/*
 * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
 * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
 * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
 * compliance with the Licence. You may obtain a copy of the Licence at:
 * https://joinup.ec.europa.eu/news/understanding-eupl-v12
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the Licence
 * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the Licence for the specific language governing permissions and limitations under
 * the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text file for details on the
 * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
 * works that you distribute must include a readable copy of the "NOTICE" text file.
*/

package at.gv.egiz.eaaf.modules.pvp2.impl.binding;

import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.binding.decoding.URIComparator;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.SignableXMLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("PVPSOAPBinding")
public class SoapBinding implements IDecoder, IEncoder {

  private static final Logger log = LoggerFactory.getLogger(SoapBinding.class);

  @Override
  public InboundMessageInterface decode(final HttpServletRequest req,
      final HttpServletResponse resp, final MetadataProvider metadataProvider,
      final boolean isSpEndPoint, final URIComparator comparator)
      throws MessageDecodingException, SecurityException, Pvp2Exception {
    final HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
    final BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
        new BasicSAMLMessageContext<>();
    messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(req));
    messageContext.setMetadataProvider(metadataProvider);

    // TODO: update in a futher version:
    // requires a special SignedSOAPRequestPolicyRole because
    // messageContext.getInboundMessage() is not directly signed

    // set security context
    // BasicSecurityPolicy policy = new BasicSecurityPolicy();
    // policy.getPolicyRules().add(
    // new MOAPVPSignedRequestPolicyRule(
    // TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
    // SPSSODescriptor.DEFAULT_ELEMENT_NAME));
    // SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
    // policy);
    // messageContext.setSecurityPolicyResolver(resolver);

    // decode message
    soapDecoder.decode(messageContext);

    final Envelope inboundMessage = (Envelope) messageContext.getInboundMessage();

    if (inboundMessage.getBody() != null) {
      final List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();

      if (!xmlElemList.isEmpty()) {
        final SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0);
        final PvpSProfileRequest request = new PvpSProfileRequest(attrReq, getSaml2BindingName());

        if (messageContext.getPeerEntityMetadata() != null) {
          request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
        } else if (attrReq instanceof RequestAbstractType) {
          final RequestAbstractType attributeRequest = (RequestAbstractType) attrReq;
          try {
            if (StringUtils.isNotEmpty(attributeRequest.getIssuer().getValue())
                && metadataProvider.getRole(attributeRequest.getIssuer().getValue(),
                    SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null) {
              request.setEntityID(attributeRequest.getIssuer().getValue());
            }

          } catch (final Exception e) {
            log.warn("No Metadata found with EntityID " + attributeRequest.getIssuer().getValue());
          }
        }

        request.setVerified(false);
        return request;

      }
    }

    log.error("Receive empty PVP 2.1 attributequery request.");
    throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null);
  }

  @Override
  public boolean handleDecode(final String action, final HttpServletRequest req) {
    return req.getMethod().equals("POST")
        && action.equals(PvpConstants.SOAP) || action.equals(PvpConstants.ATTRIBUTEQUERY);
  }

  @Override
  public void encodeRequest(final HttpServletRequest req, final HttpServletResponse resp,
      final RequestAbstractType request, final String targetLocation, final String relayState,
      final Credential credentials, final IRequest pendingReq)
      throws MessageEncodingException, SecurityException, Pvp2Exception {

  }

  @Override
  public void encodeRespone(final HttpServletRequest req, final HttpServletResponse resp,
      final StatusResponseType response, final String targetLocation, final String relayState,
      final Credential credentials, final IRequest pendingReq)
      throws MessageEncodingException, SecurityException, Pvp2Exception {

    // load default PVP security configurations
    EaafDefaultSaml2Bootstrap.initializeDefaultPvpConfiguration();

    final HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
    final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(resp, true);
    final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context =
        new BasicSAMLMessageContext<>();
    context.setOutboundSAMLMessageSigningCredential(credentials);
    context.setOutboundSAMLMessage(response);
    context.setOutboundMessageTransport(responseAdapter);

    encoder.encode(context);

  }

  @Override
  public String getSaml2BindingName() {
    return SAMLConstants.SAML2_SOAP11_BINDING_URI;
  }

}