package at.gv.egiz.eaaf.modules.pvp2.test;

import java.time.Instant;

import org.apache.xml.security.algorithms.JCEMapper;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.Response;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;

import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
import net.shibboleth.shared.xml.XMLParserException;


@Ignore
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
    "/spring/test_eaaf_core_spring_config.beans.xml",
    "/spring/eaaf_utils.beans.xml" })
@TestPropertySource(locations = { "/config/config_eidas.props" })
@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
public class SamlVerificationEngineEidasTest {

  @Autowired
  private PvpMetadataResolverFactory metadataResolverFactory;
  
  @Autowired
  private SamlVerificationEngine verifyEngine;
  @Autowired
  private DummyCredentialProvider credentialProvider;

  @Autowired DummyMetadataProvider metadataProvider;
  @Autowired IConfiguration authConfig;
 
  /**
   * JUnit class initializer.
   *
   * @throws Exception In case of an OpenSAML3 initialization error
   */
  @BeforeClass
  public static void classInitializer() throws Exception {
    EaafOpenSaml3xInitializer.eaafInitialize();

  }
  
  /**
   * Reset OpenSAML3.x JCEMapper to default.
   * 
   */
  @AfterClass
  public static void classCloser() {
    JCEMapper.setProviderId(null); 
   
  }
  
  @Test
  public void verifyAssertionSucessNotEncrypted() throws SamlSigningException, Pvp2MetadataException,
      CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
    final String responsePath = "/data/response_eidas.xml";
    final String metadataPath = "classpath:/data/metadata_eidas.xml";
    final String spEntityId = "https://vidp.gv.at/EidasNode/ColleagueResponse";

    final Pair<Response, IPvp2MetadataProvider> inputMsg =
        initializeResponse(spEntityId, metadataPath, responsePath,
            credentialProvider.getMetaDataSigningCredential());

    verifyEngine.validateAssertion(inputMsg.getFirst(), credentialProvider.getMessageSigningCredential(),
        spEntityId, "jUnit Test", false);


  }
  
  protected Pair<Response, IPvp2MetadataProvider> initializeResponse(String spEntityId, String metadataPath,
      String authnReqPath, EaafX509Credential credential)
          throws SamlSigningException, XMLParserException, UnmarshallingException, Pvp2MetadataException {
    final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider(
        metadataPath, null, "jUnit metadata resolver", null);

    final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(
        XMLObjectProviderRegistrySupport.getParserPool(),
        AbstractSamlVerificationEngine.class.getResourceAsStream(authnReqPath));
    response.setIssueInstant(Instant.now());
    final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
    issuer.setValue(spEntityId);
    response.setIssuer(issuer);

    return Pair.newInstance(
        Saml2Utils.signSamlObject(response, credential, true),
        mdResolver);
  }
}