/*******************************************************************************
 *******************************************************************************/
package at.gv.egiz.eidas.specific.connector.provider;

import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.List;

import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.params.HttpClientParams;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.xml.parse.BasicParserPool;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PVPEntityCategoryFilter;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
import at.gv.egiz.eidas.specific.connector.verification.MetadataSignatureVerificationFilter;

@Service("PVPMetadataProvider")
public class PVPMetadataProvider extends AbstractChainingMetadataProvider{
	private static final Logger log = LoggerFactory.getLogger(PVPMetadataProvider.class);
	
	@Autowired(required=true) IConfiguration basicConfig;
	
	@Override
	protected String getMetadataURL(String entityId) throws EAAFConfigurationException {
		ISPConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId);
		if (spConfig != null) {
			String metadataURL = entityId;
			
			String metadataURLFromConfig = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL);
			if (StringUtils.isNotEmpty(metadataURLFromConfig)) {
				log.debug("Use metdataURL from configuration for EntityId: " + entityId);
				metadataURL = metadataURLFromConfig;
				
			}
				
			return metadataURL;
			
		} else
			log.info("No ServiceProvider with entityId: " + entityId + " in configuration.");
		
		return null;
	}

	@Override
	protected MetadataProvider createNewMetadataProvider(String entityId)
			throws EAAFConfigurationException, IOException, CertificateException {
		ISPConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId);
		if (spConfig != null) {
			try {
				String metadataURL = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL);
				if (StringUtils.isEmpty(metadataURL)) {
					log.debug("Use EntityId: " + entityId + " instead of explicite metadataURL ... ");
					metadataURL = entityId;
					
				}				
				String trustStoreUrl = FileUtils.makeAbsoluteURL(
						spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE), 
						authConfig.getConfigurationRootDirectory());
				String trustStorePassword = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE_PASSWORD);

				return createNewSimpleMetadataProvider(metadataURL, 								 
						buildMetadataFilterChain(spConfig, metadataURL, trustStoreUrl, trustStorePassword), 
						spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER),
						getTimer(),
						new BasicParserPool(),
						createHttpClient(metadataURL));
				
			} catch (PVP2MetadataException e) {
				log.info("Can NOT initialize Metadata signature-verification filter. Reason: " + e.getMessage());
				throw new EAAFConfigurationException("config.27", 
						new Object[] {"Can NOT initialize Metadata signature-verification filter. Reason: " + e.getMessage()}, e);
				
			}
			
		} else
			log.info("No ServiceProvider with entityId: " + entityId + " in configuration.");
		
		return null;
	}

	@Override
	protected List<String> getAllMetadataURLsFromConfiguration() throws EAAFConfigurationException {
		// TODO Auto-generated method stub
		return null;
	}

	private HttpClient createHttpClient(String metadataURL) {					
		HttpClient httpClient = new HttpClient();		
		HttpClientParams httpClientParams = new HttpClientParams();
		httpClientParams.setSoTimeout(MSeIDASNodeConstants.METADATA_SOCKED_TIMEOUT);
		httpClient.setParams(httpClientParams);		
		return httpClient;
				
	}
	
	private MetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, String trustStoreUrl, String trustStorePassword) throws CertificateException, PVP2MetadataException{
		MetadataFilterChain filterChain = new MetadataFilterChain();		
		filterChain.getFilters().add(new SchemaValidationFilter(
				basicConfig.getBasicMOAIDConfigurationBoolean(MSeIDASNodeConstants.PROP_CONFIG_PVP_SCHEME_VALIDATION, true)));
					
		filterChain.getFilters().add(
				new MetadataSignatureVerificationFilter(
						trustStoreUrl, trustStorePassword, metadataURL));
				
		filterChain.getFilters().add(new PVPEntityCategoryFilter(
				basicConfig.getBasicMOAIDConfigurationBoolean(MSeIDASNodeConstants.PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES, true)));
		
		return filterChain;		
	}
}