package at.gv.egovernment.moa.id.config;

import iaik.pki.pathvalidation.ChainingModes;
import iaik.utils.RFC2253NameParser;
import iaik.utils.RFC2253NameParserException;

import java.math.BigInteger;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;

import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.traversal.NodeIterator;

import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.Schema;
import at.gv.egovernment.moa.id.auth.data.SchemaImpl;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathException;
import at.gv.egovernment.moa.util.XPathUtils;

/**
 * A class that builds configuration data from a DOM based representation.
 * 
 * @author Patrick Peck
 * @author Stefan Knirsch
 * @version $Id$
 */
public class ConfigurationBuilder {

  //
  // XPath namespace prefix shortcuts
  //
  /** an XPATH-Expression */ 
  protected static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":";
  /** an XPATH-Expression */ 
  protected static final String DSIG = Constants.DSIG_PREFIX + ":";

  //
  // chaining mode constants appearing in the configuration file
  //
  /** an XPATH-Expression */ 
  protected static final String CM_CHAINING = "chaining";
  /** an XPATH-Expression */ 
  protected static final String CM_PKIX = "pkix";
  /** an XPATH-Expression */ 
  protected static final String DEFAULT_ENCODING = "UTF-8";

  //
  // XPath expressions to select certain parts of the configuration
  //
  /** an XPATH-Expression */ 
  protected static final String ROOT = "/" + CONF + "MOA-IDConfiguration/";
  
  /** an XPATH-Expression */ 
  protected static final String AUTH_BKU_XPATH =
    ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection";
  /** an XPATH-Expression */ 
  protected static final String AUTH_BKUSELECT_TEMPLATE_XPATH =
    ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL";
  /** an XPATH-Expression */ 
  protected static final String AUTH_TEMPLATE_XPATH =
    ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL";
  /** an XPATH-Expression */ 
	public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH =
    ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename";
  /** an XPATH-Expression */ 
  protected static final String AUTH_MOA_SP_XPATH =
    ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP";
  /** an XPATH-Expression */ 
  protected static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH =
      ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID";
  /** an XPATH-Expression */ 
  protected static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH =
        ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID";
  /** an XPATH-Expression */ 
  protected static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH =
   ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF  + "VerifyTransformsInfoProfileID";

  /** an XPATH-Expression */ 
  protected static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH =
    ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName";
 
  /** an XPATH-Expression */ 
  public static final String AUTH_VERIFY_INFOBOXES_XPATH =
    ROOT + CONF + "AuthComponent/" + CONF + "VerifyInfoboxes";
  
  /** an XPATH-Expression */ 
  protected static final String OA_XPATH = ROOT + CONF + "OnlineApplication";
  /** an XPATH-Expression */ 
  protected static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL";
  /** an XPATH-Expression */ 
  protected static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent";
  /** an XPATH-Expression */ 
  protected static final String OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH = CONF + "IdentificationNumber";    
  /** an XPATH-Expression */ 
  protected static final String OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH =
    CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL";
  /** an XPATH-Expression */ 
  protected static final String OA_AUTH_COMPONENT_TEMPLATE_XPATH =
    CONF + "Templates/" + CONF + "Template/@URL";
  /** an XPATH-Expression */ 
  protected static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename";
  /** an XPATH-Expression */ 
  protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes";
  /** an XPATH-Expression */ 
  protected static final String CONNECTION_PARAMETER_URL_XPATH =
    CONF + "ConnectionParameter/@URL";
  /** an XPATH-Expression */ 
  protected static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH =
    CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates";
  /** an XPATH-Expression */ 
  protected static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH =
    CONF + "ConnectionParameter/" + CONF + "ClientKeyStore";
  /** an XPATH-Expression */ 
  protected static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH =
    CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password";
  /** an XPATH-Expression */ 
  protected static final String GENERIC_CONFIGURATION_XPATH =
    ROOT + CONF + "GenericConfiguration";
  
  /** an XPATH-Expression */ 
  protected static final String CHAINING_MODES_XPATH =
    ROOT + CONF + "ChainingModes";
  /** an XPATH-Expression */ 
  protected static final String CHAINING_MODES_DEFAULT_XPATH =
    CHAINING_MODES_XPATH + "/@systemDefaultMode";
  /** an XPATH-Expression */ 
  protected static final String TRUST_ANCHOR_XPATH =
    ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor";
  /** an XPATH-Expression */ 
  protected static final String ISSUER_XPATH = DSIG + "X509IssuerName";
  /** an XPATH-Expression */ 
  protected static final String SERIAL_XPATH = DSIG + "X509SerialNumber";
  /** an XPATH-Expression */ 
  protected static final String TRUSTED_CA_CERTIFICATES_XPATH =
    ROOT + CONF + "TrustedCACertificates";
  
