package at.gv.egovernment.moa.id.auth;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Provider;
import java.security.Security;

import javax.activation.CommandMap;
import javax.activation.MailcapCommandMap;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRegistration;

import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
import org.springframework.beans.factory.xml.XmlBeanDefinitionReader;
import org.springframework.context.support.GenericApplicationContext;
import org.springframework.web.WebApplicationInitializer;
import org.springframework.web.context.ContextLoaderListener;
import org.springframework.web.context.request.RequestContextListener;
import org.springframework.web.context.support.GenericWebApplicationContext;
import org.springframework.web.context.support.ServletContextResource;
import org.springframework.web.servlet.DispatcherServlet;

import at.gv.egiz.components.spring.api.SpringLoader;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.logging.LoggingContext;
import at.gv.egovernment.moa.logging.LoggingContextManager;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.MiscUtil;
import iaik.pki.PKIException;
import iaik.security.ecc.provider.ECCProvider;
import iaik.security.provider.IAIK;

/**
 * Web application initializer
 * 
 * @author Paul Ivancsics
 * @version $Id$
 */
public class MOAIDAuthInitializer implements WebApplicationInitializer {

    private String[] rootServletContexts = null;

	private String[] servletContexts = null;

	private String[] activeProfiles = null;

	public MOAIDAuthInitializer() {
		this.rootServletContexts = null;
		this.servletContexts = new String[] {
				"/WEB-INF/applicationContext.xml",
				
		};
		this.activeProfiles = null;
	}
    
    
	/* (non-Javadoc)
	 * @see org.springframework.web.WebApplicationInitializer#onStartup(javax.servlet.ServletContext)
	 */
	@Override
	public void onStartup(ServletContext servletContext) throws ServletException {
		try {
			Logger.info("=============== Loading Root Context! ===============");
			GenericWebApplicationContext rootContext = new GenericWebApplicationContext();
			rootContext.setServletContext(servletContext);

			Logger.info("=============== Setting active profiles! ===============");
			if (this.activeProfiles != null) {
				for (String profile : this.activeProfiles) {
					rootContext.getEnvironment().addActiveProfile(profile);
				}
			}

			Logger.info("=============== Loading Local Contexts! ===============");
			XmlBeanDefinitionReader xmlReader = new XmlBeanDefinitionReader(
					rootContext);
			if (rootServletContexts != null) {
				for (String rootServletContext : rootServletContexts) {
					Logger.debug("Loading: "+ rootServletContext);
					xmlReader.loadBeanDefinitions(new ServletContextResource(
							servletContext, rootServletContext));
				}
			}
			// Manage the lifecycle of the root application context
			servletContext.addListener(new ContextLoaderListener(rootContext));

			// logger.debug("Beans after logAMQP in {}", rootContext);
			// dumpBeanDefinitions(rootContext);

			Logger.info("=============== Loading SPI Context! ===============");
			// logger.debug("Startup with context {}", rootContext);
			if (rootContext instanceof BeanDefinitionRegistry) {
				Logger.debug("Loading EGIZ components");
				SpringLoader
						.loadSpringServices(rootContext);
			} else {
				Logger.warn("Failed to load external Spring since no BeanDefinitionRegistry");
			}
			
			Logger.trace("Beans after SPI in "+ rootContext);
			dumpBeanDefinitions(rootContext);

			Logger.debug("Loading servlet config in "+ rootContext);
			if (servletContexts != null) {
				for (String servletContextString : servletContexts) {
					xmlReader.loadBeanDefinitions(new ServletContextResource(
							servletContext, servletContextString));
				}
			}
			Logger.debug("Refreshing context "+ rootContext);
			rootContext.refresh();

			Logger.info("=============== Register Dispatcher Servlet! ===============");

			Logger.trace("Final Beans in "+ rootContext);
			dumpBeanDefinitions(rootContext);
			
			
			Logger.info("Registering dispatcher configuration");
			ServletRegistration.Dynamic dispatcher = servletContext.addServlet(
					"dispatcher", new DispatcherServlet(rootContext));
			if (dispatcher != null) {  
				dispatcher.setLoadOnStartup(1);
				dispatcher.addMapping("/");
				dispatcher.setAsyncSupported(true);
			} else {
				Logger.error("Failed to register dispatcher server in servlet context!");
			}
			
			Logger.info("=============== Register RequestContextListener! ===============");
			servletContext.addListener(new RequestContextListener());

