package at.gv.egiz.eaaf.modules.pvp2.test;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThrows;

import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.xmlsec.signature.support.SignatureConstants;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;

import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
import lombok.SneakyThrows;
import net.shibboleth.shared.xml.XMLParserException;

//@IfProfileValue(name = "spring.profiles.active", value = "devEnvironment")
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
    "/spring/test_eaaf_core_spring_config.beans.xml",
    "/spring/eaaf_utils.beans.xml" })
@TestPropertySource(locations = { "/config/config_3.props" })
@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
public class SamlVerificationEngineWithHsmFacadeTest extends AbstractSamlVerificationEngine {

  @Override
  protected String getMetadataClassPathEntityPath() {
    return "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml";

  }

  @Override
  protected String getMetadataJunitJKeystore() {
    return "classpath:/data/pvp_metadata_junit_keystore.xml";
  }

  @Override
  protected String getAuthnRequestWithoutSigPath() {
    return "/data/AuthRequest_without_sig_1.xml";
  }

  @Override
  protected String getResponseWithSigPath() {
    return "/data/Response_with_sig_1.xml";
  }

  @Override
  protected String getResponseWithoutSigPath() {
    return "/data/Response_without_sig_1.xml";
  }

  @Test
  public void validateSamlRequestWrongSignatureAlg() throws SecurityException, Exception {

    final String authnReqPath = getAuthnRequestWithoutSigPath();
    final String metadataPath = getMetadataJunitJKeystore();
    final String spEntityId = metadataPath;

    metadataProvider.runGarbageCollector();

    final EaafX509Credential cred = credentialProvider.getMetaDataSigningCredential();
    cred.setSignatureAlgorithmForSigning(SignatureConstants.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5);
    try {
      initializeAuthnRequest(spEntityId, metadataPath, authnReqPath,
          cred);
      org.junit.Assert.fail("Wrong SigAlg not detected");

    } catch (final SamlSigningException e) {
      org.junit.Assert.assertEquals("Wrong errorCode", "internal.pvp.96", e.getErrorId());

    }
  }
  
  @Test
  public void assertionDecryptionWithWrongEcKey() throws SamlSigningException, Pvp2MetadataException,
      CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
    final String responsePath = "/data/response_decrypt_test.xml";
    final String spEntityId = "https://vidp.gv.at/EidasNode/ColleagueResponse";

    final Response inputMsg =
        initializeResponseSimple(spEntityId, responsePath,
            credentialProvider.getMetaDataSigningCredential());

    SamlAssertionValidationExeption error = assertThrows("wrong exception", SamlAssertionValidationExeption.class, 
        () -> verifyEngine.validateAssertion(inputMsg, credentialProvider.getMessageSigningCredential(),
        spEntityId, "jUnit Test", false));    
    assertEquals("wrong errorCode", "internal.pvp.16", error.getErrorId());

  }
  
  @Test
  public void assertionDecryptionWithWrongRsaKey() throws SamlSigningException, Pvp2MetadataException,
      CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
    final String responsePath = "/data/response_decrypt_test.xml";
    final String spEntityId = "https://vidp.gv.at/EidasNode/ColleagueResponse";

    final Response inputMsg =
        initializeResponseSimple(spEntityId, responsePath,
            credentialProvider.getMetaDataSigningCredential());

    SamlAssertionValidationExeption error = assertThrows("wrong exception", SamlAssertionValidationExeption.class, 
        () -> verifyEngine.validateAssertion(inputMsg, credentialProvider.getMetaDataSigningCredential(),
        spEntityId, "jUnit Test", false));    
    assertEquals("wrong errorCode", "internal.pvp.16", error.getErrorId());

  }
  
  @Test
  @SneakyThrows
  public void assertionEncryptionDecryptionRsa() throws SamlSigningException, Pvp2MetadataException,
      CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
    performEncryptionDecrytion(credentialProvider.getMessageEncryptionCredential());

  }

  
  /*
   * ECC keys currently not support for encryption.
   */
  @Test
  @Ignore
  @SneakyThrows
  public void assertionEncryptionDecryptionEcc() throws SamlSigningException, Pvp2MetadataException,
      CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
    performEncryptionDecrytion(credentialProvider.getMessageSigningCredential());

  }
    
}