  /** an XPATH-Expression */ 
  protected static final String VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH = CONF + "DefaultTrustProfile";
  /** an XPATH-Expression */ 
  protected static final String VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH = CONF + "TrustProfileID";
  /** an XPATH-Expression */ 
  protected static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox";
  
  

  
	/**
	 * main configuration file directory name used to configure MOA-ID 
	 */
	protected String rootConfigFileDir_;
  
  /** The root element of the MOA-ID configuration */
  protected Element configElem_;

  /**
   * Creates a new <code>MOAConfigurationProvider</code>.
   * 
   * @param configElem The root element of the MOA-ID configuration.
   */
  public ConfigurationBuilder(Element configElem, String rootConfigDir) {
    configElem_ = configElem;
    rootConfigFileDir_ = rootConfigDir;
  }

  /**
   * Returns the root element of the MOA-ID configuration. 
   * 
   * @return The root element of the MOA-ID configuration.
   */
  public Element getConfigElem() {
    return configElem_;
  }

  /**
   * Build a ConnectionParameter object containing all information
   * of the moa-sp element in the authentication component 
   * @return ConnectionParameter of the authentication component moa-sp element 
   */
  public ConnectionParameter buildAuthBKUConnectionParameter() {

    Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH);
    if (authBKU==null) return null;
    return buildConnectionParameter(authBKU);
  }

  /**
   * Method buildAuthBKUSelectionType.
   * 
   * Build a string with the configuration value of BKUSelectionAlternative
   * 
   * @return String
   */
  public String buildAuthBKUSelectionType() {

   Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH);
   if (authBKU==null) return null;   
   return (authBKU).getAttribute("BKUSelectionAlternative");
  }

  /**
   * Build a string array with all filenames leading
   * to the Transforms Information for the Security Layer
   * @param contextNode The node from which should be searched
   * @param xpathExpr The XPATH expression for the search
   * @return String[] of filenames to the Security Layer Transforms Information 
   *         or <code>null</code> if no transforms are included
   */
  public String[] buildTransformsInfoFileNames(Node contextNode, String xpathExpr) {
    
    List transformsInfoFileNames = new ArrayList();
    
    try {
      NodeIterator tiIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr);
      
      Attr tiElem;
      while ((tiElem = (Attr) tiIter.nextNode()) != null) {
        String tiFileName = tiElem.getNodeValue();
        transformsInfoFileNames.add(tiFileName);
      }
      
      String[] result = new String[transformsInfoFileNames.size()];
      transformsInfoFileNames.toArray(result);
  
      return result;
    } catch (XPathException xpe) {
      return new String[0];
    }
  }
  
  
  /**
   * Loads the <code>transformsInfos</code> from files.
   * @throws Exception on any exception thrown
   */
  public String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception {
    
    String[] transformsInfos = new String[transformsInfoFileNames.length];
    for (int i = 0; i < transformsInfoFileNames.length; i++) {
      String fileURL = transformsInfoFileNames[i];

      //if fileURL is relative to rootConfigFileDir make it absolute          
      fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_);      
      String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
      transformsInfos[i] = transformsInfo;
    }
    return transformsInfos;
  }

  /**
   * Build a ConnectionParameter bean containing all information
   * of the authentication component moa-sp element 
   * @return ConnectionParameter of the authentication component moa-sp element 
   */
  public ConnectionParameter buildMoaSpConnectionParameter() {

    Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_MOA_SP_XPATH);
    if (connectionParameter==null) return null;
    return buildConnectionParameter(connectionParameter);
  }

  /**
   * Return a string with a url-reference to the VerifyIdentityLink trust 
   * profile id within the moa-sp part of the authentication component
   * @return String with a url-reference to the VerifyIdentityLink trust profile ID
   */
  public String getMoaSpIdentityLinkTrustProfileID() {
    return XPathUtils.getElementValue(
      configElem_,
      AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH,
      "");
  }
  /**
   * Return a string representation of an URL pointing to trusted CA Certificates 
   * @return String representation of an URL pointing to trusted CA Certificates 
   */
  public String getTrustedCACertificates() {
    return XPathUtils.getElementValue(
      configElem_,
      TRUSTED_CA_CERTIFICATES_XPATH,null);
  }
  
