/*******************************************************************************
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 *******************************************************************************/
package at.gv.egovernment.moa.id.configuration.validation;

import iaik.asn1.ObjectID;
import iaik.utils.Util;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

import org.apache.log4j.Logger;

public class ValidationHelper {

	private static final Logger log = Logger.getLogger(ValidationHelper.class);
	
	private static final String TEMPLATE_DATEFORMAT = "dd.MM.yyyy";
	
	
	public static boolean isPublicServiceAllowed(String identifier) {
		
		SSLSocket socket = null;
		
		try {
			URL url = new URL(identifier);
			String host = url.getHost();
			
			if (host.endsWith("/"))
				host = host.substring(0, host.length()-1);
			
			if (url.getHost().endsWith(at.gv.egovernment.moa.id.configuration.Constants.PUBLICSERVICE_URL_POSTFIX)) {
				log.debug("PublicURLPrefix with .gv.at Domain found.");
				return true;
				
			} else {
				SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();			
				socket = (SSLSocket) factory.createSocket(url.getHost(), url.getPort());
				socket.startHandshake();
				
				SSLSession session = socket.getSession();
				Certificate[] servercerts = session.getPeerCertificates();
				X509Certificate[] iaikChain = new X509Certificate[servercerts.length];
				for (int i=0; i<servercerts.length; i++) {
					iaikChain[i] = new X509Certificate(servercerts[i].getEncoded());
				}
				
				
				X509Certificate cert = Util.arrangeCertificateChain(iaikChain, false)[0];
				
				if (cert != null) {
					ObjectID vwOID = new ObjectID("1.2.40.0.10.1.1.1"); // Verwaltungseigenschaft
					ObjectID dOID = new ObjectID("1.2.40.0.10.1.1.2"); // Dienstleistereigenschaft
					
					
					if ((cert.getExtension(vwOID) == null) && (cert.getExtension(dOID) == null)) {
						return false;
						
					} else {
						log.info("Found correct X509 Extension in server certificate. PublicService is allowed");
						return true;
					}		
				}
				
				return false;
			}
				
		} catch (MalformedURLException e) {
			log.warn("PublicURLPrefix can not parsed to URL", e);
			return false;
			
		} catch (UnknownHostException e) {
			log.warn("Can not connect to PublicURLPrefix Server", e);
			return false;
			
		} catch (IOException e) {
			log.warn("Can not connect to PublicURLPrefix Server", e);
			return false;
			
		} catch (CertificateEncodingException e) {
			log.warn("Can not parse X509 server certificate", e);
			return false;
			
		} catch (CertificateException e) {
			log.warn("Can not read X509 server certificate", e);
			return false;
			
		} catch (X509ExtensionInitException e) {
			log.warn("Can not read X509 server certificate extension", e);
			return false;
		}
		
		finally {
			if (socket != null)
				try {
					socket.close();
				} catch (IOException e) {
					log.warn("SSL Socket can not be closed.", e);
				}
		}
	}
	
	public static boolean validateOAID(String oaIDObj) {
		if (oaIDObj != null) {
			try {
				
				long oaID = Long.valueOf(oaIDObj);
			
				if (oaID > 0 && oaID < Long.MAX_VALUE)
					return true;
				
			} catch (Throwable t) {
				log.warn("No valid DataBase OAID received! " + oaIDObj);
			}
		}
		return false;
	}
	
	public static boolean validateNumber(String value) {
		
		log.debug("Validate Number " + value);

		try {
			Float.valueOf(value);
			
			return true;
			
		} catch (NumberFormatException e) {
			return false;
		}
		
		
	}
	
	
	public static boolean validateURL(String urlString) {
		
		log.debug("Validate URL " + urlString);
		
		//if (urlString.startsWith("http") || urlString.startsWith("https")) {
  		  try {
			new URL(urlString);
			return true;
			
  		  } catch (MalformedURLException e) {
  		  }
		//}
		
		return false;
	}
	
	public static boolean isValidAdminTarget(String target) {
		   
	   log.debug("Ueberpruefe Parameter Target");
	            
