/*******************************************************************************
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 * 
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 * 
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 ******************************************************************************/
/*
 * Copyright 2003 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */

package at.gv.egovernment.moa.id.auth.servlet;

import iaik.pki.PKIException;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.List;

import javax.net.ssl.SSLSocketFactory;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.ParserConfigurationException;

import org.apache.commons.lang.StringEscapeUtils;
import org.xml.sax.SAXException;

import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;

/**
 * Servlet requested for getting the foreign eID provided by the security layer
 * implementation. Utilizes the {@link AuthenticationServer}.
 * 
 */
public class GetMISSessionIDServlet extends AuthServlet {

	/**
	 * 
	 */
	private static final long serialVersionUID = 4666952867085392597L;

	/**
	 * Constructor for GetMISSessionIDServlet.
	 */
	public GetMISSessionIDServlet() {
		super();
	}

	/**
	 * GET requested by security layer implementation to verify that data URL
	 * resource is available.
	 * 
	 * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest,
	 *      HttpServletResponse)
	 */
	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
			throws ServletException, IOException {

		doPost(req, resp);

		// Logger.debug("GET GetMISSessionIDServlet");
		//
		// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
		// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
		// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
		// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
	}

	/**
	 * Gets the signer certificate from the InfoboxReadRequest and responds with
	 * a new <code>CreateXMLSignatureRequest</code>. <br>
	 * Request parameters:
	 * <ul>
	 * <li>MOASessionID: ID of associated authentication session</li>
	 * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
	 * </ul>
	 * 
	 * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest,
	 *      HttpServletResponse)
	 */
	protected void doPost(HttpServletRequest req, HttpServletResponse resp)
			throws ServletException, IOException {

		Logger.debug("POST GetMISSessionIDServlet");

		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
				MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
				MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);

		// Map parameters;
		// try
		// {
		// parameters = getParameters(req);
		// } catch (FileUploadException e)
		// {
		// Logger.error("Parsing mulitpart/form-data request parameters failed: "
		// + e.getMessage());
		// throw new IOException(e.getMessage());
		// }

		String sessionID = req.getParameter(PARAM_SESSIONID);

		// escape parameter strings
		sessionID = StringEscapeUtils.escapeHtml(sessionID);

		AuthenticationSession session = null;
		String pendingRequestID = null;
		try {
			// check parameter
			if (!ParamValidatorUtils.isValidSessionID(sessionID))
				throw new WrongParametersException("VerifyCertificate",
						PARAM_SESSIONID, "auth.12");

			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
			
			session = AuthenticationServer.getSession(sessionID);

			String misSessionID = session.getMISSessionID();

			AuthConfigurationProvider authConf = AuthConfigurationProvider
					.getInstance();
			ConnectionParameter connectionParameters = authConf
					.getOnlineMandatesConnectionParameter();
			SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
					AuthConfigurationProvider.getInstance(),
					connectionParameters);

			List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest(
					connectionParameters.getUrl(), misSessionID, sslFactory);

			if (list == null) {
				Logger.error("Keine Vollmacht gefunden.");
				throw new MISSimpleClientException("Keine Vollmacht gefunden");
			}
			if (list.size() == 0) {
				Logger.error("Keine Vollmacht gefunden.");
				throw new MISSimpleClientException("Keine Vollmacht gefunden");
			}

			// for now: list contains only one element
			MISMandate mandate = (MISMandate) list.get(0);

			String sMandate = new String(mandate.getMandate());
			if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
				Logger.error("Mandate is empty.");
				throw new AuthenticationException("auth.16",
						new Object[] { GET_MIS_SESSIONID });
			}
						
			//check if it is a parsable XML
			byte[] byteMandate = mandate.getMandate();
			String stringMandate = new String(byteMandate);
			DOMUtils.parseDocument(stringMandate, false,
					null, null).getDocumentElement();
			
			// extract RepresentationType
			AuthenticationServer.getInstance().verifyMandate(session, mandate);
			
			session.setMISMandate(mandate);
			session.setAuthenticatedUsed(false);
			session.setAuthenticated(true);
			
	    	//set QAA Level four in case of card authentifcation
	    	session.setQAALevel(PVPConstants.STORK_QAA_1_4);
			
			String oldsessionID = session.getSessionID();
			
			//Session is implicite stored in changeSessionID!!!
			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
			
			Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
			Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
						
			String redirectURL = new DataURLBuilder().buildDataURL(
					session.getAuthURL(),
					ModulUtils.buildAuthURL(session.getModul(),
							session.getAction(), pendingRequestID), newMOASessionID);
			redirectURL = resp.encodeRedirectURL(redirectURL);
			
			resp.setContentType("text/html");
			resp.setStatus(302);
			resp.addHeader("Location", redirectURL);
			Logger.debug("REDIRECT TO: " + redirectURL);

		} catch (MOAIDException ex) {
			handleError(null, ex, req, resp, pendingRequestID);
		} catch (GeneralSecurityException ex) {
			handleError(null, ex, req, resp, pendingRequestID);
		} catch (PKIException e) {
			handleError(null, e, req, resp, pendingRequestID);
		} catch (SAXException e) {
			handleError(null, e, req, resp, pendingRequestID);
		} catch (ParserConfigurationException e) {
			handleError(null, e, req, resp, pendingRequestID);
		}
		
	    finally {
	    	ConfigurationDBUtils.closeSession();
	    }
	}

}