package at.gv.egiz.eaaf.core.test.utils;

import java.io.IOException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;

import org.apache.commons.io.IOUtils;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.lang.JoseException;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.BlockJUnit4ClassRunner;

import at.gv.egiz.eaaf.core.impl.utils.JoseUtils;
import at.gv.egiz.eaaf.core.impl.utils.JoseUtils.JwsResult;
import iaik.security.ec.provider.ECCelerate;
import iaik.security.provider.IAIK;

@RunWith(BlockJUnit4ClassRunner.class)
public class JoseUtilsTest {

  private static final List<String> BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(
      Arrays.asList(
          AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256,
          AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512,
          AlgorithmIdentifiers.RSA_PSS_USING_SHA256,
          AlgorithmIdentifiers.RSA_PSS_USING_SHA512));

  /**
   *jUnit test class initializer. 
   */
  @BeforeClass
  public static final void classInitializer() {
    IAIK.addAsProvider();
    ECCelerate.addAsProvider();
    
  }
  
  /**
   * jUnit test class cleaner.
   */
  @AfterClass
  public static final void classFinisher() {    
    Security.removeProvider(IAIK.getInstance().getName());
    Security.removeProvider(ECCelerate.getInstance().getName());
        
  }
  
  @Test
  public void testBindingAuthBlock() throws JoseException, IOException, CertificateException, NoSuchProviderException {
    
    final String serializedContent = IOUtils.toString(JoseUtils.class.getResourceAsStream(
        "/data/bindingAuth1.jws"), "UTF-8");
        
    final iaik.x509.X509Certificate trustedCert = new iaik.x509.X509Certificate(JoseUtils.class
        .getResourceAsStream("/data/bindingAuth1.crt"));
            
    final List<X509Certificate> trustedCerts = Arrays.asList(trustedCert);
    final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT,
        BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING
            .toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));

    final JwsResult result = JoseUtils.validateSignature(serializedContent, trustedCerts, constraints);

    Assert.assertNotNull("JWS verify result", result);
    Assert.assertTrue("JWS not valid", result.isValid());
    Assert.assertNotNull("JWS payload", result.getPayLoad());
    Assert.assertNotNull("JWS Headers", result.getFullJoseHeader());
    Assert.assertNotNull("JWS Signercerts", result.getX5cCerts());
    Assert.assertEquals("Signercerts size", 1, result.getX5cCerts().size());
    Assert.assertArrayEquals("Signercerts", trustedCert.getEncoded(), result.getX5cCerts().get(0).getEncoded());

  }
}