/*******************************************************************************
 * Copyright 2018 A-SIT Plus GmbH
 * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, 
 * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "License");
 * You may not use this work except in compliance with the License.
 * You may obtain a copy of the License at:
 * https://joinup.ec.europa.eu/news/understanding-eupl-v12
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 *******************************************************************************/
package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2;

import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.when;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchProviderException;
import java.util.List;

import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.ws.soap.SOAPFaultException;

import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.binding.soap.SoapFault;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.util.Base64Utils;
import org.w3._2000._09.xmldsig.KeyValueType;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

import com.skjolberg.mockito.soap.SoapServiceRule;

import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils;
import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType;
import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType;
import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.exceptions.EAAFParserException;
import at.gv.egiz.eaaf.core.impl.data.Trible;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import szrservices.GetIdentityLinkEidasResponse;
import szrservices.IdentityLinkType;
import szrservices.PersonInfoType;
import szrservices.SZR;
import szrservices.SZRException_Exception;
import szrservices.TravelDocumentType;

@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration("/SpringTest-context_basic_test.xml")
public class SZRClientTest {
	private static final Logger log = LoggerFactory.getLogger(SZRClientTest.class);
	
	@Autowired SZRClient szrClient;
	@Autowired IConfiguration basicConfig;
	
	private static final String givenName = "Franz";
	private static final String familyName = "Mustermann";
	private static final String dateOfBirth = "1989-05-05";
	private static final String eIDASeID = "IS/AT/1234sdgsdfg56789ABCDEF";
	
	//Dummy public RSA Key
	private static final String PUBKEY_EXPONENT = "AQAB";
	private static final String PUBKEY_MODULUS = "AJZyj/+sdCMDRq9RkvbFcgSTVn/OfS8EUE81ddwP8MNuJ1kd1SWBUJPaQX2JLJHrL54mkOhrkhH2M/zcuOTu8nW9TOEgXGjrRB/0HpiYKpV+VDJViyyc/GacNLxN4Anw4pima6gHYaJIw9hQkL/nuO2hyh8PGJd7rxeFXJmbLy+X";
	
	private static final String DUMMY_TARGET = EAAFConstants.URN_PREFIX_CDID + "ZP";
	
	@BeforeClass
	public static void classInitializer() throws IOException {
		final String current = new java.io.File( "." ).toURI().toString();
		System.setProperty("eidas.ms.configuration", current + "../../basicConfig/default_config.properties");
       
	}
	
	@Rule
	public SoapServiceRule soap = SoapServiceRule.newInstance();
		
	@Test
	public void getIdentityLinkRawModeValidResponse() throws SZRException_Exception, EAAFParserException, NoSuchProviderException, IOException, InvalidKeyException, eIDASAuthenticationException, JAXBException {
		setSZRResponseIdentityLink("/data/szr/szr_resp_valid_1.xml", "http://localhost/demoszr");
		
		try {
			log.debug("Starting connecting SZR Gateway");											
			IdentityLinkType result = szrClient.getIdentityLinkInRawMode(
								getPersonInfo());

			Assert.assertNotNull(result);
			Assert.assertNotNull(result.getAssertion());
					
			IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser((Element)result.getAssertion()).parseIdentityLink();
			Assert.assertNotNull(identityLink);
	
			System.out.println(identityLink.getSerializedSamlAssertion());
	 
			checkElement("Mustermann", identityLink.getFamilyName());
			checkElement("Hans", identityLink.getGivenName());
			checkElement("1989-05-05", identityLink.getDateOfBirth());		
			checkElement("urn:publicid:gv.at:baseid", identityLink.getIdentificationType());		
			checkElement("k+zDM1BVpN1WJO4x7ZQ3ng==", identityLink.getIdentificationValue());		
			Assert.assertNotNull(identityLink.getSerializedSamlAssertion());		
			Assert.assertNotNull(identityLink.getSamlAssertion());
			
		} catch (SZRCommunicationException e) {
			Assert.fail();
			
		}
			
	}
	
	@Test
	public void getIdentityLinkRawModeErrorTravelerDocExists() throws SZRException_Exception, EAAFParserException, NoSuchProviderException, IOException, InvalidKeyException, eIDASAuthenticationException, JAXBException, ParserConfigurationException, SAXException {
		setSZRExceptionIdentityLink("/data/szr/szr_resp_error_travelerdocexists.xml", "http://localhost/demoszr");
		
		try {
			log.debug("Starting connecting SZR Gateway");											
			IdentityLinkType result = szrClient.getIdentityLinkInRawMode(
								getPersonInfo());
			Assert.fail();
						
		} catch (SZRCommunicationException e) {
			checkElement("ernb.02", e.getErrorId());
			Assert.assertNotNull(e.getCause());
			org.springframework.util.Assert.isInstanceOf(SOAPFaultException.class, e.getCause());
			Assert.assertNotNull(((SOAPFaultException)e.getCause()).getFault());
			checkElement("p344:F455", ((SOAPFaultException)e.getCause()).getFault().getFaultCode());
			checkElement("The travel document you sent to insert a person already exists for another person. Either check the document or have the person altered accordingly", ((SOAPFaultException)e.getCause()).getFault().getFaultString());
			
		}
			
	}

	@Ignore
	@Test
	public void getbPKTest() throws SZRException_Exception, eIDASAuthenticationException {
		String bPK = szrClient.getBPK(getPersonInfo(), DUMMY_TARGET, 
				basicConfig.getBasicConfiguration(
				Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, 
				"no VKZ defined"));
		
		if (StringUtils.isEmpty(bPK))
			throw new SZRCommunicationException("ernb.01", new Object[] {"bPK is null or empty"});
		