  /**
   * Return a string with a url-reference to the VerifyAuthBlock trust 
   * profile id within the moa-sp part of the authentication component
   * @return String with a url-reference to the VerifyAuthBlock trust profile ID
   */
  public String getMoaSpAuthBlockTrustProfileID() {
    return XPathUtils.getElementValue(
      configElem_,
      AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH,
      "");
  }
  /**
   * Build a string array with references to all verify transform info 
   * IDs within the moa-sp part of the authentication component
   * @return A string array containing all urls to the 
   * verify transform info IDs
   */
  public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() {

    List verifyTransformsInfoIDs = new ArrayList();
    NodeIterator vtIter =
      XPathUtils.selectNodeIterator(
        configElem_,
        AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH);
    Element vtElem;

    while ((vtElem = (Element) vtIter.nextNode()) != null) {

      String vtInfoIDs = DOMUtils.getText(vtElem);
      verifyTransformsInfoIDs.add(vtInfoIDs);
    }
    String[] result = new String[verifyTransformsInfoIDs.size()];
    verifyTransformsInfoIDs.toArray(result);

    return result;
  }


  /**
   * Returns a list containing all X509 Subject Names 
   * of the Identity Link Signers
   * @return a list containing the configured identity-link signer X509 subject names
   */
  public List getIdentityLink_X509SubjectNames() {

    Vector x509SubjectNameList = new Vector();
    NodeIterator x509Iter =
      XPathUtils.selectNodeIterator(
        configElem_,
        AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH);
    Element x509Elem;

    while ((x509Elem = (Element) x509Iter.nextNode()) != null) {
      String vtInfoIDs = DOMUtils.getText(x509Elem);
      x509SubjectNameList.add(vtInfoIDs);
    }
    
    // now add the default identity link signers
    String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID;
    for (int i=0; i<identityLinkSignersWithoutOID.length; i++) {
      String identityLinkSigner = identityLinkSignersWithoutOID[i];
      if (!x509SubjectNameList.contains(identityLinkSigner)) {
        x509SubjectNameList.add(identityLinkSigner);
      }
    }
   
    return x509SubjectNameList;
  }

  /**
   * Build an array of the OnlineApplication Parameters containing information 
   * about the authentication component
   * 
   * @param defaultVerifyInfoboxParameters Default parameters for verifying additional
   *                                infoboxes. Maybe <code>null</code>.
   * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating
   *                                the identity link signer certificate. Needed for
   *                                checking if this ID is not used for validating other 
   *                                infoboxes.
   * 
   * @return An OAProxyParameter array containing beans
   * with all relevant information for the authentication component of the online 
   * application
   */
  public OAAuthParameter[] buildOnlineApplicationAuthParameters(
    VerifyInfoboxParameters defaultVerifyInfoboxParameters, String moaSpIdentityLinkTrustProfileID)
  throws ConfigurationException 
  {

    String bkuSelectionTemplateURL =     
    	  XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null);
    String templateURL =     
        XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null);
    
    List OA_set = new ArrayList();
    NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH);

    for (int i = 0; i < OAIter.getLength(); i++) {
      Element oAElem = (Element) OAIter.item(i);
      Element authComponent =
        (Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH);

      OAAuthParameter oap = new OAAuthParameter();
      String publicURLPrefix = oAElem.getAttribute("publicURLPrefix");
      oap.setPublicURLPrefix(publicURLPrefix);
      oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier"));
      
      // get the type of the online application
      String oaType = oAElem.getAttribute("type");
      oap.setOaType(oaType);
      String slVersion = "1.1";
      if ("businessService".equalsIgnoreCase(oaType)) {
        if (authComponent==null) {
          Logger.error("Missing \"AuthComponent\" for OA of type \"businessService\"");
          throw new ConfigurationException("config.02", null);
        } 
        Element identificationNumberElem =
          (Element) XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH);
        if (identificationNumberElem==null) {
          Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\"");
          throw new ConfigurationException("config.02", null);
        } 
        Element identificationNumberChild = DOMUtils.getElementFromNodeList(identificationNumberElem.getChildNodes());
        if (identificationNumberChild == null) {
          Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\"");
          throw new ConfigurationException("config.02", null);
        }
        if ("false".equalsIgnoreCase(oAElem.getAttribute("calculateHPI"))) {
        	oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild));
        } else {
        	// If we have business service and want to dealt with GDA, the security layer can be advised to calulate 
        	// the Health Professional Identifier HPI instead of the wbPK
            Logger.info("OA uses HPI for Identification");
        	oap.setIdentityLinkDomainIdentifier(Constants.URN_PREFIX_HPI);
        }
        
