package at.gv.egovernment.moa.id.configuration.validation.moaconfig;

import java.util.ArrayList;
import java.util.List;

import javax.servlet.http.HttpServletRequest;

import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
import lombok.extern.slf4j.Slf4j;

@Slf4j
public class StorkConfigValidator {

  public List<String> validate(GeneralStorkConfig form, HttpServletRequest request) {

    final List<String> errors = new ArrayList<>();

    log.debug("Validate general STORK configuration");

    // check peps list

//		if (form.getCpepslist() != null) {
//			for(CPEPS current : form.getCpepslist()) {
    if (form.getRawCPEPSList() != null) {
      for (final CPEPS current : form.getRawCPEPSList()) {
        // if an existing record got deleted
        if (null == current) {
          continue;
        }

        // check country code
        String check = current.getCountryCode();
        if (MiscUtil.isNotEmpty(check)) {
          if (ValidationHelper.containsNotValidCharacter(check, false)) {
            log.warn("CPEPS config countrycode contains potentail XSS characters: " + check);
            errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc",
                new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
          }
          if (!check.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) {
            log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check);
            errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc",
                new Object[] { check }, request));
          }

          // check url
          check = current.getURL();
          if (MiscUtil.isNotEmpty(check)) {
            if (!ValidationHelper.validateURL(check)) {
              log.info("CPEPS config URL is invalid : " + check);
              errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request));
            }
          } else {
            log.warn("CPEPS config url is empty : " + check);
            errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
                new Object[] { check }, request));
          }

        } else {
          log.warn("CPEPS config countrycode is empty : " + check);
//					errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
//							new Object[] {check}, request ));
        }

      }

      if (form.getCpepslist() != null) {
        // ensure uniqueness of country code
        for (final CPEPS one : form.getCpepslist()) {
          for (final CPEPS another : form.getCpepslist()) {
            if (null != one && null != another && one.getCountryCode() != null) {
              if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) {
                errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request));
                break;
              }
            }
          }
        }
      }
    }

    // check qaa
    final String qaa = form.getDefaultQaa();
    if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) {
      log.warn("eIDAS LoA is not allowed : " + qaa);
      errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
          new Object[] { qaa }, request));
    }

    // check attributes
    if (MiscUtil.isNotEmpty(form.getAttributes())) {
      for (final StorkAttribute check : form.getAttributes()) {
        if (check != null && MiscUtil.isNotEmpty(check.getName())) {
          final String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come
                                                                               // with a "/", we need to
                                                                               // exclude them from
                                                                               // validation. TODO Or should
                                                                               // we require the admin to
                                                                               // escape them in the UI?
          if (ValidationHelper.containsNotValidCharacter(tmp, true)) {
            log.warn("default attributes contains potentail XSS characters: " + check);
            errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
                new Object[] { ValidationHelper.getNotValidCharacter(true) }, request));
          }
          if (!tmp.toLowerCase().matches("^[A-Za-z]*$")) {
            log.warn("default attributes do not match the requested format : " + check);
            errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
                new Object[] { check }, request));
          }

        }
      }

      // TODO: STORK attributes check if no attribute is set
//		} else {
//			log.warn("no attributes specified");
//			errors.add(LanguageHelper.getErrorString("validation.stork.attributes.empty",
//					new Object[] {} ));
    }

    return errors;
  }
}