package at.gv.egovernment.moa.id.auth.builder;

import org.springframework.stereotype.Service;
import org.w3c.dom.Element;

import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator;
import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil;
import at.gv.egovernment.moa.util.Constants;

@Service("MOASAML2SubjectNameIDGenerator")
public class MOAIDSubjectNameIdGenerator implements ISubjectNameIdGenerator {
	
	@Override
	public Pair<String, String> generateSubjectNameId(IAuthData authData, ISPConfiguration spConfig) throws PVP2Exception {
		//build nameID and nameID Format from moasessio
		if (authData instanceof IMOAAuthData && 
				((IMOAAuthData)authData).isUseMandate()) {
			String identifier = null;
			String identifierType = null;
			
			Element mandate = ((IMOAAuthData)authData).getMandate();
			if(mandate != null) {
				Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
				if(mandateObject == null) {
					throw new NoMandateDataAvailableException();
				}
				CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
				PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
				
				IdentificationType id;
				if(corporation != null && corporation.getIdentification().size() > 0)
					id = corporation.getIdentification().get(0);
	
					
				else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
					id = pysicalperson.getIdentification().get(0);
					
				else {
					Logger.error("Failed to generate IdentificationType");
					throw new NoMandateDataAvailableException();		
				}
							
				identifier = id.getValue().getValue();
				identifierType = id.getType();
				
			} else {
				Logger.debug("Read mandator bPK|baseID from PVP attributes ... ");
				String natSourcePin = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class);
				String natSourcePinType = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class);				
				String natBpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class);
				
				String jurSourcePin = authData.getGenericData(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class);
        String jurSourcePinType = authData.getGenericData(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
         
        if ( (MiscUtil.isNotEmpty(jurSourcePin) || MiscUtil.isNotEmpty(jurSourcePinType)) 
            && (MiscUtil.isNotEmpty(natSourcePin) || MiscUtil.isNotEmpty(natBpk))) {
          Logger.warn("Found mandate attributes for legal- AND natural-person. "
              + "Both not allowed during on authentication. Process stops now!");
          throw new MandateAttributesNotHandleAbleException();
          
        }
        
        if (MiscUtil.isNotEmpty(jurSourcePin) && MiscUtil.isNotEmpty(jurSourcePinType)) {
          Logger.debug("Find jur. person sourcepin. Build SubjectNameId from this ... ");
          return Pair.newInstance(jurSourcePin, jurSourcePinType);
          
          
        } else if (MiscUtil.isNotEmpty(natSourcePin)) {
          Logger.debug("Find nat. person sourcepin. Build SubjectNameId from this ... ");
          identifier = natSourcePin;
          
          if (MiscUtil.isNotEmpty(natSourcePinType)) {
            identifierType = natSourcePinType;
            
          } else {
            identifierType = Constants.URN_PREFIX_BASEID;
            
          }
          
        } else if (MiscUtil.isNotEmpty(natBpk)) {
          Logger.debug("Find nat. person bPK. Build SubjectNameId from this ... ");
          try {
            if (natBpk.contains(":")) {
              natBpk = natBpk.split(":")[1];
              
            }
            
          } catch (Exception e) {            
            Logger.warn("Can not split bPK from mandator attribute!", e);
            Logger.info("Use nat. person bPK as it is");
            
          }
          
          return Pair.newInstance(natBpk, 
              spConfig.getAreaSpecificTargetIdentifier());
                            
        } else {
          throw new NoMandateDataAvailableException();
          
        }
			} 			
			  
			if (identifierType.equals(Constants.URN_PREFIX_BASEID)) {				
			  try {
			     return BPKBuilder.generateAreaSpecificPersonIdentifier(
			        identifier, spConfig.getAreaSpecificTargetIdentifier());
										
			  } catch (EAAFBuilderException e) {
			    Logger.warn("Can NOT generate SubjectNameId." , e);
			    throw new ResponderErrorException("pvp2.01", null);

			  }								
				
			} else {
			  return Pair.newInstance(identifier, identifierType);
				
			}
						
			//no mandate available. Use bPK from authenticated entity
		} else {
			return Pair.newInstance(authData.getBPK(), authData.getBPKType());
			
		}

	}

}