        // if OA type is "businessSErvice" set slVersion to 1.2 and ignore parameter in config file
        Logger.info("OA type is \"businessService\"; setting Security Layer version to 1.2");
        slVersion = "1.2";
        
      } else {
        
        if (authComponent!=null) {
          slVersion = authComponent.getAttribute("slVersion");
        }
        
      }
      oap.setSlVersion(slVersion);
      //Check if there is an Auth-Block to read from configuration
      
      if (authComponent!=null)
      {
        oap.setProvideStammzahl(BoolUtils.valueOf(authComponent.getAttribute("provideStammzahl")));
        oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock")));
        oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));
        oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate")));        
        oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL));
        oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL));        
        // load OA specific transforms if present
        String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH);        
        try {
          oap.setTransformsInfos(loadTransformsInfos(transformsInfoFileNames));
        } catch (Exception ex) {
          Logger.error("Error loading transforms specified for OA \"" + publicURLPrefix + "\"; using default transforms.");
        } 
        Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH);
        oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters(
          verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); 
      } 
      OA_set.add(oap);
    }
    OAAuthParameter[] result =
      new OAAuthParameter[OA_set.size()];
    OA_set.toArray(result);

    return result;

  }
  
  /**
   * Builds the URL for a BKUSelectionTemplate or a Template. The method selects
   * the uri string from the MOA ID configuration file via the given xpath expression
   * and returns either this string or the default value.
   * 
   * @param oaAuthComponent The AuthComponent element to get the template from.
   * @param xpathExpr       The xpath expression for selecting the template uri.
   * @param defaultURL      The default template url.
   * @return                The template url. This may either the via xpath selected uri
   *                        or, if no template is specified within the online appliacation,
   *                        the default url. Both may be <code>null</code>.
   */
  protected String buildTemplateURL(Element oaAuthComponent, String xpathExpr, String defaultURL) {
    String templateURL = XPathUtils.getAttributeValue(oaAuthComponent, xpathExpr, defaultURL);
    if (templateURL != null) {
    	templateURL = FileUtils.makeAbsoluteURL(templateURL, rootConfigFileDir_);
    }
    return templateURL;
  }

  
  /**
   * Method buildConnectionParameter: internal Method for creating a 
   * ConnectionParameter object with all data found in the incoming element
   * @param root This Element contains the ConnectionParameter
   * @return ConnectionParameter
   */
  protected ConnectionParameter buildConnectionParameter(Element root) 
  {
    ConnectionParameter result = new ConnectionParameter();
    result.setAcceptedServerCertificates(
      XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null));
    
    result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL(
    	result.getAcceptedServerCertificates(), rootConfigFileDir_));
      
    result.setUrl(
      XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, ""));
    result.setClientKeyStore(
      XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null));
    
    result.setClientKeyStore(FileUtils.makeAbsoluteURL(
    	result.getClientKeyStore(), rootConfigFileDir_));
    
    result.setClientKeyStorePassword(
    	XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,""));
    
    if ((result.getAcceptedServerCertificates()==null)
        && (result.getUrl()=="")
        && (result.getClientKeyStore()==null)
        && (result.getClientKeyStorePassword()==""))
        return null;
    
    return result;
  }

  
  /**
   * Build the mapping of generic configuration properties.
   * 
   * @return a {@link Map} of generic configuration properties (a name to value
   * mapping) from the configuration.
   */
  public Map buildGenericConfiguration() {

    Map genericConfiguration = new HashMap();
    NodeIterator gcIter =
      XPathUtils.selectNodeIterator(
        configElem_,
        GENERIC_CONFIGURATION_XPATH);
    Element gcElem;

    while ((gcElem = (Element) gcIter.nextNode()) != null) {
      String gcName = gcElem.getAttribute("name");
      String gcValue = gcElem.getAttribute("value");

      genericConfiguration.put(gcName, gcValue);
    }

    return genericConfiguration;
  }
  

  /**
   * Returns the default chaining mode from the configuration.
   * 
   * @return The default chaining mode.
   */
  public String getDefaultChainingMode() {
    String defaultChaining =
      XPathUtils.getAttributeValue(
        configElem_,
        CHAINING_MODES_DEFAULT_XPATH,
        CM_CHAINING);

    return translateChainingMode(defaultChaining);

