package at.gv.egiz.eaaf.modules.pvp2.impl.verification;

import javax.annotation.Nonnull;

import org.opensaml.core.config.ConfigurationService;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.handler.AbstractMessageHandler;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.saml.common.messaging.context.SAMLMessageInfoContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.xmlsec.SignatureValidationConfiguration;
import org.opensaml.xmlsec.SignatureValidationParameters;
import org.opensaml.xmlsec.context.SecurityParametersContext;
import org.opensaml.xmlsec.signature.support.SignatureTrustEngine;

import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;

@Slf4j
public class EaafMessageContextInitializationHandler extends AbstractMessageHandler {

  private final IPvp2MetadataProvider internalMetadataProvider;
  private SignatureTrustEngine trustEngine;

  public EaafMessageContextInitializationHandler(@Nonnull IPvp2MetadataProvider metadataProvider) {
    internalMetadataProvider = metadataProvider;
  }

  @Override
  protected void doInitialize() throws ComponentInitializationException {
    try {
      trustEngine = TrustEngineFactory.getSignatureKnownKeysTrustEngine(internalMetadataProvider);

    } catch (final Pvp2InternalErrorException e) {
      throw new ComponentInitializationException("TrustEngine injection FAILED", e);

    }
  }


  @Override
  protected void doInvoke(MessageContext messageContext) throws MessageHandlerException {
    log.trace("Injecting sub-context to SAML2 message ... ");
    messageContext.addSubcontext(new SAMLPeerEntityContext());
    messageContext.addSubcontext(new SAMLMessageInfoContext());


    final SecurityParametersContext securityParameterContext = new SecurityParametersContext();
    final SignatureValidationParameters sigValParameters = new SignatureValidationParameters();
    securityParameterContext.setSignatureValidationParameters(sigValParameters);
    messageContext.addSubcontext(securityParameterContext);

    sigValParameters.setExcludedAlgorithms(
        ConfigurationService.get(SignatureValidationConfiguration.class)
            .getExcludedAlgorithms());
    sigValParameters.setSignatureTrustEngine(trustEngine);
  }

}