/*
 * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
 * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
 * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
 * compliance with the Licence. You may obtain a copy of the Licence at:
 * https://joinup.ec.europa.eu/news/understanding-eupl-v12
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the Licence
 * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the Licence for the specific language governing permissions and limitations under
 * the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text file for details on the
 * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
 * works that you distribute must include a readable copy of the "NOTICE" text file.
*/

package at.gv.egiz.eaaf.modules.pvp2.idp.impl;

import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.joda.time.DateTime;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IAction;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.data.SloInformationImpl;
import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException;
import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.Pvp2AssertionBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;

@Service("PVPAuthenticationRequestAction")
public class AuthenticationAction implements IAction {
  private static final Logger log = LoggerFactory.getLogger(AuthenticationAction.class);

  @Autowired(required = true)
  private IPvp2MetadataProvider metadataProvider;
  @Autowired(required = true)
  ApplicationContext springContext;
  @Autowired(required = true)
  IConfiguration authConfig;
  @Autowired(required = true)
  Pvp2AssertionBuilder assertionBuilder;
  @Autowired(required = true)
  IPvp2BasicConfiguration pvpBasicConfiguration;
  @Autowired(required = true)
  IRevisionLogger revisionsLogger;

  private IPvp2CredentialProvider pvpIdpCredentials;

  /**
   * Sets a specific credential provider for PVP S-Profile IDP component.
   *
   * @param pvpIdpCredentials credential provider
   */
  public void setPvpIdpCredentials(final IPvp2CredentialProvider pvpIdpCredentials) {
    this.pvpIdpCredentials = pvpIdpCredentials;

  }

  @Override
  public SloInformationInterface processRequest(final IRequest req,
      final HttpServletRequest httpReq, final HttpServletResponse httpResp,
      final IAuthData authData) throws ResponderErrorException {
    final PvpSProfilePendingRequest pvpRequest = (PvpSProfilePendingRequest) req;
    try {
      // get basic information
      final PvpSProfileRequest moaRequest = (PvpSProfileRequest) pvpRequest.getRequest();
      final AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
      final EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);

      final AssertionConsumerService consumerService =
          Saml2Utils.createSamlObject(AssertionConsumerService.class);
      consumerService.setBinding(pvpRequest.getBinding());
      consumerService.setLocation(pvpRequest.getConsumerUrl());

      final DateTime date = new DateTime();
      final SloInformationImpl sloInformation = new SloInformationImpl();
      final String issuerEntityID = pvpBasicConfiguration.getIdpEntityId(pvpRequest.getAuthUrl());

      // build Assertion
      final Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, pvpRequest,
          authnRequest, authData, peerEntity, date, consumerService, sloInformation);

      final Response authResponse = AuthResponseBuilder.buildResponse(metadataProvider,
          issuerEntityID, authnRequest, date, assertion,
          authConfig);

      IEncoder binding = null;

      if (consumerService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
        binding = springContext.getBean("PvpRedirectBinding", RedirectBinding.class);

      } else if (consumerService.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
        binding = springContext.getBean("PvpPostBinding", PostBinding.class);

      }

      if (binding == null) {
        throw new BindingNotSupportedException(consumerService.getBinding());
      }

      binding.encodeResponse(httpReq, httpResp, authResponse, consumerService.getLocation(),
          moaRequest.getRelayState(), pvpIdpCredentials.getMessageSigningCredential(), req);

      revisionsLogger.logEvent(req, 3105, authResponse.getID());

      // set protocol type
      sloInformation.setProtocolType(req.requestedModule());
      sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());
      return sloInformation;

    } catch (final SecurityException e) {
      log.warn("Message Encoding exception", e);
      throw new ResponderErrorException("pvp2.01", null, e);

    } catch (final EaafException e) {
      log.info("Response generation error: Msg: ", e.getMessage());
      throw new ResponderErrorException(e.getErrorId(), e.getParams(), e);

    } catch (final Exception e) {
      log.warn("Response generation error", e);
      throw new ResponderErrorException("pvp2.01", null, e);

    }

  }

  @Override
  public boolean needAuthentication(final IRequest req, final HttpServletRequest httpReq,
      final HttpServletResponse httpResp) {
    return true;
  }

  @Override
  public String getDefaultActionName() {
    return "PVPAuthenticationRequestAction";

  }

  @PostConstruct
  private void verifyInitialization() {
    if (pvpIdpCredentials == null) {
      log.error("No SAML2 credentialProvider injected!");
      throw new RuntimeException("No SAML2 credentialProvider injected!");

    }
  }

}