package at.gv.egiz.eaaf.modules.pvp2.idp.test;

import java.io.IOException;

import javax.xml.transform.TransformerException;

import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfig;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
import at.gv.egiz.eaaf.modules.pvp2.idp.exception.InvalidAssertionEncryptionException;
import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
import at.gv.egiz.eaaf.modules.pvp2.test.binding.PostBindingTest;
import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;

import org.apache.commons.lang3.RandomStringUtils;
import org.joda.time.DateTime;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.core.Response;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.w3c.dom.Element;

import net.shibboleth.utilities.java.support.xml.XMLParserException;

@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({"/spring/test_eaaf_pvp.beans.xml"})
@TestPropertySource(
    locations = {"/config/config_1.props"})
public class AuthnResponseBuilderTest {

  @Autowired private DummyAuthConfig authConfig;
  @Autowired private PvpMetadataResolverFactory metadataResolverFactory;
  @Autowired private SamlVerificationEngine verifyEngine;
  @Autowired private DummyCredentialProvider credentialProvider;

  /**
   * JUnit class initializer.
   *
   * @throws Exception In case of an OpenSAML3 initialization error
   */
  @BeforeClass
  public static void classInitializer() throws Exception {
    EaafOpenSaml3xInitializer.eaafInitialize();

  }

  @Test
  public void encryptedAssertion() throws InvalidAssertionEncryptionException, Pvp2MetadataException,
      XMLParserException, UnmarshallingException, MarshallingException, TransformerException, IOException {
    final String issuerEntityID = RandomStringUtils.randomAlphabetic(15);

    final IPvp2MetadataProvider metadataProvider =
        metadataResolverFactory.createMetadataProvider(
            "classpath:/data/pvp_metadata_junit_keystore.xml", null, "jUnit metadata resolver", null);

    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
        XMLObjectProviderRegistrySupport.getParserPool(),
        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
    authnReq.setID("_" + RandomStringUtils.randomAlphanumeric(10));

    final Assertion assertion = (Assertion) XMLObjectSupport.unmarshallFromInputStream(
        XMLObjectProviderRegistrySupport.getParserPool(),
        PostBindingTest.class.getResourceAsStream("/data/Assertion_1.xml"));

    //build response
    final DateTime now = DateTime.now();
    final Response response = AuthResponseBuilder.buildResponse(
        metadataProvider, issuerEntityID, authnReq,
        now, assertion, authConfig);


    //validate
    Assert.assertNotNull("SAML2 response is null", response);
    Assert.assertTrue("Assertion not null", response.getAssertions().isEmpty());
    Assert.assertNotNull("Enc. assertion is null", response.getEncryptedAssertions());
    Assert.assertFalse("Enc. assertion is empty", response.getEncryptedAssertions().isEmpty());
    Assert.assertEquals("# enc. assertions wrong", 1, response.getEncryptedAssertions().size());

    Assert.assertEquals("InResponseTo", authnReq.getID(), response.getInResponseTo());
    Assert.assertEquals("Issuer EntityId", issuerEntityID, response.getIssuer().getValue());
    Assert.assertNotNull("ResponseId is null", response.getID());
    Assert.assertFalse("ResponseId is emptry", response.getID().isEmpty());

    final Element responseElement = XMLObjectSupport.getMarshaller(response).marshall(response);
    final String xmlResp = DomUtils.serializeNode(responseElement);
    Assert.assertNotNull("XML response is null", xmlResp);
    Assert.assertFalse("XML response is empty", xmlResp.isEmpty());

  }

  @Test
  public void encryptedAssertionWithDecryption() throws InvalidAssertionEncryptionException, Pvp2MetadataException,
      XMLParserException, UnmarshallingException, MarshallingException, TransformerException, IOException,
      SamlAssertionValidationExeption, CredentialsNotAvailableException {
    final String issuerEntityID = RandomStringUtils.randomAlphabetic(15);

    final IPvp2MetadataProvider metadataProvider =
        metadataResolverFactory.createMetadataProvider(
            "classpath:/data/pvp_metadata_junit_keystore.xml", null, "jUnit metadata resolver", null);

    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
        XMLObjectProviderRegistrySupport.getParserPool(),
        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
    authnReq.setID("_" + RandomStringUtils.randomAlphanumeric(10));

    final Assertion assertion = (Assertion) XMLObjectSupport.unmarshallFromInputStream(
        XMLObjectProviderRegistrySupport.getParserPool(),
        PostBindingTest.class.getResourceAsStream("/data/Assertion_1.xml"));

    //build response
    final DateTime now = DateTime.now();
    final Response response = AuthResponseBuilder.buildResponse(
        metadataProvider, issuerEntityID, authnReq,
        now, assertion, authConfig);


    //validate
    Assert.assertNotNull("SAML2 response is null", response);
    Assert.assertTrue("Assertion not null", response.getAssertions().isEmpty());
    Assert.assertNotNull("Enc. assertion is null", response.getEncryptedAssertions());
    Assert.assertFalse("Enc. assertion is empty", response.getEncryptedAssertions().isEmpty());
    Assert.assertEquals("# enc. assertions wrong", 1, response.getEncryptedAssertions().size());

    Assert.assertEquals("InResponseTo", authnReq.getID(), response.getInResponseTo());
    Assert.assertEquals("Issuer EntityId", issuerEntityID, response.getIssuer().getValue());
    Assert.assertNotNull("ResponseId is null", response.getID());
    Assert.assertFalse("ResponseId is emptry", response.getID().isEmpty());

    final Element responseElement = XMLObjectSupport.getMarshaller(response).marshall(response);
    final String xmlResp = DomUtils.serializeNode(responseElement);
    Assert.assertNotNull("XML response is null", xmlResp);
    Assert.assertFalse("XML response is empty", xmlResp.isEmpty());

    verifyEngine.validateAssertion(response, credentialProvider.getMetaDataSigningCredential(),
        "https://demo.egiz.gv.at/demoportal_demologin/", "jUnitTest", false);

  }

}