package at.gv.egiz.eaaf.modules.auth.sl20.utils;

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.List;

import javax.annotation.Nonnull;

import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.lang.JoseException;

import com.fasterxml.jackson.databind.JsonNode;

import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SLCommandoBuildException;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SLCommandoParserException;

public interface IJOSETools {

	/**
	 * Create a JWS signature
	 * 
	 * @param payLoad Payload to sign
	 * @throws SLCommandoBuildException 
	 */
	public String createSignature(String payLoad) throws SLCommandoBuildException;

	/**
	 * Validates a signed SL2.0 message
	 * 
	 * @param serializedContent
	 * @return
	 * @throws SLCommandoParserException
	 * @throws SL20Exception 
	 */
	@Nonnull
	public VerificationResult validateSignature(@Nonnull String serializedContent) throws SL20Exception;
	
	/**
	 * Validate a JWS signature 
	 * 
	 * @param serializedContent JWS in serialized form
	 * @param trustedCerts trusted X509 certificates
	 * @param constraints signature verification constraints
	 * @return Signature-verification result
	 * @throws JoseException
	 * @throws IOException
	 */
	@Nonnull
	public VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull List<X509Certificate> trustedCerts,
			@Nonnull AlgorithmConstraints constraints) throws JoseException, IOException;
	
	/**
	 * Validate a JWS signature 
	 * 
	 * @param serializedContent JWS in serialized form
	 * @param trustStore with trusted X509 certificates
	 * @param algconstraints signature verification constraints
	 * @return Signature-verification result
	 * @throws JoseException
	 * @throws IOException
	 * @throws KeyStoreException 
	 */
	@Nonnull
	public VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull KeyStore trustStore,
			@Nonnull AlgorithmConstraints algconstraints) throws JoseException, IOException, KeyStoreException;
	
	/**
	 * Get the encryption certificate for SL2.0 End-to-End encryption
	 * 
	 * @return
	 */
	public X509Certificate getEncryptionCertificate();

	/**
	 * Decrypt a serialized JWE token
	 * 
	 * @param compactSerialization Serialized JWE token
	 * @return decrypted payload
	 * @throws SL20Exception 
	 */
	public JsonNode decryptPayload(String compactSerialization) throws SL20Exception;

}