/*******************************************************************************
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 * 
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 * 
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 ******************************************************************************/
/*
 * Copyright 2003 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */


package at.gv.egovernment.moa.id.auth.servlet;

import java.io.IOException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;


@Controller
public class LogOutServlet {
	private static final String REDIRECT_URL = "redirect";
	
	@Autowired(required=true) private ISSOManager ssomanager;
	//@Autowired(required=true) private IAuthenticationManager authmanager;
	@Autowired(required=true) private IAuthenticationSessionStoreage authenticatedSessionStorage;
	@Autowired(required=true) private AuthConfiguration authConfig;
	
	
	@RequestMapping(value = "/LogOut", method = {RequestMethod.POST, RequestMethod.GET})
	public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
		Logger.debug("Receive simple LogOut Request");  

		String redirectUrl = (String) req.getParameter(REDIRECT_URL);
				
		try {			
			if (MiscUtil.isEmpty(redirectUrl)) {
				//set default redirect Target
				Logger.debug("Set default RedirectURL back to MOA-ID-Auth");
				redirectUrl = HTTPUtils.extractAuthURLFromRequest(req);
				
			} else {
				//return an error if RedirectURL is not a active Online-Applikation
				IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(redirectUrl, IOAAuthParameters.class);			
				if (oa == null) {		
					Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth");
					redirectUrl = HTTPUtils.extractAuthURLFromRequest(req);
					
				}
				
			}
			
			if (ssomanager.destroySSOSessionOnIDPOnly(req, resp, null))
				Logger.info("User with SSO is logged out and get redirect to "+ redirectUrl);				
			else
				Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
		
		} catch (Exception e) {
			resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
			return;
			
		} finally {
			
			
		}
			
		//Redirect to Application
	    resp.setStatus(302);
	    resp.addHeader("Location", redirectUrl);
	    
	}
	
}