package at.gv.egovernment.moa.id.auth.parser;

import java.security.interfaces.RSAPublicKey;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.List;

import org.w3c.dom.Element;
import org.w3c.dom.traversal.NodeIterator;

import at.gv.egovernment.moa.id.*;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;

/**
 * Parses an identity link <code>&lt;saml:Assertion&gt;</code>
 * @author Paul Ivancsics
 * @version $Id$
 */
public class IdentityLinkAssertionParser {

  //
  // XPath namespace prefix shortcuts
  //

  /** Xpath prefix for reaching PersonData Namespaces */
  private static final String PDATA = Constants.PD_PREFIX + ":";
  /** Xpath prefix for reaching SecurityLayer 1.0 Namespaces */
  private static final String SL10 = Constants.SL10_PREFIX + ":";
  /** Xpath prefix for reaching SAML Namespaces */
  private static final String SAML = Constants.SAML_PREFIX + ":";
  /** Xpath prefix for reaching XML-DSIG Namespaces */
  private static final String DSIG = Constants.DSIG_PREFIX + ":";
  /** Xpath prefix for reaching ECDS Namespaces */
  private static final String ECDSA = Constants.ECDSA_PREFIX + ":";
  /** Xpath expression to the root element */  
	private static final String ROOT = "/" + SAML + "Assertion/";
 /** Xpath expression to the SAMLSubjectConfirmationData element */
  private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH =
      ROOT
      + SAML
      + "AttributeStatement/"
      + SAML
      + "Subject/"
      + SAML
      + "SubjectConfirmation/"
      + SAML
      + "SubjectConfirmationData";
  /** Xpath expression to the PersonData element */
	private static final String PERSON_XPATH =
		SAML_SUBJECT_CONFIRMATION_DATA_XPATH
      + "/"
      + PDATA
      + "Person";
  /** Xpath expression to the PersonData GivenName element */      
  private static final String PERSON_GIVEN_NAME_XPATH =
    PERSON_XPATH
    	+ "/"
      + PDATA
      + "Name/"
      + PDATA
      + "GivenName";
  /** Xpath expression to the PersonData FamilyName element */
  private static final String PERSON_FAMILY_NAME_XPATH =
    PERSON_XPATH
    	+ "/"
      + PDATA
      + "Name/"
      + PDATA
      + "FamilyName";
  /** Xpath expression to the PersonData DateOfBirth element */
  private static final String PERSON_DATE_OF_BIRTH_XPATH =
    PERSON_XPATH
    	+ "/"
      + PDATA
      + "DateOfBirth";
  /** Xpath expression to the Identification element */
  private static final String PERSON_IDENT_XPATH =
    PERSON_XPATH
    	+ "/"
      + PDATA
      + "Identification";

  /** Xpath expression to the Identification Value element */	
  private static final String PERSON_IDENT_VALUE_XPATH =
    PERSON_XPATH
    	+ "/"
      + PDATA
      + "Identification/"
      + PDATA
      + "Value";

	/** Xpath expression to the Identification Value element */	
	private static final String PERSON_IDENT_TYPE_XPATH =
		PERSON_XPATH
			+ "/"
			+ PDATA
			+ "Identification/"
			+ PDATA
			+ "Type";

  /** Xpath expression to the RSAKeyValue element */
  private static final String RSA_KEY_VALUE_XPATH =
    ROOT
      + SAML
      + "AttributeStatement/"
      + SAML
      + "Attribute/"
      + SAML
      + "AttributeValue/"
      + DSIG
      + "RSAKeyValue";

  /** Xpath expression to the ECKeyValue element */
  private static final String ECDSA_KEY_VALUE_XPATH =
    ROOT
      + SAML
      + "AttributeStatement/"
      + SAML
      + "Attribute/"
      + SAML
      + "AttributeValue/"
      + ECDSA
      + "ECDSAKeyValue";

  
  /** Xpath expression to the RSA Modulus element */
  private static final String RSA_KEY_MODULUS_XPATH = DSIG + "Modulus";
  /** Xpath expression to the RSA Exponent element */
  private static final String RSA_KEY_EXPONENT_XPATH = DSIG + "Exponent";
  /** Xpath expression to the DSIG X509Certificate element */
  private static final String DSIG_CERTIFICATES_XPATH =
    ROOT
      + DSIG
      + "Signature/"
      + DSIG
      + "KeyInfo/"
      + DSIG
      + "X509Data/"
      + DSIG
      + "X509Certificate";
 /** Xpath expression to the DSIG Transforms element */
 private static final String DSIG_REFERENCE_TRANSFORMATION_XPATH = 
   ROOT 
   + DSIG 
   + "Signature/" 
   + DSIG 
   + "SignedInfo/" 
   + DSIG 
   + "Reference/" 
   + DSIG 
   + "Transforms";
      
  /**This is the root element of the XML-Document provided by the Security Layer Card*/
  private Element assertionElem;

  /**
   * Constructor for <code>IdentityLinkAssertionParser</code>.
   * A DOM-representation of the incoming String will be created
   * @param xmlAssertion <code>&lt;saml:Assertion&gt;</code> as String
   * @throws ParseException on any parsing error
   */
  public IdentityLinkAssertionParser(String xmlAssertion) throws ParseException {
    try {
      InputStream s = new ByteArrayInputStream(xmlAssertion.getBytes("UTF-8"));
      assertionElem = DOMUtils.parseXmlValidating(s);
    }
    catch (Throwable t) {
      throw new ParseException("parser.01", new Object[] { t.toString()}, t);
    }
  }

