/*******************************************************************************
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 *******************************************************************************/
package at.gv.egovernment.moa.id.configuration.validation.moaconfig;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;

import javax.servlet.http.HttpServletRequest;

import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;

import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig;
import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;

public class MOAConfigValidator {

	private static final Logger log = Logger.getLogger(MOAConfigValidator.class);
	
	public List<String> validate(GeneralMOAIDConfig form, HttpServletRequest request) {
		
		List<String> errors = new ArrayList<String>();
		
		log.debug("Validate general MOA configuration");
		
	
		String check = form.getSaml1SourceID();
		if (MiscUtil.isNotEmpty(check)) {
			if (ValidationHelper.containsNotValidCharacter(check, false)) {
				log.warn("SAML1 SourceID contains potentail XSS characters: " + check);
				errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID", 
						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
			}
		}
	
		check = form.getPublicURLPrefix();
		if (MiscUtil.isNotEmpty(check)) {
			String[] publicURLPreFix = check.split(",");
			if (form.isVirtualPublicURLPrefixEnabled()) {
				for (String el : publicURLPreFix) {			
					if (!ValidationHelper.validateURL(
							StringUtils.chomp(el.trim()))) {
						log.info("Public URL Prefix " + el + " is not valid");
						errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{el}, request));
					}
				}
				
			} else {
				if (!ValidationHelper.validateURL(
						StringUtils.chomp(publicURLPreFix[0].trim()))) {
					log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid");
					errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{publicURLPreFix[0]}, request));
					
				}
				
			}
		} else {
			log.info("PublicURL Prefix is empty.");
			errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request));
		}		
		
		check = form.getTimeoutAssertion();
		if (MiscUtil.isNotEmpty(check)) {
			if (!ValidationHelper.validateNumber(check)) {
				log.warn("Assertion Timeout is no number " + check);
				errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", 
						new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request ));
			}
		}
		check = form.getTimeoutMOASessionCreated();
		if (MiscUtil.isNotEmpty(check)) {
			if (!ValidationHelper.validateNumber(check)) {
				log.warn("MOASessionCreated Timeout is no number " + check);
				errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", 
						new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request ));
			}
		}
		check = form.getTimeoutMOASessionUpdated();
		if (MiscUtil.isNotEmpty(check)) {
			if (!ValidationHelper.validateNumber(check)) {
				log.warn("MOASessionUpdated Timeout is no number " + check);
				errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", 
						new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request ));
			}
		}
		
//		check = form.getCertStoreDirectory();
//		if (MiscUtil.isNotEmpty(check)) {
//			if (ValidationHelper.isValidOAIdentifier(check)) {
//				log.warn("CertStoreDirectory contains potentail XSS characters: " + check);
//				errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", 
//						new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request ));
//			}
//		} else {
//			log.info("CertStoreDirectory is empty.");
//			errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty", request));
//		}
		
		check = form.getDefaultBKUHandy();
		if (MiscUtil.isNotEmpty(check)) {
			if (!ValidationHelper.validateURL(check)) {
				log.info("Not valid Handy-BKU URL");
				errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request));
			}
		}
		
		check = form.getDefaultBKULocal();
		if (MiscUtil.isNotEmpty(check)) {
			if (!ValidationHelper.validateURL(check)) {
				log.info("Not valid Online-BKU URL");
				errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request));
			}
		}
		
		check = form.getDefaultBKUOnline();
		if (MiscUtil.isNotEmpty(check)) {
			if (!ValidationHelper.validateURL(check)) {
				log.info("Not valid Online-BKU URL");
				errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request));
			}
		}
		
//		check = form.getDefaultchainigmode();
//		if (MiscUtil.isEmpty(check)) {
//			log.info("Empty Defaultchainigmode");
//			errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.empty", request));
//		} else {
//			Map<String, String> list = form.getChainigmodelist();
//			if (!list.containsKey(check)) {
//				log.info("Not valid Defaultchainigmode " + check);
//				errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.valid", request));
//			}
//		}
				
		check = form.getMandateURL();
		if (MiscUtil.isNotEmpty(check)) {			
			String[] misURLs = check.split(",");
			for (String el : misURLs) {			
				if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
					log.info("Not valid Online-Mandate Service URL");
					errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", 
							new Object[]{el}, request));
				}
			}
		}
		
		check = form.getElgaMandateServiceURL();
		if (MiscUtil.isNotEmpty(check)) {			
			String[] elgaServiceURLs = check.split(",");
			for (String el : elgaServiceURLs) {			
				if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
					log.info("Not valid Online-Mandate Service URL");
					errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", 
							new Object[]{el}, request));
				}
			}
		}
		
		check = form.getMoaspssAuthTransformations();
		List<String> authtranslist = new ArrayList<String>();
		if (MiscUtil.isEmpty(check)) {
			log.info("Empty MoaspssAuthTransformation");
			errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", request));
		} else {
			