		
	}
	
	private void checkElement(String expected, String value) {
		Assert.assertNotNull(value);
		Assert.assertEquals(expected, value);
		
	}
	
	
	private void setSZRResponseIdentityLink(String responseXmlPath, String serviceURL) throws JAXBException, SZRException_Exception {
		final SZR szrServiceMock = soap.mock(SZR.class, serviceURL);
		final JAXBContext jaxbContext 	= JAXBContext.newInstance(
				szrservices.ObjectFactory.class, 
				org.xmlsoap.schemas.ws._2002._04.secext.ObjectFactory.class,
				org.w3._2001._04.xmldsig_more.ObjectFactory.class,
				org.w3._2000._09.xmldsig.ObjectFactory.class,
				at.gv.egov.pvp1.ObjectFactory.class,
				at.gv.e_government.reference.namespace.persondata._20020228.ObjectFactory.class);
		 final Unmarshaller jaxbUnmarshaller   = jaxbContext.createUnmarshaller();
		 final GetIdentityLinkEidasResponse szrResponse= (GetIdentityLinkEidasResponse) jaxbUnmarshaller.unmarshal(this.getClass().getResourceAsStream(responseXmlPath));
		 when(szrServiceMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenReturn(szrResponse.getGetIdentityLinkReturn());
		
	}
	
	private void setSZRExceptionIdentityLink(String responseXmlPath, String serviceURL) throws JAXBException,ParserConfigurationException, SAXException, IOException, SZRException_Exception {
		final SZR szrServiceMock = soap.mock(SZR.class, serviceURL);	 
		final Element detailerror = DOMUtils.parseXmlNonValidating(this.getClass().getResourceAsStream(responseXmlPath));				
		final javax.xml.namespace.QName qName = new javax.xml.namespace.QName("urn:SZRServices","F455", "p344");
		final SoapFault fault = new SoapFault("The travel document you sent to insert a person already exists for another person. Either check the document or have the person altered accordingly", qName);
		fault.setRole("urn:SZRServices");
		fault.setDetail(detailerror);				 
		when(szrServiceMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenThrow(fault);
		
	}
	
	private String createHashFromUniqueId(String uniqueId) throws eIDASAuthenticationException {
		try {
            MessageDigest md = MessageDigest.getInstance("SHA-256");
            byte[] hash = md.digest(uniqueId.getBytes("UTF-8"));
            String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", "");
            return hashBase64;
            
        } catch (Exception ex) {
            throw new eIDASAuthenticationException("internal.03", new Object[]{},  ex);
            
        }
	}
	
	private PersonInfoType getPersonInfo() throws eIDASAuthenticationException {
		PersonInfoType personInfo = new PersonInfoType();
		PersonNameType personName = new PersonNameType();
		PhysicalPersonType naturalPerson = new PhysicalPersonType();
		TravelDocumentType eDocument = new TravelDocumentType();				
		
		naturalPerson.setName(personName );
		personInfo.setPerson(naturalPerson );
		personInfo.setTravelDocument(eDocument );
						
		//parse some eID attributes
		Trible<String, String, String> eIdentifier = 
				eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIDASeID);
		String uniqueId = createHashFromUniqueId(eIdentifier.getThird());
		String citizenCountry = eIdentifier.getFirst();
					
		//person information
		personName.setFamilyName((String)familyName);
		personName.setGivenName((String)givenName); 
		naturalPerson.setDateOfBirth(dateOfBirth);
		eDocument.setIssuingCountry(citizenCountry);
		eDocument.setDocumentNumber(uniqueId);
		
		//eID document information								
		eDocument.setDocumentType(basicConfig.getBasicConfiguration(
				Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, 
				Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE));
		
		//TODO: that should be removed
//		eDocument.setIssueDate(basicConfig.getBasicConfiguration(
//				Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE));
//		eDocument.setIssuingAuthority(basicConfig.getBasicConfiguration(
//				Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY));
		
		return personInfo;
	}


	private List<KeyValueType> dummyCodeForKeys() throws IOException, NoSuchProviderException, InvalidKeyException {
//		if (basicConfig.getBasicMOAIDConfigurationBoolean(
//				Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY, 
//				false)) {
//			List<KeyValueType> keyvalueList = new ArrayList<KeyValueType>();
//			try {
//				// set key values
//				RSAKeyValueType rsa = new RSAKeyValueType();
//				rsa.setExponent(PUBKEY_EXPONENT);
//				rsa.setModulus(PUBKEY_MODULUS);
//						
//				KeyValueType key = new KeyValueType();
//				key.setRSAKeyValue(rsa);							
//				keyvalueList.add(key);
//			
//				return keyvalueList;
//			} catch (Exception e) {
//				log.error("TestCode has an internal ERROR", e);
//				throw e;
//				
//			}
//			
//		}
		
		return null;
		
	}
	
	/*
	 * getIdentityLink without RAW mode does not contain a valid signature
	 */
	//@Test
//	public void getIdentityLink() throws SZRException_Exception, EAAFParserException, NoSuchProviderException, IOException, InvalidKeyException, eIDASAuthenticationException {
//		log.debug("Starting connecting SZR Gateway");											
//		IdentityLinkType result = szrClient.getIdentityLink(
//									getPersonInfo(), 
//									dummyCodeForKeys(), 
//									basicConfig.getBasicMOAIDConfigurationBoolean(
//											Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_INSERTERNB, 
//											true)
//									);
//
//		Element idlFromSZR = (Element)result.getAssertion();			
//		IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink();
//		if (identityLink == null)
//			throw new SZRCommunicationException("ernb.00", new Object[] {"bPK is null or empty"});
//			
//	}
}