(errorId);
          log.trace("Find exception with internal error-token: {}", errorId);

          final Throwable throwable = container.getExceptionThrown();
          pendingReq = container.getPendingRequest();

          if (pendingReq != null) {
            IModulInfo handlingModule = ProtocolAuthenticationService
                .extractShibbolethHandling(pendingReq, applicationContext);
            if (!handlingModule.generateErrorMessage(throwable, req, resp, pendingReq)) {
              protAuthService.handleErrorNoRedirect(new EaafException("process.90", null), req, resp, false);

            }
          }
        } else {
          log.info("Find no exception with internal error-token: {}", errorId);
          protAuthService
              .handleErrorNoRedirect(
                  new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_TIMEOUT, new Object[]{errorId}),
                  req, resp, false);
          
        }
        
      } catch (Throwable e) {
        log.error(e.getMessage(), e);
        protAuthService.handleErrorNoRedirect(e, req, resp, false);
        
      } finally {
        // remove pending-request
        if (pendingReq != null) {
          requestStorage.removePendingRequest(pendingReq.getPendingRequestId());
          revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier());

        }
      }
      
    } else {
      log.debug("Request contains NO ErrorId");
      protAuthService
          .handleErrorNoRedirect(new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), req,
              resp, false);

    }
  }

  /**
   * End-Point to handle errors.
   *
   * @param req  http request
   * @param resp http response
   * @throws EaafException In case of an internal error
   * @throws IOException   In case of a servlet error
   */
  @RequestMapping(value = ENDPOINT_ERRORHANDLING, method = {RequestMethod.GET, RequestMethod.POST})
  public void errorHandling(final HttpServletRequest req, final HttpServletResponse resp)
      throws EaafException, IOException {
    // receive an authentication error
    final String errorToken = StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE));
    if (errorToken != null) {
      IRequest pendingReq = null;
      try {
        String errorId = requestIdValidationStragegy.validateAndGetPendingRequestId(errorToken);
        log.debug("Searching exception with internal error-token: {}", errorId);

        // load stored exception from database
        final ExceptionContainer container = transactionStorage.get(errorId, ExceptionContainer.class);
        if (container != null) {
          // remove exception if it was found
          transactionStorage.remove(errorId);
          log.trace("Find exception with internal error-token: {}", errorId);

          final Throwable throwable = container.getExceptionThrown();
          pendingReq = container.getPendingRequest();

          if (pendingReq != null) {
            // set MDC variables
            TransactionIdUtils.setAllLoggingVariables(pendingReq);

            // build protocol-specific error message if possible
            protAuthService.buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq);

            // remove active user-session
            transactionStorage.remove(pendingReq.getPendingRequestId());

          } else {
            protAuthService.handleErrorNoRedirect(throwable, req, resp, true);

          }
        } else {
          log.info("Find no exception with internal error-token: {}", errorId);
          protAuthService
              .handleErrorNoRedirect(new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null),
                  req, resp, false);

        }

      } catch (final Throwable e) {
        log.error(e.getMessage(), e);
        protAuthService.handleErrorNoRedirect(e, req, resp, false);

      } finally {
        // remove pending-request
        if (pendingReq != null) {
          requestStorage.removePendingRequest(pendingReq.getPendingRequestId());
          revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier());

        }

        //remove all Logger variables
        TransactionIdUtils.removeAllLoggingVariables();

      }

    } else {
      log.debug("Request contains NO ErrorId");
      protAuthService
          .handleErrorNoRedirect(new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), req,
              resp, false);

    }

  }

  /**
   * End-Point to finalize authentication protocol.
   *
   * @param req  http request
   * @param resp http response
   * @throws EaafException In case of an internal error
   * @throws IOException   In case of a servlet error
   */
  @RequestMapping(value = ENDPOINT_FINALIZEPROTOCOL, method = {RequestMethod.GET})
  public void finalizeAuthProtocol(final HttpServletRequest req, final HttpServletResponse resp)
      throws EaafException, IOException {

    // read pendingRequest from http request
    final String pendingRequestID = StringEscapeUtils
        .escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID));
    final IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID);

    if (pendingReq == null) {
      log.info("PendingReqId was valid but no PendingRequest with ID: {}. Looks already used", 
          pendingRequestID);
      protAuthService.handleErrorNoRedirect(
          new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_TIMEOUT, new Object[]{pendingRequestID}), req,
          resp, false);

    } else {
      //set MDC variables
      TransactionIdUtils.setAllLoggingVariables(pendingReq);

      //perform protocol finalization steps
      protAuthService.finalizeAuthentication(req, resp, pendingReq);

    }

  }

}