			//is only required if more then one transformation is in use
//			check = StringHelper.formatText(check);
//			String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER);
//			int i=1;
//			for(String el : list) {
//				if (ValidationHelper.containsPotentialCSSCharacter(el, false)) {
//					log.info("IdentityLinkSigners is not valid: " + el);
//					errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", 
//							new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} ));
//					
//				} else {
//					if (MiscUtil.isNotEmpty(el.trim()))
//						authtranslist.add(el.trim());
//				}
//				i++;
//			}			
			authtranslist.add(check.trim());
		}
		form.setAuthTransformList(authtranslist);
		
		check = form.getMoaspssAuthTrustProfile();
		if (MiscUtil.isEmpty(check)) {
			log.info("Empty MOA-SP/SS Authblock TrustProfile");
			errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request));
		} else {
			if (ValidationHelper.containsNotValidCharacter(check, false)) {
				log.info("Authblock TrustProfile is not valid: " +check);
				errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", 
						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
			}
		}
		
		check = form.getMoaspssIdlTrustProfile();
		if (MiscUtil.isEmpty(check)) {
			log.info("Empty MOA-SP/SS IdentityLink TrustProfile");
			errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request));
		} else {
			if (ValidationHelper.containsNotValidCharacter(check, false)) {
				log.info("IdentityLink TrustProfile is not valid: " +check);
				errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", 
						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
			}
		}
		
		check = form.getMoaspssAuthTrustProfileTest();
		if (MiscUtil.isEmpty(check)) {
			log.info("Empty MOA-SP/SS Test-Authblock TrustProfile");
			errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request));
		} else {
			if (ValidationHelper.containsNotValidCharacter(check, false)) {
				log.info("Test-Authblock TrustProfile is not valid: " +check);
				errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", 
						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
			}
		}
		
		check = form.getMoaspssIdlTrustProfileTest();
		if (MiscUtil.isEmpty(check)) {
			log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile");
			errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request));
		} else {
			if (ValidationHelper.containsNotValidCharacter(check, false)) {
				log.info("Test-IdentityLink TrustProfile is not valid: " +check);
				errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", 
						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
			}
		}
		
		
		check = form.getMoaspssURL();
		if (MiscUtil.isNotEmpty(check)) {
			if (!ValidationHelper.validateURL(check)) {
				log.info("Not valid MOA-SP/SS Service URL");
				errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request));
			}
		}
		
		check = form.getPvp2IssuerName();
		if (MiscUtil.isNotEmpty(check)) {
			if (ValidationHelper.containsNotValidCharacter(check, false)) {
				log.info("PVP2 IssuerName is not valid: " + check);
				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", 
						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
			}
		}
		
		check = form.getPvp2OrgDisplayName();
		if (MiscUtil.isNotEmpty(check)) {
			if (ValidationHelper.containsNotValidCharacter(check, false)) {
				log.info("PVP2 organisation display name is not valid: " + check);
				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", 
						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
			}
		}
		
		check = form.getPvp2OrgName();
		if (MiscUtil.isNotEmpty(check)) {
			if (ValidationHelper.containsNotValidCharacter(check, false)) {
				log.info("PVP2 organisation name is not valid: " + check);
				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", 
						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
			}
		}
		
		check = form.getPvp2OrgURL();
		if (MiscUtil.isNotEmpty(check)) {
			if (!ValidationHelper.validateURL(check)) {
				log.info("PVP2 organisation URL is not valid");
				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid", request));
			}
		}
		