  }
  /**
   * Build the chaining modes for all configured trust anchors.
   * 
   * @return The mapping from trust anchors to chaining modes.
   */
  public Map buildChainingModes() {
    Map chainingModes = new HashMap();
    NodeIterator trustIter =
      XPathUtils.selectNodeIterator(configElem_, TRUST_ANCHOR_XPATH);
    Element trustAnchorElem;

    while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) {
      IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem);
      String mode = trustAnchorElem.getAttribute("mode");

      if (issuerAndSerial != null) {
        chainingModes.put(issuerAndSerial, translateChainingMode(mode));
      }
    }

    return chainingModes;
  }
  
  /**
   * Build an <code>IssuerAndSerial</code> from the DOM representation.
   * 
   * @param root The root element (being of type <code>dsig:
   * X509IssuerSerialType</code>.
   * @return The issuer and serial number contained in the <code>root</code>
   * element or <code>null</code> if could not be built for any reason.
   */
  protected IssuerAndSerial buildIssuerAndSerial(Element root) {
    String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null);
    String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null);

    if (issuer != null && serial != null) {
      try {
        RFC2253NameParser nameParser = new RFC2253NameParser(issuer);
        Principal issuerDN = nameParser.parse();

        return new IssuerAndSerial(issuerDN, new BigInteger(serial));
      } catch (RFC2253NameParserException e) {
        warn("config.09", new Object[] { issuer, serial }, e);
        return null;
      } catch (NumberFormatException e) {
        warn("config.09", new Object[] { issuer, serial }, e);
        return null;
      }
    }
    return null;
  }

  /**
   * Translate the chaining mode from the configuration file to one used in the
   * IAIK MOA API.
   * 
   * @param chainingMode The chaining mode from the configuration.
   * @return The chaining mode as provided by the <code>ChainingModes</code>
   * interface.
   * @see iaik.pki.pathvalidation.ChainingModes
   */
  protected String translateChainingMode(String chainingMode) {
    if (chainingMode.equals(CM_CHAINING)) {
      return ChainingModes.CHAIN_MODE;
    } else if (chainingMode.equals(CM_PKIX)) {
      return ChainingModes.PKIX_MODE;
    } else {
      return ChainingModes.CHAIN_MODE;
    }
  }
  
  /**
   * Builds the IdentityLinkDomainIdentifier as needed for providing it to the
   * SecurityLayer for computation of the wbPK.
   * <p>e.g.:<br>
   * input element:
   * <br>
   * <code>&lt;pr:Firmenbuchnummer Identifier="FN"&gt;000468 i&lt;/pr:Firmenbuchnummer&gt;</code>
   * <p>
   * return value: <code>urn:publicid:gv.at+wbpk+FN468i</code>
   * 
   * @param number  The element holding the identification number of the business
   *                company.
   * @return The domain identifier
   */
  protected String buildIdentityLinkDomainIdentifier(Element number) {
    if (number == null) {
      return null;
    }
    String identificationNumber = number.getFirstChild().getNodeValue();
    String identifier = number.getAttribute("Identifier");
    // remove all blanks
    identificationNumber = StringUtils.removeBlanks(identificationNumber);
    if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn")) {
      // delete zeros from the beginning of the number
      identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber);
      // remove hyphens
      identificationNumber = StringUtils.removeToken(identificationNumber, "-");
    }
    StringBuffer identityLinkDomainIdentifier = new StringBuffer(Constants.URN_PREFIX_WBPK);
    identityLinkDomainIdentifier.append("+");
    if (!identificationNumber.startsWith(identifier)) {
      identityLinkDomainIdentifier.append(identifier);
    }
    identityLinkDomainIdentifier.append("+");
    identityLinkDomainIdentifier.append(identificationNumber);
    return identityLinkDomainIdentifier.toString();
  }
  
