/*******************************************************************************
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 * 
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 * 
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 ******************************************************************************/
package at.gv.egovernment.moa.id.auth.servlet;

import java.io.IOException;
import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.URLEncoder;


@Controller
public class RedirectServlet {

	public static final String SERVICE_ENDPOINT = "/RedirectServlet";
	
	public static final String REDIRCT_PARAM_URL = "redirecturl";
	private static final String DEFAULT_REDIRECTTARGET = "_parent";
	
	private static final String URL = "URL";
	private static final String TARGET = "TARGET";
	
	@Autowired(required=true) SSOManager ssoManager;
	@Autowired(required=true) IGUIFormBuilder guiBuilder;
	@Autowired(required=true) private AuthConfiguration authConfig;
	
	@RequestMapping(value = "/RedirectServlet", method = RequestMethod.GET)
	public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
		Logger.debug("Receive " + RedirectServlet.class + " Request");
		
		String url = req.getParameter(REDIRCT_PARAM_URL);
		String target = StringEscapeUtils.escapeHtml(req.getParameter(MOAIDAuthConstants.PARAM_TARGET));
		String artifact = req.getParameter(MOAIDAuthConstants.PARAM_SAMLARTIFACT);
		String interIDP = req.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
				
		Logger.debug("Check URL against online-applications");
		IOAAuthParameters oa = null;
		String redirectTarget = DEFAULT_REDIRECTTARGET;
		try {
			//validate URL
			new java.net.URL(url);
			
			//url = URLDecoder.decode(url, "UTF-8");
			
			oa = authConfig.getServiceProviderConfiguration(url, IOAAuthParameters.class);
			String authURL = HTTPUtils.extractAuthURLFromRequest(req);
			
			List<String> allowedPublicUrlPrefixes = authConfig.getPublicURLPrefix();
			
			if ((oa == null && !checkRedirectToItself(url, allowedPublicUrlPrefixes)) 
					|| !authConfig.getPublicURLPrefix().contains(authURL)) {		
				resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
				return;
				
			} else {				
				//Redirect is a SAML1 send Artifact redirct
				if (MiscUtil.isNotEmpty(artifact)) {
					try {
						String test = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET);
						if (MiscUtil.isNotEmpty(test))
							redirectTarget = test;
					
					} catch (Exception e) {
						Logger.debug("Use default redirectTarget.");
					}
				
					Logger.info("Redirect to " + url);
										
					if (MiscUtil.isNotEmpty(target)) {
//						redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
//								URLEncoder.encode(session.getTarget(), "UTF-8"));
						url = HTTPUtils.addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET,
								URLEncoder.encode(target, "UTF-8"));


					}
					url = HTTPUtils.addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT,
							URLEncoder.encode(artifact, "UTF-8"));
					url = resp.encodeRedirectURL(url);
					

					DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
							authURL, 
							DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, 
							null);
					config.putCustomParameterWithOutEscaption(URL, StringEscapeUtils.escapeHtml(url));
					config.putCustomParameter(TARGET, redirectTarget);
					guiBuilder.build(resp, config, "RedirectForm.html");
									
				} else if (MiscUtil.isNotEmpty(interIDP)) {
					//store IDP identifier and redirect to generate AuthRequst service					
					Logger.info("Receive an interfederation redirect request for IDP " + interIDP);					
					ssoManager.setInterfederationIDPCookie(req, resp, interIDP);

					Logger.debug("Redirect to " + url);					
					url = resp.encodeRedirectURL(url);					
					resp.setContentType("text/html");
					resp.setStatus(HttpServletResponse.SC_FOUND);
					resp.addHeader("Location", url);
					
				} else {					
					Logger.debug("Redirect to " + url);
					
					try {
						String test = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET);
						if (MiscUtil.isNotEmpty(test))
							redirectTarget = test;
					
					} catch (Exception e) {
						Logger.debug("Use default redirectTarget.");
					}
					
					DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
							authURL, 
							DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, 
							null);
					config.putCustomParameterWithOutEscaption(URL, StringEscapeUtils.escapeHtml(url));
					config.putCustomParameter(TARGET, redirectTarget);
					
					guiBuilder.build(resp, config, "RedirectForm.html");
						
				}
				
			}
			
		} catch (Throwable e) {
			resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
			return;
						
		} finally {
			
			
		}
		
	}

	private boolean checkRedirectToItself(String url, List<String> allowedPublicUrlPrefixes) {
		if (url != null) {		
			for (String el : allowedPublicUrlPrefixes) {
				if (url.startsWith(el))
					return true;
			
			}
		}
		
		return false;
	}
	
}