/*
* Copyright 2003 Federal Chancellery Austria
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package at.gv.egovernment.moa.id.auth.builder;

import java.text.MessageFormat;
import java.util.List;

import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.StringUtils;

/**
 * Builder for the authentication data <code>&lt;saml:Assertion&gt;</code>
 * to be provided by the MOA ID Auth component.
 *
 * @author Paul Ivancsics
 * @version $Id$
 */
public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
  /** private static String NL contains the NewLine representation in Java*/
	private static final String NL = "\n";
	/**
	 * XML template for the <code>&lt;saml:Assertion&gt;</code> to be built
	 */
	private static final String AUTH_DATA =
		"<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL +
	  "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" +
	  " xmlns:si=''" +  XSI_NS_URI + "''" +
    " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
	  "	<saml:AttributeStatement>" + NL + 
	  "		<saml:Subject>" + NL +
	  "			<saml:NameIdentifier NameQualifier=''{3}''>{4}</saml:NameIdentifier>" + NL +
	  "     <saml:SubjectConfirmation>" + NL +
	  "       <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL +
	  "       <saml:SubjectConfirmationData>{5}{6}</saml:SubjectConfirmationData>" + NL +
	  "     </saml:SubjectConfirmation>" + NL +
	  "		</saml:Subject>" + NL +
	  "		<saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL +
	  "			<saml:AttributeValue>{7}</saml:AttributeValue>" + NL +
	  "		</saml:Attribute>" + NL +
	  "		<saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
	  "			<saml:AttributeValue>{8}</saml:AttributeValue>" + NL +
	  "		</saml:Attribute>" + NL +
      "   <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
      "     <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
      "   </saml:Attribute>" + NL +
	  "{10}" + 
      "{11}" +
      "{12}" +
	  "	</saml:AttributeStatement>" + NL +
	  "</saml:Assertion>";
	/**
	 * XML template for the <code>&lt;saml:Attribute&gt;</code> named <code>"isPublicAuthority"</code>,
	 * to be inserted into the <code>&lt;saml:Assertion&gt;</code>
	 */
	private static final String PUBLIC_AUTHORITY_ATT = 
	  "		<saml:Attribute AttributeName=''isPublicAuthority'' AttributeNamespace=''urn:oid:1.2.40.0.10.1.1.1''>" + NL +
	  "			<saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
	  "		</saml:Attribute>" + NL;
  
    private static final String SIGNER_CERTIFICATE_ATT = 
      "     <saml:Attribute AttributeName=''SignerCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
      "         <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
      "     </saml:Attribute>" + NL;
	  
  /**
   * Constructor for AuthenticationDataAssertionBuilder.
   */
  public AuthenticationDataAssertionBuilder() {
    super();
  }

  /**
   * Builds the authentication data <code>&lt;saml:Assertion&gt;</code>.
   * 
   * @param authData the <code>AuthenticationData</code> to build the 
   * 				 <code>&lt;saml:Assertion&gt;</code> from
   * @param xmlPersonData <code>lt;pr:Person&gt;</code> element as a String
   * @param xmlAuthBlock authentication block to be included in a 
   * 				 <code>lt;saml:SubjectConfirmationData&gt;</code> element; may include
   * 				 the <code>"Stammzahl"</code> or not; may be empty
   * @param xmlIdentityLink the IdentityLink
   * @param signerCertificateBase64 Base64 encoded certificate of the signer. Maybe
   *         an empty string if the signer certificate should not be provided. 
   *         Will be ignored if the <code>businessService</code> parameter is
   *         set to <code>false</code>.
   * @param businessService <code>true</code> if the online application is a
   *                        business service, otherwise <code>false</code>
   * @return the <code>&lt;saml:Assertion&gt;</code>
   * @throws BuildException if an error occurs during the build process
   */
  public String build(
  	AuthenticationData authData, 
  	String xmlPersonData, 
  	String xmlAuthBlock, 
  	String xmlIdentityLink,
    String bkuURL,
    String signerCertificateBase64,
    boolean businessService,
    List extendedSAMLAttributes) 
  throws BuildException 
  {
  		
  	String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false";
  	String publicAuthorityAttribute = "";
  	if (authData.isPublicAuthority()) {
  		String publicAuthorityIdentification = authData.getPublicAuthorityCode();
  		if (publicAuthorityIdentification == null)
  			publicAuthorityIdentification = "True";
  		publicAuthorityAttribute = MessageFormat.format(
  			PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification });
  	}
    
    
    String signerCertificateAttribute = "";
    if (signerCertificateBase64 != "") {
      signerCertificateAttribute = MessageFormat.format(
        SIGNER_CERTIFICATE_ATT, new Object[] { signerCertificateBase64 });
    } 
    
    String pkType;
    String pkValue;
    if (businessService) {
      pkType = authData.getIdentificationType();
      pkValue = authData.getWBPK();
           
    } else {
      // <saml:NameIdentifier NameQualifier> always has the bPK as type/value
      pkType = URN_PREFIX_BPK;
      pkValue = authData.getBPK();
    }
    
  	String assertion;
    try {
      assertion = MessageFormat.format(AUTH_DATA, new Object[] {
        authData.getAssertionID(), 
        authData.getIssuer(), 
        authData.getIssueInstant(), 
        pkType,
        pkValue, 
        StringUtils.removeXMLDeclaration(xmlAuthBlock), 
        StringUtils.removeXMLDeclaration(xmlIdentityLink), 
        StringUtils.removeXMLDeclaration(xmlPersonData), 
        isQualifiedCertificate,
        bkuURL,
        publicAuthorityAttribute,
        signerCertificateAttribute,
        buildExtendedSAMLAttributes(extendedSAMLAttributes)});
    } catch (ParseException e) {
      Logger.error("Error on building Authentication Data Assertion: " + e.getMessage());
      throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()});
    } 
    return assertion;
  }

}