  /**
   * Constructor for <code>IdentityLinkAssertionParser</code>.
   * A DOM-representation of the incoming Inputstream will be created
   * @param xmlAssertion <code>&lt;saml:Assertion&gt;</code> as InputStream
   * @throws ParseException on any parsing error
   */
  public IdentityLinkAssertionParser(InputStream xmlAssertion) throws Exception {
    try {
      assertionElem = DOMUtils.parseXmlValidating(xmlAssertion);
    }
    catch (Throwable t) {
      throw new ParseException("parser.01", new Object[] { t.toString() }, t);
    }
  }

  /**
   * Parses the identity link from the <code>&lt;saml:Assertion&gt;</code>
   * @return Identity link
   * @throws ParseException on any parsing error
   */

  public IdentityLink parseIdentityLink() throws ParseException {
    IdentityLink identityLink;
    try {
      identityLink = new IdentityLink();
      identityLink.setSamlAssertion(assertionElem);
      identityLink.setPrPerson((Element)
      	XPathUtils.selectSingleNode(assertionElem, PERSON_XPATH));
      identityLink.setIdentificationValue(
        XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, ""));
			identityLink.setIdentificationType(
				XPathUtils.getElementValue(assertionElem, PERSON_IDENT_TYPE_XPATH, ""));
      identityLink.setGivenName(
        XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, ""));
      identityLink.setFamilyName(
        XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, ""));
      identityLink.setDateOfBirth(
        XPathUtils.getElementValue(assertionElem, PERSON_DATE_OF_BIRTH_XPATH, ""));
			 NodeIterator dsigRefTransforms = 
			 XPathUtils.selectNodeIterator(assertionElem, DSIG_REFERENCE_TRANSFORMATION_XPATH);
       List transElems = new ArrayList();
       Element transformsElem;
       while ((transformsElem = (Element) dsigRefTransforms.nextNode()) != null) {
          transElems.add(transformsElem);
       }
       Element[] result = new Element[transElems.size()];
       transElems.toArray(result);  
       identityLink.setDsigReferenceTransforms(result);
       
       identityLink.setPublicKey(getPublicKeys());
   
    }
    catch (Throwable t) {
      throw new ParseException("parser.01", new Object[] { t.toString() }, t);
    }

    return identityLink;
  }

  /**
   * Parses an array of Public Keys from the <code>&lt;InfoboxReadResponse&gt;</code>
   * @return RSAPublicKey[]
   * @throws IOException can occur when decoding the base64 values of the modulus and exponent
   */
  public PublicKey[] getPublicKeys() throws IOException, ECDSAConverterException{


    List pubKeys = new ArrayList();
    //Try to get RSA-Keys
    NodeIterator rsaIter =
      XPathUtils.selectNodeIterator(assertionElem, Constants.nSMap, RSA_KEY_VALUE_XPATH);
    Element rsaElem;
    
    while ((rsaElem = (Element) rsaIter.nextNode()) != null) {
      String modulus =
        XPathUtils.getElementValue(rsaElem, RSA_KEY_MODULUS_XPATH, "");
      String exponent =
        XPathUtils.getElementValue(rsaElem, RSA_KEY_EXPONENT_XPATH, "");
           
      RSAPublicKey resPub =
        new iaik.security.rsa.RSAPublicKey(
          new BigInteger(1, Base64Utils.decode(modulus, true)),
          new BigInteger(1, Base64Utils.decode(exponent, true)));
      pubKeys.add(resPub);
    }

    //Try to get ECDSA-Keys
    NodeIterator ecdsaIter =
      XPathUtils.selectNodeIterator(assertionElem, Constants.nSMap, ECDSA_KEY_VALUE_XPATH);
    Element ecdsaElem;
    PublicKey ecPubKey = null;
    while ((ecdsaElem = (Element) ecdsaIter.nextNode()) != null) {
        try {
            ecPubKey = ECDSAKeyValueConverter.element2ECDSAPublicKey(ecdsaElem);
            pubKeys.add(ecPubKey);
        }
        catch(Exception e) {
            //TODO test
            throw new ECDSAConverterException("parser.03", new Object[] { e.toString() }, e);
        }
    }
    
    PublicKey[] result = new PublicKey[pubKeys.size()];
    pubKeys.toArray(result);
    return result;

  }
  /**
    * Parses a string array of decoded base64 certificates from 
    * the <code>&lt;InfoboxReadResponse&gt;</code> found in the dsig-signature
    * @return String[] with raw-certificates from the dsig-signature keyinfo
    * @throws Exception
    */
  public String[] getCertificates() throws Exception {
    List certs = new ArrayList();
    NodeIterator rsaIter =
      XPathUtils.selectNodeIterator(assertionElem, DSIG_CERTIFICATES_XPATH);
    Element certElem;
    while ((certElem = (Element) rsaIter.nextNode()) != null) {
      String content = DOMUtils.getText(certElem);
      certs.add(new String(Base64Utils.decode(content, true)));
    }
    String[] result = new String[certs.size()];
    certs.toArray(result);
    return result;

  }
}