//		check = form.getPvp2PublicUrlPrefix();
//		if (MiscUtil.isNotEmpty(check)) {
//			if (!ValidationHelper.validateURL(check)) {
//				log.info("PVP2 Service URL is not valid");
//				errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.serviceurl.valid"));
//			}
//		}
		
		check = form.getSLRequestTemplateHandy();
		if (MiscUtil.isEmpty(check)) {
			log.info("Empty SLRequestTemplate Handy-BKU");
			errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request));
		} else {
			if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
				log.info("SLRequestTemplate Handy-BKU is not valid");
				errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request));
			}
		}
		
		check = form.getSLRequestTemplateLocal();
		if (MiscUtil.isEmpty(check)) {
			log.info("Empty SLRequestTemplate local BKU");
			errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request));
		} else {
			if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
				log.info("SLRequestTemplate local BKU is not valid");
				errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request));
			}
		}
		
		check = form.getSLRequestTemplateOnline();
		if (MiscUtil.isEmpty(check)) {
			log.info("Empty SLRequestTemplate Online-BKU");
			errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request));
		} else {
			if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
				log.info("SLRequestTemplate Online-BKU is not valid");
				errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request));
			}
		}
		
		check = form.getSsoFriendlyName();
		if (MiscUtil.isNotEmpty(check)) {
			if (ValidationHelper.containsNotValidCharacter(check, false)) {
				log.info("SSO friendlyname is not valid: " + check);
				errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", 
						new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
			}
		}
		
//		check = form.getSsoIdentificationNumber();
//		if (MiscUtil.isNotEmpty(check)) {
//			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
//				log.info("SSO IdentificationNumber is not valid: " + check);
//				errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", 
//						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
//			}
//		}
		
//		check = form.getSsoPublicUrl();
//		if (MiscUtil.isNotEmpty(check)) {
//			if (!ValidationHelper.validateURL(check)) {
//				log.info("SSO Public URL is not valid");
//				errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid"));
//			}
//		}
		
		check = form.getSsoSpecialText();
		if (MiscUtil.isNotEmpty(check)) {
			if (ValidationHelper.containsNotValidCharacter(check, true)) {
				log.info("SSO SpecialText is not valid: " + check);
				errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", 
						new Object[] {ValidationHelper.getNotValidCharacter(true)} , request));
			}
		}
		
		check = form.getSsoTarget();
		if (MiscUtil.isEmpty(check)) {
			log.info("Empty SSO Target");
			//errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request));
			
		} else {
			if (!ValidationHelper.isValidAdminTarget(check)) {
				
				if (ValidationHelper.containsNotValidCharacter(check, false)) {
					log.warn("IdentificationNumber contains potentail XSS characters: " + check);
					errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", 
							new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
				}
				
				String num = check.replaceAll(" ", "");
				
				if ( !(num.startsWith(Constants.IDENIFICATIONTYPE_FN) || 
						num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) ||
							num.startsWith(Constants.IDENIFICATIONTYPE_ERSB) ) ) {
					
					log.info("Not valid SSO Target");
					errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request));
				}
								
			}
		}
		
		check = form.getSzrgwURL();
		if (MiscUtil.isNotEmpty(check)) {			
			String[] szrGWServiceURLs = check.split(",");
			for (String el : szrGWServiceURLs) {			
				if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
					log.info("Not valid Online-Mandate Service URL");
					errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", 
							new Object[]{el}, request));
				}
			}
		}
			
		check = form.getTrustedCACerts();
		if (MiscUtil.isEmpty(check)) {
			log.info("Empty TrustCACerts Directory");
			errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty", request));
			
		} else {
			if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
				log.info("Not valid TrustCACerts Directory");
				errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.valid", 
						new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request ));
			}
		}
		

		
		if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) {
			HashMap<String, byte[]> map = new HashMap<String, byte[]>();
			for (int i=0; i<form.getFileUploadFileName().size(); i++) {
				String filename = form.getFileUploadFileName().get(i);
				
				if (MiscUtil.isNotEmpty(filename)) {
					if (ValidationHelper.containsNotValidCharacter(filename, false)) {
						log.info("SL Transformation Filename is not valid");
						errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid", request));
						
					} else {
						try {
							File file = form.getFileUpload().get(i);
							FileInputStream stream = new FileInputStream(file);
							map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8"));
							
						} catch (IOException e) {
							log.info("SecurtiyLayerTransformation with FileName "
									+ filename +" can not be loaded." , e);
							errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid", 
									new Object[] {filename}, request ));
						}	
					}
				}
			}
						
			form.setSecLayerTransformation(map);
			
		} else {
			if (form.getSecLayerTransformation() == null) {			
				log.info("AuthBlock Transformation file is empty");
				errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request));
				
			}			
		}
		
		
		ContactForm contact = form.getPvp2Contact();
		if (contact != null) {
			PVP2ContactValidator pvp2validator = new PVP2ContactValidator();
			errors.addAll(pvp2validator.validate(contact, request));
		}
		
		return errors;
	}
}