package at.gv.egiz.eaaf.modules.pvp2.impl.binding;

import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;

import org.opensaml.core.config.ConfigurationService;
import org.opensaml.messaging.context.BaseContext;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.opensaml.saml.common.binding.encoding.SAMLMessageEncoder;
import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
import org.opensaml.saml.common.messaging.context.SAMLMessageInfoContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.common.messaging.context.SAMLProtocolContext;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml.saml2.metadata.impl.SingleSignOnServiceBuilder;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.SignatureValidationConfiguration;
import org.opensaml.xmlsec.SignatureValidationParameters;
import org.opensaml.xmlsec.context.SecurityParametersContext;
import org.opensaml.xmlsec.signature.support.SignatureConstants;
import org.springframework.beans.factory.annotation.Autowired;

/**
 * Abstract Binding implements common code for SAML2 binding implementations.
 *
 * @author tlenz
 *
 */
public abstract class AbstractBinding {

  @Autowired protected IConfiguration basicConfig;

  public abstract String getSaml2BindingName();

  protected MessageContext<SAMLObject> buildBasicMessageContext(
      SAMLMessageEncoder encoder, SignableSAMLObject response) {
    final MessageContext<SAMLObject> messageContext =  new MessageContext<SAMLObject>();
    messageContext.setMessage(response);
    encoder.setMessageContext(messageContext);
    return messageContext;

  }

  protected BaseContext injectSigningInfos(EaafX509Credential credentials) throws SamlSigningException {
    final SecurityParametersContext securityParamContext = new SecurityParametersContext();
    final SignatureSigningParameters signingParams = new SignatureSigningParameters();
    securityParamContext.setSignatureSigningParameters(signingParams);

    signingParams.setSigningCredential(credentials);
    signingParams.setSignatureCanonicalizationAlgorithm(
        SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    signingParams.setSignatureReferenceCanonicalizationAlgorithm(
        SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    signingParams.setSignatureAlgorithm(credentials.getSignatureAlgorithmForSigning());
    signingParams.setSignatureReferenceDigestMethod(
        Saml2Utils.getDigestAlgorithm(signingParams.getSignatureAlgorithm()));

    signingParams.setKeyInfoGenerator(Saml2Utils.getKeyInfoGenerator(credentials, false));

    return securityParamContext;

  }

  protected BaseContext injectEndpointInfos(final SignableSAMLObject response, String targetLocation) {
    SAMLBindingSupport.setSAML2Destination(response, targetLocation);
    final SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
    service.setBinding(getSaml2BindingName());
    service.setLocation(targetLocation);
    final SAMLPeerEntityContext peerEntityContext = new SAMLPeerEntityContext();
    final SAMLEndpointContext endpointContext = new SAMLEndpointContext();
    endpointContext.setEndpoint(service);
    peerEntityContext.addSubcontext(endpointContext);
    return peerEntityContext;

  }

  protected void injectInboundMessageContexts(MessageContext<SAMLObject> messageContext,
      IPvp2MetadataProvider metadataProvider) {
    messageContext.addSubcontext(new SAMLPeerEntityContext());
    messageContext.addSubcontext(new SAMLMessageInfoContext());


    final SAMLProtocolContext protocolContext = new SAMLProtocolContext();
    protocolContext.setProtocol(SAMLConstants.SAML20P_NS);
    messageContext.addSubcontext(protocolContext);


    final SecurityParametersContext securityParameterContext = new SecurityParametersContext();
    final SignatureValidationParameters sigValParameters = new SignatureValidationParameters();
    securityParameterContext.setSignatureValidationParameters(sigValParameters);
    messageContext.addSubcontext(securityParameterContext);

    sigValParameters.setBlacklistedAlgorithms(
        ConfigurationService.get(SignatureValidationConfiguration.class)
          .getBlacklistedAlgorithms());
    sigValParameters.setSignatureTrustEngine(
        TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));

  }
}