package at.asitplus.eidas.specific.connector.test;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

import javax.xml.parsers.ParserConfigurationException;

import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.io.Unmarshaller;
import org.opensaml.xml.io.UnmarshallerFactory;
import org.opensaml.xml.io.UnmarshallingException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration;
import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;

@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({
    "/applicationContext.xml",
    "/specific_eIDAS_connector.beans.xml",
    "/eaaf_core.beans.xml",
    "/eaaf_pvp.beans.xml",
    "/eaaf_pvp_idp.beans.xml",
    "/spring/SpringTest-context_simple_storage.xml" })
@WebAppConfiguration
@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
public class AuthnRequestValidatorTest {

  @Autowired private IConfiguration basicConfig;
  @Autowired protected IAuthnRequestValidator authRequestValidator;
  
  private MockHttpServletRequest httpReq;
  private MockHttpServletResponse httpResp;
  private TestRequestImpl pendingReq;
  
  /**
   * jUnit class initializer.
   * @throws ConfigurationException In case of an error
   * 
   */
  @BeforeClass
  public static void classInitializer() throws ConfigurationException {
    final String current = new java.io.File(".").toURI().toString();
    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties");
    
    EaafDefaultSaml2Bootstrap.bootstrap();
  }
  
  /**
   * jUnit test set-up.
   * 
   */
  @Before
  public void initialize() {
    httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
    httpResp = new MockHttpServletResponse();
    RequestContextHolder.resetRequestAttributes();
    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
    
    Map<String, String> spConfig = new HashMap<>();
    spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphabetic(10));
    
    pendingReq = new TestRequestImpl();
    pendingReq.setAuthUrl("https://localhost/ms_connector");
    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
    pendingReq.setSpConfig(new ServiceProviderConfiguration(spConfig, basicConfig));
  }
  
  @Test
  public void loaLowRequested() throws AuthnRequestValidatorException, ParserConfigurationException, 
      SAXException, IOException, UnmarshallingException {
    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml");
    
    //test
    authRequestValidator.validate(httpReq, pendingReq, authReq, null);
        
    //validate
    Assert.assertNotNull("spEntityId is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
    Assert.assertEquals("SP EntityId not match", 
        "https://demo.egiz.gv.at/demoportal-openID_demo", 
        pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
    
    Assert.assertNotNull("SP ProviderName  is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
    Assert.assertEquals("SP ProviderName not match", 
        "OpenID Connect Demo", 
        pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
    
    Assert.assertNotNull("Requested SP LoA is null", 
        pendingReq.getServiceProviderConfiguration().getRequiredLoA());
    Assert.assertFalse("Requested SP LoA is null", 
        pendingReq.getServiceProviderConfiguration().getRequiredLoA().isEmpty());
    Assert.assertEquals("SP LoA count not match", 1, 
        pendingReq.getServiceProviderConfiguration().getRequiredLoA().size());
    Assert.assertEquals("SP LoA  not match", 
        "http://eidas.europa.eu/LoA/substantial", 
        pendingReq.getServiceProviderConfiguration().getRequiredLoA().get(0));
    
    Assert.assertNotNull("bPK Target is null", 
        pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
    Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+BF", 
        pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
        
  }
  
  @Test
  public void loaSubstentialRequested() throws AuthnRequestValidatorException, ParserConfigurationException, 
      SAXException, IOException, UnmarshallingException {
    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_2.xml");
    
    //test
    authRequestValidator.validate(httpReq, pendingReq, authReq, null);
        
    //validate
    Assert.assertNotNull("spEntityId is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
    Assert.assertEquals("SP EntityId not match", 
        "https://demo.egiz.gv.at/demoportal-openID_demo", 
        pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
    
    Assert.assertNotNull("SP ProviderName  is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
    Assert.assertEquals("SP ProviderName not match", 
        "OpenID Connect Demo", 
        pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
    
    Assert.assertNotNull("Requested SP LoA is null", 
        pendingReq.getServiceProviderConfiguration().getRequiredLoA());
    Assert.assertFalse("Requested SP LoA is null", 
        pendingReq.getServiceProviderConfiguration().getRequiredLoA().isEmpty());
    Assert.assertEquals("SP LoA count not match", 1, 
        pendingReq.getServiceProviderConfiguration().getRequiredLoA().size());
    Assert.assertEquals("SP LoA  not match", 
        "http://eidas.europa.eu/LoA/substantial", 
        pendingReq.getServiceProviderConfiguration().getRequiredLoA().get(0));
    
    Assert.assertNotNull("bPK Target is null", 
        pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
    Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+BF", 
        pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
        
  }
  
  @Test
  public void loaHighRequested() throws AuthnRequestValidatorException, ParserConfigurationException, 
      SAXException, IOException, UnmarshallingException {
    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_3.xml");
    
    //test
    authRequestValidator.validate(httpReq, pendingReq, authReq, null);
        
    //validate
    Assert.assertNotNull("spEntityId is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
    Assert.assertEquals("SP EntityId not match", 
        "https://demo.egiz.gv.at/demoportal-openID_demo", 
        pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
    
    Assert.assertNotNull("SP ProviderName  is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
    Assert.assertEquals("SP ProviderName not match", 
        "OpenID Connect Demo", 
        pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
    
    Assert.assertNotNull("Requested SP LoA is null", 
        pendingReq.getServiceProviderConfiguration().getRequiredLoA());
    Assert.assertFalse("Requested SP LoA is null", 
        pendingReq.getServiceProviderConfiguration().getRequiredLoA().isEmpty());
    Assert.assertEquals("SP LoA count not match", 1, 
        pendingReq.getServiceProviderConfiguration().getRequiredLoA().size());
    Assert.assertEquals("SP LoA  not match", 
        "http://eidas.europa.eu/LoA/high", 
        pendingReq.getServiceProviderConfiguration().getRequiredLoA().get(0));
    
    Assert.assertNotNull("bPK Target is null", 
        pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
    Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+XX", 
        pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
        
  }
  
  private AuthnRequest getAuthRequest(String resource) throws 
      ParserConfigurationException, SAXException, IOException, UnmarshallingException {
    final Element authBlockDom =
        DomUtils.parseXmlValidating(AuthnRequestValidatorTest.class.getResourceAsStream(resource));

    final UnmarshallerFactory unmarshallerFactory =
        org.opensaml.xml.Configuration.getUnmarshallerFactory();
    final Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDom);
    return (AuthnRequest) unmarshaller.unmarshall(authBlockDom);
    
  }
}