package at.gv.egovernment.moa.id.auth.servlet;

import java.io.IOException;
import java.io.OutputStream;
import java.util.Map;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.logging.Logger;

/**
 * Servlet requested for verifying the identity link
 * provided by the security layer implementation.
 * Utilizes the {@link AuthenticationServer}.
 *
 * @author Paul Ivancsics
 * @version $Id$
 */
public class VerifyIdentityLinkServlet extends AuthServlet {

  /**
   * Constructor for VerifyIdentityLinkServlet.
   */
  public VerifyIdentityLinkServlet() {
    super();
  }

  /**
   * GET requested by security layer implementation to verify
   * that data URL resource is available.
   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
   */
  protected void doGet(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException { 
    	
		Logger.debug("GET VerifyIdentityLink");
  }

  /**
   * Verifies the identity link and responds with a new 
   * <code>CreateXMLSignatureRequest</code>.
   * <br>
   * Request parameters:
   * <ul>
   * <li>MOASessionID: ID of associated authentication session</li>
   * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
   * </ul>
   * Response:
   * <ul>
   * <li>Content type: <code>"text/xml"</code></li>
   * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
   * <li>Error status: <code>500</code>
   * </ul>
   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
   */
  protected void doPost(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException {

		Logger.debug("POST VerifyIdentityLink");
    Map parameters = getParameters(req);
    String sessionID = req.getParameter(PARAM_SESSIONID);
    String infoboxReadResponse = (String)parameters.get(PARAM_XMLRESPONSE);
    
		try {
			String createXMLSignatureRequest = 
				AuthenticationServer.getInstance().verifyIdentityLink(sessionID, infoboxReadResponse);
			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
			resp.setStatus(307);
			String dataURL = new DataURLBuilder().buildDataURL(
				session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
			resp.addHeader("Location", dataURL);
			
			//TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
			resp.setContentType("text/xml;charset=UTF-8");
      
      OutputStream out = resp.getOutputStream();
      out.write(createXMLSignatureRequest.getBytes("UTF-8"));
			out.flush();
      out.close();
			Logger.debug("Finished POST VerifyIdentityLink");
		}
		catch (MOAIDException ex) {
			handleError(null, ex, req, resp);
		}
  }

}