/*
 * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
 * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
 * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
 * compliance with the Licence. You may obtain a copy of the Licence at:
 * https://joinup.ec.europa.eu/news/understanding-eupl-v12
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the Licence
 * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the Licence for the specific language governing permissions and limitations under
 * the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text file for details on the
 * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
 * works that you distribute must include a readable copy of the "NOTICE" text file.
*/

package at.gv.egiz.eaaf.core.api.idp.auth;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface;
import at.gv.egiz.eaaf.core.exceptions.EaafSsoException;

public interface ISsoManager {

  // TODO
  int EVENT_SSO_SESSION_INVALID = -1;
  int EVENT_SSO_SESSION_VALID = -1;

  String PROCESS_ENGINE_SSO_CONSENTS_EVALUATION = "ssoconsentsevaluation";
  String AUTH_DATA_SSO_SESSIONID = "eaaf_authdata_sso_sessionId";

  /**
   * Check if there is an active and valid SSO session for the current pending
   * request. <br>
   * If there is an active SSO session, the pending request will be populated with
   * eID information from SSO session
   *
   * @param pendingReq Current incoming pending request
   * @param httpReq    http Servlet request
   * @param httpResp   http Servlet response
   * @return true if there is a valid SSO session, otherwise false
   * @throws EaafSsoException In case of an internal error
   */
  boolean checkAndValidateSsoSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp)
      throws EaafSsoException;

  /**
   * Populate service provider specific SSO settings.
   *
   * <p>
   * Check if Single Sign-On is allowed for the current pending request and the
   * requested service provider Set IRequest.needSingleSignOnFunctionality() to
   * true if SSO is allowed
   * </p>
   *
   * @param pendingReq Current incoming pending request
   * @param httpReq    http Servlet request
   */
  void isSsoAllowedForSp(IRequest pendingReq, HttpServletRequest httpReq);

  /**
   * Populate the current pending request with eID information from an existing
   * SSO session.
   *
   * @param pendingReq pending request that should be populated by SSO session
   * @throws EaafSsoException if pending request contains no SSO information or
   *                          population failed
   */
  void populatePendingRequestWithSsoInformation(IRequest pendingReq) throws EaafSsoException;

  /**
   * Destroy an active SSO session on IDP site only.
   *
   * @param httpReq    http servlet request
   * @param httpResp   http servlet response
   * @param pendingReq current pending request
   * @return true if a SSO session was closed successfully, otherwise false
   * @throws EaafSsoException in case of an internal processing error
   */
  boolean destroySsoSessionOnIdpOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq)
      throws EaafSsoException;

  /**
   * Create a new SSO session-cookie for a specific pendingRequest and add it into
   * http response.
   *
   * @param req        http Request
   * @param resp       http Response
   * @param pendingReq Current open PendingRequest
   * @return new created SSO identifier
   * @throws EaafSsoException In case of an internal error
   */
  String createNewSsoSessionCookie(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq)
      throws EaafSsoException;

  /**
   * Create a new SSO session in database.
   *
   * @param pendingReq      current pending request
   * @param newSsoSessionId new SSO sessionId
   * @throws EaafSsoException In case of an internal error
   */
  void createNewSsoSession(IRequest pendingReq, String newSsoSessionId) throws EaafSsoException;

  /**
   * Updateing an existing SSO session in database.
   *
   * @param pendingReq      current pending request
   * @param newSsoSessionId new SSO session Id
   * @param sloInformation  SLO information container
   * @throws EaafSsoException In case of an internal error
   */
  void updateSsoSession(IRequest pendingReq, String newSsoSessionId, SloInformationInterface sloInformation)
      throws EaafSsoException;

}