       Pattern pattern = Pattern.compile("[a-zA-Z-]{1,5}");
       Matcher matcher = pattern.matcher(target);
       boolean b = matcher.matches();
       if (b) {
    	   log.debug("Parameter Target erfolgreich ueberprueft");
    	  return true;
       }
       else {
    	   log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");
    	  return false;  
       }           
	}
	
	public static boolean isValidTarget(String target) {
		   
		   log.debug("Ueberpruefe Parameter Target");
		            
	       if (TargetValidator.isValidTarget(target)) {
	    	   log.debug("Parameter Target erfolgreich ueberprueft");
	    	  return true;
	       }
	       else {
	    	   log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");
	    	  return false;  
	       }
		            
		}
	
	public static boolean isValidSourceID(String sourceID) {
		   
	   log.debug("Ueberpruefe Parameter sourceID");

	   Pattern pattern = Pattern.compile("[\\w-_]{1,20}");
	   Matcher matcher = pattern.matcher(sourceID);
	   boolean b = matcher.matches();
	   if (b) {
	 	  log.debug("Parameter sourceID erfolgreich ueberprueft");
	 	  return true;
      }
      else {
    	  log.error("Fehler Ueberpruefung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)");
    	  return false;  
      }            
	}
	
	public static boolean isDateFormat(String dateString) {
		if (dateString.length() > TEMPLATE_DATEFORMAT.length())
			return false;
		
		SimpleDateFormat sdf = new SimpleDateFormat(TEMPLATE_DATEFORMAT);
		try {
			sdf.parse(dateString);
			return true;
			
		} catch (ParseException e) {
			return false;
		}
	}

	public static boolean isEmailAddressFormat(String address) {
		if (address == null) {
			return false;
		}
		return Pattern.compile("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,6}$").matcher(address).matches();
	}
	
	public static boolean isValidOAIdentifier(String param) {
		if (param == null) {
			return false;
		}
		return param.indexOf(";") != -1 ||
					 param.indexOf("%") != -1 ||
					 param.indexOf("\"") != -1 ||
					 param.indexOf("'") != -1 ||
					 param.indexOf("?") != -1 ||
					 param.indexOf("`") != -1 ||
					 param.indexOf(",") != -1 ||
					 param.indexOf("<") != -1 ||
					 param.indexOf(">") != -1 ||
					 param.indexOf("\\") != -1;	
		
	}
	
	public static String getNotValidOAIdentifierCharacters() {
		
		return "; % \" ' ` , < > \\";
	}	
	
	public static boolean containsPotentialCSSCharacter(String param, boolean commaallowed) {
		
		if (param == null) {
			return false;
		}
		return param.indexOf(";") != -1 ||
					 param.indexOf("%") != -1 ||
					 param.indexOf("\"") != -1 ||
					 param.indexOf("'") != -1 ||
					 param.indexOf("?") != -1 ||
					 param.indexOf("`") != -1 ||
					 ( param.indexOf(",") != -1 && !commaallowed ) ||
					 param.indexOf("<") != -1 ||
					 param.indexOf(">") != -1 ||
					 param.indexOf("\\") != -1 ||
					 param.indexOf("/") != -1;					 					
	}
	
	public static String getPotentialCSSCharacter(boolean commaallowed) {
		
		if (commaallowed)
			return "; % \" ' ` < > \\ /";
		else
			return "; % \" ' ` , < > \\ /";
	}
	
	public static boolean isNotValidIdentityLinkSigner(String param) {
		if (param == null) {
			return false;
		}
		return param.indexOf(";") != -1 ||
					 param.indexOf("%") != -1 ||
					 param.indexOf("\"") != -1 ||
					 param.indexOf("'") != -1 ||
					 param.indexOf("?") != -1 ||
					 param.indexOf("`") != -1 ||
					 param.indexOf("<") != -1 ||
					 param.indexOf(">") != -1;	
		
	}
	
	public static String getNotValidIdentityLinkSignerCharacters() {
		
		return "; % \" ' ` < >";
	}
	
	public static boolean isValidHexValue(String param) {
		
		try {
			if (param.startsWith("#") && param.length() <= 7) {			
				Long.decode(param);
				return true;
			}
			
		} catch (Exception e) {
			
		}
		return false;
		
	}
	
}