package at.gv.egovernment.moa.id.auth.servlet;

import java.io.IOException;
import java.net.URLEncoder;
import java.util.Map;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.OutputXML2File;

/**
 * Servlet requested for verifying the signed authentication block
 * provided by the security layer implementation.
 * Utilizes the {@link AuthenticationServer}.
 * 
 * @author Paul Ivancsics
 * @version $Id$
 */
public class VerifyAuthenticationBlockServlet extends AuthServlet {
	

  /**
   * Constructor for VerifyAuthenticationBlockServlet.
   */
  public VerifyAuthenticationBlockServlet() {
    super();
  }

  /**
   * GET requested by security layer implementation to verify
   * that data URL resource is available.
   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
   */
  protected void doGet(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException { 
    
		Logger.debug("GET VerifyAuthenticationBlock");
  }

  /**
   * Verifies the signed authentication block and redirects the browser
   * to the online application requested, adding a parameter needed for
   * retrieving the authentication data.
   * <br>
   * Request parameters:
   * <ul>
   * <li>MOASessionID: ID of associated authentication session</li>
   * <li>XMLResponse: <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
   * </ul>
   * Response:
   * <ul>
   * <li>Status: <code>302</code></li>
   * <li>Header <code>"Location"</code>: URL of the online application requested, with
   * 						parameters <code>"Target"</code> and <code>"SAMLArtifact"</code> added</li>
   * <li>Error status: <code>500</code>
   * </ul>
   * @see AuthenticationServer#verifyAuthenticationBlock
   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
   */
  protected void doPost(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException {

		Logger.debug("POST VerifyAuthenticationBlock");
    Map parameters = getParameters(req);
		String sessionID = req.getParameter(PARAM_SESSIONID);
		String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
		
		// debug XMLSignatureResponse from BKU
		if(null != createXMLSignatureResponse)
    	OutputXML2File.debugOutputXML2File("CreateXMLSignatureResponse.xml", createXMLSignatureResponse, MOAIDAuthConstants.DEBUG_OUTPUT_HIERARCHY);
		try {
			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
			String samlArtifactBase64 = 
				AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
			String redirectURL = session.getOAURLRequested();
			redirectURL = addURLParameter(redirectURL, PARAM_TARGET, session.getTarget());
			redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64));
			redirectURL = resp.encodeRedirectURL(redirectURL);
			resp.setStatus(302);
			resp.addHeader("Location", redirectURL);
			Logger.debug("REDIRECT TO: " + redirectURL);
		}
    
		catch (MOAIDException ex) {
			handleError(null, ex, req, resp);
		}

  }
  /**
   * Adds a parameter to a URL.
   * @param url the URL
   * @param paramname parameter name
   * @param paramvalue parameter value
   * @return the URL with parameter added
   */
  private static String addURLParameter(String url, String paramname, String paramvalue) {
		String param = paramname + "=" + paramvalue;
  	if (url.indexOf("?") < 0)
	  	return url + "?" + param;
  	else
  		return url + "&" + param;
  }

}