package at.gv.egiz.eaaf.modules.sigverify.moasig.impl;

import java.io.IOException;
import java.io.InputStream;
import java.security.Provider;
import java.security.Security;
import java.util.Iterator;
import java.util.Map.Entry;

import javax.annotation.Nonnull;
import javax.annotation.PostConstruct;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ISchemaRessourceProvider;
import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceConfigurationException;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.api.Configurator;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import at.gv.egovernment.moaspss.util.DOMUtils;
import iaik.asn1.structures.AlgorithmID;
import iaik.security.ec.provider.ECCelerate;
import iaik.security.provider.IAIK;

public class MoaSigInitializer {
  private static final Logger log = LoggerFactory.getLogger(MoaSigInitializer.class);

  @Autowired(required = false)
  ISchemaRessourceProvider[] schemas;

  private Configurator moaSigConfigurator;

  /**
   * Get MOA-Sig configuration object.
   *
   * @return moa-sig configuration
   */
  @Nonnull
  public Configurator getMoaSigConfigurator() {
    return moaSigConfigurator;

  }

  @PostConstruct
  private synchronized void initialize() throws MoaSigServiceConfigurationException {
    log.info("Initializing MOA-Sig signature-verification service ... ");

    log.info("Loading Java security providers.");
    IAIK.addAsProvider();
    ECCelerate.addAsProvider();

    try {
      LoggingContextManager.getInstance().setLoggingContext(new LoggingContext("startup"));
      log.debug("MOA-Sig library initialization process ... ");
      Configurator.getInstance().init();
      log.info("MOA-Sig library initialization complete ");

      //Security.insertProviderAt(IAIK.getInstance(), 0);

      //final ECCelerate eccProvider = ECCelerate.getInstance();
      //if (Security.getProvider(eccProvider.getName()) != null) {
      //  Security.removeProvider(eccProvider.getName());
      //}
      //Security.addProvider(new ECCelerate());

      fixJava8_141ProblemWithSslAlgorithms();

      if (log.isDebugEnabled()) {
        log.debug("Loaded Security Provider:");
        final Provider[] providerList = Security.getProviders();
        for (int i = 0; i < providerList.length; i++) {
          log.debug(
              i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion());
        }

      }

      // Inject additional XML schemes
      if (schemas != null && schemas.length > 0) {
        log.debug("Infjecting additional XML schemes ... ");
        for (final ISchemaRessourceProvider el : schemas) {
          final Iterator<Entry<String, InputStream>> xmlSchemeIt =
              el.getSchemas().entrySet().iterator();
          while (xmlSchemeIt.hasNext()) {
            final Entry<String, InputStream> xmlDef = xmlSchemeIt.next();
            try {
              DOMUtils.addSchemaToPool(xmlDef.getValue(), xmlDef.getKey());
              log.info("Inject XML scheme: {}", xmlDef.getKey());

            } catch (final IOException e) {
              log.warn("Can NOT inject XML scheme: " + xmlDef.getKey(), e);

            }

          }
        }
      }

      moaSigConfigurator = Configurator.getInstance();

    } catch (final MOAException e) {
      log.error("MOA-SP initialization FAILED!", e.getWrapped());
      throw new MoaSigServiceConfigurationException("service.moasig.04",
          new Object[] { e.toString() }, e);
    }

  }

  private static void fixJava8_141ProblemWithSslAlgorithms() {
    log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ...");
    // new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[]
    // { "MD5withRSA",
    // "MD5/RSA", }, null, true);
    new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption",
        new String[] { "SHA1withRSA", "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true);
    new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption",
        new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true);
    new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption",
        new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true);
    new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption",
        new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true);
    new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption",
        new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true);

    log.info("Change AlgorithmIDs finished");
  }
}