			Logger.info("Basic Context initalisation finished --> Start MOA-ID-Auth initialisation process ...");
			MOAIDAuthInitializer.initialize(rootContext);
			Logger.info(MOAIDMessageProvider.getInstance().getMessage(
					"init.00", null));			
			Logger.info("MOA-ID-Auth initialization finished.");
				
						
		} catch (Throwable e) {
			Logger.fatal(
					MOAIDMessageProvider.getInstance().getMessage("init.02",
							null), e);
			
		}
				
	}
	
    
    
    /**
     * Initializes the web application components which need initialization:
     * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner.
     * @param rootContext 
     */
    public static void initialize(GenericWebApplicationContext rootContext) throws ConfigurationException,
            PKIException, IOException, GeneralSecurityException {
        Logger.setHierarchy("moa.id.auth");
        Logger.info("Default java file.encoding: "
                + System.getProperty("file.encoding"));

                
        //JDK bug workaround according to:
        // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier
        // register content data handlers for S/MIME types
        MailcapCommandMap mc = new MailcapCommandMap();
        CommandMap.setDefaultCommandMap(mc);
        
        if (MiscUtil.isEmpty(System.getProperty("https.cipherSuites")))        
        	System.setProperty(
        			"https.cipherSuites",
        			"TLS_DH_anon_WITH_AES_128_CBC_SHA" +
        					",TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +
        					",TLS_DHE_DSS_WITH_AES_128_CBC_SHA" +
        					",TLS_RSA_WITH_AES_128_CBC_SHA" +
        					",TLS_RSA_WITH_AES_256_CBC_SHA" + 
        					",SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" +
        					",SSL_RSA_WITH_3DES_EDE_CBC_SHA"
        					);
    

        
        // load some jsse classes so that the integrity of the jars can be
        // verified
        // before the iaik jce is installed as the security provider
        // this workaround is only needed when sun jsse is used in conjunction
        // with
        // iaik-jce (on jdk1.3)
        ClassLoader cl = MOAIDAuthInitializer.class.getClassLoader();
        try {
            cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
        } catch (ClassNotFoundException e) {
            Logger.warn(MOAIDMessageProvider.getInstance().getMessage(
                    "init.01", null), e);
        }

        Logger.info("Loading Java security providers.");
        IAIK.addAsProvider();                
        ECCProvider.addAsProvider();
        
        // Initializes SSLSocketFactory store
        SSLUtils.initialize();

        // Initializes Namespace Map
        Constants.nSMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
        Constants.nSMap.put(Constants.ECDSA_PREFIX,
                "http://www.w3.org/2001/04/xmldsig-more#");
        Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);

        
        // Initialize configuration provider
       	AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(rootContext);

       	//test, if MOA-ID is already configured
    	authConf.getPublicURLPrefix();


    	// Initialize MOA-SP
    	//MOA-SP is only use by API calls since MOA-ID 3.0.0  
        try {
        	LoggingContextManager.getInstance().setLoggingContext(
                      new LoggingContext("startup"));
            ConfigurationProvider config = ConfigurationProvider
                      .getInstance();
            new IaikConfigurator().configure(config);
            
         } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) {
            throw new ConfigurationException("config.10", new Object[] { ex
                     .toString() }, ex);
            
         }
        	        	
				
        //IAIK.addAsProvider();                
        //ECCProvider.addAsProvider();
        
        Security.insertProviderAt(IAIK.getInstance(), 0);
        Security.addProvider(new ECCProvider());
        
        if (Logger.isDebugEnabled()) {
        	Logger.debug("Loaded Security Provider:");
        	Provider[] providerList = Security.getProviders();
        	for (int i=0; i<providerList.length; i++)
        		Logger.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion());        		
        	
        }
        
        
        // Starts the session cleaner thread to remove unpicked authentication data
        AuthenticationSessionCleaner sessioncleaner = rootContext.getBean("AuthenticationSessionCleaner", AuthenticationSessionCleaner.class);
        AuthenticationSessionCleaner.start(sessioncleaner);
        
        MOAGarbageCollector.start();
    }
    
	private void dumpBeanDefinitions(GenericApplicationContext context) {
		Logger.trace("Registered Bean in context " + context.toString());
		
		String[] registeredBeans = context.getBeanDefinitionNames();
		for (String registeredBean : registeredBeans) {
			BeanDefinition beanDefinition = context
					.getBeanDefinition(registeredBean);
			Logger.trace(registeredBean + " -> " + 	beanDefinition.getBeanClassName());
			
		}
		
		Logger.trace("Registered Bean in context --"+ context);
	}
}