    /**
   * Builds the parameters for verifying additional infoboxes (additional to the
   * IdentityLink infobox).
   * 
   * @param verifyInfoboxesElem     The <code>VerifyInfoboxes</code> element from the 
   *                                config file. This maybe the global element or the
   *                                elment from an Online application.
   * @param defaultVerifyInfoboxParameters Default parameters to be used, if no 
   *                                <code>VerifyInfoboxes</code> element is present.
   *                                 This only applies to parameters
   *                                of an specific online application and is set to 
   *                                <code>null</code> when building the global parameters.
   * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating
   *                                the identity link signer certificate. Needed for
   *                                checking if this ID is not used for validating other 
   *                                infoboxes.
   *                           
   * @return A {@link at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters VerifyInfoboxParameters}
   *         object needed for verifying additional infoboxes.
   *         
   * @throws ConfigurationException If the trust profile for validating the identity link 
   *                                signer certificate is used for validating another infobox.
   */
  public VerifyInfoboxParameters buildVerifyInfoboxParameters(
    Node verifyInfoboxesElem, 
    VerifyInfoboxParameters defaultVerifyInfoboxParameters,
    String moaSpIdentityLinkTrustProfileID)
  throws ConfigurationException
  {
    
    if ((verifyInfoboxesElem == null) && (defaultVerifyInfoboxParameters == null)) {
      return null;
    }
    Vector identifiers = new Vector(); 
    List defaultIdentifiers = null;
    Map defaultInfoboxParameters = null;
    if (defaultVerifyInfoboxParameters != null) {
      defaultIdentifiers = defaultVerifyInfoboxParameters.getIdentifiers();
      defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters();
    }
    Hashtable infoboxParameters = new Hashtable();
    if (verifyInfoboxesElem != null) {
      // get the DefaultTrustProfileID
      String defaultTrustProfileID = null;    
      Node defaultTrustProfileNode =
        XPathUtils.selectSingleNode(verifyInfoboxesElem, VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH);
      if (defaultTrustProfileNode != null) {
        Node trustProfileIDNode =
          XPathUtils.selectSingleNode(defaultTrustProfileNode, VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH);
        defaultTrustProfileID = trustProfileIDNode.getFirstChild().getNodeValue(); 
        if (defaultTrustProfileID.equals(moaSpIdentityLinkTrustProfileID)) {
          throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID});
        }
      }      
      // get the Infoboxes
      NodeList infoboxes = 
        XPathUtils.selectNodeList(verifyInfoboxesElem, VERIFY_INFOBOXES_INFOBOX_XPATH);        
      for (int i=0; i<infoboxes.getLength(); i++) {
        Element infoBoxElem = (Element)infoboxes.item(i);
        // get the identifier of the infobox
        String identifier = infoBoxElem.getAttribute("Identifier");
        identifiers.add(identifier);
        VerifyInfoboxParameter verifyInfoboxParameter = new VerifyInfoboxParameter(identifier);
        verifyInfoboxParameter.setFriendlyName(identifier);
        // get the attributes
        // (1) required: override global value in any case
        verifyInfoboxParameter.setRequired(BoolUtils.valueOf(
          infoBoxElem.getAttribute("required")));
        // (2) provideStammzahl: override global value in any case
        verifyInfoboxParameter.setProvideStammzahl(BoolUtils.valueOf(
          infoBoxElem.getAttribute("provideStammzahl")));
        // (3) proviedIdentityLink: override global value in any case
        verifyInfoboxParameter.setProvideIdentityLink(BoolUtils.valueOf(
          infoBoxElem.getAttribute("provideIdentityLink")));
        // set default trustprofileID
        if (defaultTrustProfileID != null) {
          verifyInfoboxParameter.setTrustProfileID(defaultTrustProfileID);
        }
        // get the parameter elements
        boolean localValidatorClass = false;
        boolean localFriendlyName = false;
        List params = DOMUtils.getChildElements(infoBoxElem);
        Iterator it = params.iterator();
        while (it.hasNext()) {
          Element paramElem = (Element)it.next();                 
          String paramName = paramElem.getLocalName();
          if (paramName.equals("FriendlyName")) {
            verifyInfoboxParameter.setFriendlyName(paramElem.getFirstChild().getNodeValue());
            localFriendlyName = true;
          } else if (paramName.equals("TrustProfileID")) {
            String trustProfileID = paramElem.getFirstChild().getNodeValue();
            if (trustProfileID != null) {
              if (trustProfileID.equals(moaSpIdentityLinkTrustProfileID)) {
                throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID});
              }
              verifyInfoboxParameter.setTrustProfileID(trustProfileID);
            } 
          } else if (paramName.equals("ValidatorClass")) {
            String validatorClassName = paramElem.getFirstChild().getNodeValue();
            if (validatorClassName != null) {
              verifyInfoboxParameter.setValidatorClassName(validatorClassName);
              localValidatorClass = true;
            }            
          } else if (paramName.equals("SchemaLocations")) {
            List schemaElems = DOMUtils.getChildElements(paramElem);
            List schemaLocations = new Vector(schemaElems.size());
            Iterator schemaIterator = schemaElems.iterator();
            while (schemaIterator.hasNext()) {
              Element schemaElem = (Element)schemaIterator.next();
              String namespace = schemaElem.getAttribute("namespace");
              String schemaLocation = schemaElem.getAttribute("schemaLocation");
              // avoid adding the same schema twice
              Iterator schemaLocationIterator = schemaLocations.iterator();
              boolean add = true;
              while (schemaLocationIterator.hasNext()) {                
                String existingNamespace = ((Schema)schemaLocationIterator.next()).getNamespace();
                if (namespace.equals(existingNamespace)) {
                  Logger.warn("Multiple schemas specified for namespace \"" + namespace + 
                    "\"; only using the first one.");
                  add = false;
                  break;
                }
              }
              if (add) {
                schemaLocations.add(new SchemaImpl(namespace, schemaLocation));
              }
            }
            verifyInfoboxParameter.setSchemaLocations(schemaLocations);            
          } else if (paramName.equals("ApplicationSpecificParameters")) {
            verifyInfoboxParameter.setApplicationSpecificParams(paramElem);
          }
        }        
        // use default values for those parameters not yet set by local configuration
        if (defaultInfoboxParameters != null) {
          Object defaultVerifyIP = defaultInfoboxParameters.get(identifier);
          if (defaultVerifyIP != null) {
            VerifyInfoboxParameter defaultVerifyInfoboxParameter = 
              (VerifyInfoboxParameter)defaultVerifyIP;
            // if no friendly is set, use default
            if (!localFriendlyName) {
              verifyInfoboxParameter.setFriendlyName(
                defaultVerifyInfoboxParameter.getFriendlyName());
            }
            // if no TrustProfileID is set, use default, if available
            if (verifyInfoboxParameter.getTrustProfileID() == null) {
              verifyInfoboxParameter.setTrustProfileID(
                defaultVerifyInfoboxParameter.getTrustProfileID());
            } 
            // if no local validator class is set, use default
            if (!localValidatorClass) {
              verifyInfoboxParameter.setValidatorClassName(
                defaultVerifyInfoboxParameter.getValidatorClassName());
            }
            // if no schema locations set, use default         
            if (verifyInfoboxParameter.getSchemaLocations() == null) {
              verifyInfoboxParameter.setSchemaLocations(
                defaultVerifyInfoboxParameter.getSchemaLocations());
            }
            // if no application specific parameters set, use default
            if (verifyInfoboxParameter.getApplicationSpecificParams() == null) {
              verifyInfoboxParameter.setApplicationSpecificParams(
                defaultVerifyInfoboxParameter.getApplicationSpecificParams());
            }
          }
        }
        infoboxParameters.put(identifier, verifyInfoboxParameter);
      }
      // add the infobox identifiers not present within the local configuration to the 
      // identifier list
      if (defaultIdentifiers != null) {
        Iterator identifierIterator = defaultIdentifiers.iterator();
        while (identifierIterator.hasNext()) {
          String defaultIdentifier = (String)identifierIterator.next();
          if (!identifiers.contains(defaultIdentifier)) {
            identifiers.add(defaultIdentifier);
          }
        }
      }
      return new VerifyInfoboxParameters(identifiers, infoboxParameters);
    } else {
      return new VerifyInfoboxParameters(defaultIdentifiers, infoboxParameters);
    }       
  }

  /**
   * Method warn.
   * @param messageId to identify a country-specific message
   * @param parameters for the logger
   */
  //
  // various utility methods
  //

  protected static void warn(String messageId, Object[] parameters) {
    Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
  }

  /**
   * Method warn.
   * @param messageId to identify a country-specific message
   * @param args for the logger
   * @param t as throwabl
   */
  protected static void warn(String messageId, Object[] args, Throwable t) {
    Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t);
  } 
}