/*******************************************************************************
 * Copyright 2018 A-SIT Plus GmbH
 * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, 
 * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "License");
 * You may not use this work except in compliance with the License.
 * You may obtain a copy of the License at:
 * https://joinup.ec.europa.eu/news/understanding-eupl-v12
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 *******************************************************************************/
/*******************************************************************************
 *******************************************************************************/
package at.asitplus.eidas.specific.connector.provider;

import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.List;

import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.params.HttpClientParams;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.xml.parse.BasicParserPool;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants;
import at.asitplus.eidas.specific.connector.verification.MetadataSignatureVerificationFilter;
import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;

@Service("PVPMetadataProvider")
public class PVPMetadataProvider extends AbstractChainingMetadataProvider{
	private static final Logger log = LoggerFactory.getLogger(PVPMetadataProvider.class);
	
	@Autowired(required=true) IConfigurationWithSP basicConfig;
	
	@Override
	protected String getMetadataUrl(String entityId) throws EaafConfigurationException {
		ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId);
		if (spConfig != null) {
			String metadataURL = entityId;
			
			String metadataURLFromConfig = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL);
			if (StringUtils.isNotEmpty(metadataURLFromConfig)) {
				log.debug("Use metdataURL from configuration for EntityId: " + entityId);
				metadataURL = metadataURLFromConfig;
				
			} 
				 
			return metadataURL; 
			
		} else
			log.info("No ServiceProvider with entityId: " + entityId + " in configuration.");
		
		return null;
	}

	@Override
	protected MetadataProvider createNewMetadataProvider(String entityId)
			throws EaafConfigurationException, IOException, CertificateException {
		ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId);
		if (spConfig != null) {
			try {
				String metadataURL = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL);
				if (StringUtils.isEmpty(metadataURL)) {
					log.debug("Use EntityId: " + entityId + " instead of explicite metadataURL ... ");
					metadataURL = entityId;
					
				}				
				String trustStoreUrl = FileUtils.makeAbsoluteUrl(
						spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE), 
						authConfig.getConfigurationRootDirectory());
				String trustStorePassword = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE_PASSWORD);

				return createNewSimpleMetadataProvider(metadataURL, 								 
						buildMetadataFilterChain(spConfig, metadataURL, trustStoreUrl, trustStorePassword), 
						spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER),
						getTimer(),
						new BasicParserPool(),
						createHttpClient(metadataURL));
				
			} catch (Pvp2MetadataException e) {
				log.info("Can NOT initialize Metadata signature-verification filter. Reason: " + e.getMessage());
				throw new EaafConfigurationException("config.27", 
						new Object[] {"Can NOT initialize Metadata signature-verification filter. Reason: " + e.getMessage()}, e);
				
			}
			
		} else
			log.info("No ServiceProvider with entityId: " + entityId + " in configuration.");
		
		return null;
	}

	@Override
	protected List<String> getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException {
		// TODO Auto-generated method stub
		return null;
	}

	private HttpClient createHttpClient(String metadataURL) {					
		HttpClient httpClient = new HttpClient();		
		HttpClientParams httpClientParams = new HttpClientParams();
		httpClientParams.setSoTimeout(MSeIDASNodeConstants.METADATA_SOCKED_TIMEOUT);
		httpClient.setParams(httpClientParams);		
		return httpClient;
				
	}
	
	private MetadataFilterChain buildMetadataFilterChain(ISpConfiguration oaParam, String metadataURL, String trustStoreUrl, String trustStorePassword) throws CertificateException, Pvp2MetadataException{
		MetadataFilterChain filterChain = new MetadataFilterChain();		
		filterChain.getFilters().add(new SchemaValidationFilter(
				basicConfig.getBasicConfigurationBoolean(MSeIDASNodeConstants.PROP_CONFIG_PVP_SCHEME_VALIDATION, true)));
					
		filterChain.getFilters().add(
				new MetadataSignatureVerificationFilter(
						trustStoreUrl, trustStorePassword, metadataURL));
				
		filterChain.getFilters().add(new PvpEntityCategoryFilter(
				basicConfig.getBasicConfigurationBoolean(MSeIDASNodeConstants.PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES, true)));
		
		return filterChain;		
	}
}