/*
 * Copyright 2003 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */


package at.gv.egovernment.moa.id.auth.servlet;

import java.io.IOException;
import java.util.Map;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;

import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;

/**
 * Servlet requested for verifying the identity link
 * provided by the security layer implementation.
 * Utilizes the {@link AuthenticationServer}.
 *
 * @author Paul Ivancsics
 * @version $Id$
 */
public class VerifyIdentityLinkServlet extends AuthServlet {

  /**
	 * 
	 */
	private static final long serialVersionUID = -7074476974026049958L;

/**
   * Constructor for VerifyIdentityLinkServlet.
   */
  public VerifyIdentityLinkServlet() {
    super();
  }

  /**
   * GET requested by security layer implementation to verify
   * that data URL resource is available.
   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
   */
  protected void doGet(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException { 
    	
		Logger.debug("GET VerifyIdentityLink");
		
		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
  }

  /**
   * Verifies the identity link and responds with a new 
   * <code>CreateXMLSignatureRequest</code> or a new <code>
   * InfoboxReadRequest</code> (in case of a foreign eID card).
   * <br>
   * Request parameters:
   * <ul>
   * <li>MOASessionID: ID of associated authentication session</li>
   * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
   * </ul>
   * Response:
   * <ul>
   * <li>Content type: <code>"text/xml"</code></li>
   * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
   * <li>Error status: <code>500</code>
   * </ul>
   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
   */
  protected void doPost(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException {

		Logger.debug("POST VerifyIdentityLink");
		  
    Map parameters;
    try 
    {
      parameters = getParameters(req);
    } catch (FileUploadException e) 
    {
      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
      throw new IOException(e.getMessage());
    }
    String sessionID = req.getParameter(PARAM_SESSIONID);
       

    // escape parameter strings
	sessionID = StringEscapeUtils.escapeHtml(sessionID);
    
    resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
	resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
	resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
	resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);

	
    try {
    // check parameter
       if (!ParamValidatorUtils.isValidSessionID(sessionID))
          throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
       
       
       AuthenticationSession session = AuthenticationServer.getSession(sessionID);
    	  
    	String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters);

    	Logger.debug(createXMLSignatureRequestOrRedirect);
    	
    	    	
    	if (createXMLSignatureRequestOrRedirect == null) {
    	   // no identity link found

    		boolean useMandate = session.getUseMandate();
    		if (useMandate) {
    			Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
    			throw new AuthenticationException("auth.13", null);
    		}
    		
    		try {
    		
    		   Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
    		   
    		   // create the InfoboxReadRequest to get the certificate
    		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);

    		   // build dataurl (to the VerifyCertificateSerlvet)
          String dataurl =
                new DataURLBuilder().buildDataURL(
                  session.getAuthURL(),
                  REQ_VERIFY_CERTIFICATE,
                  session.getSessionID());
          
         
          ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
          
    	    	
    	    }
    	    catch(Exception e) {
    	    	handleError(null, e, req, resp);
    	    }
    	    
    	}
    	else {
    		// @TODO: unteren InfoboxReadRequest zu, Signer-Cert auslesen (wegen Cert Abfrage auf Organwalter OID),
    		// nach oben verschoben vor verifyIdentityLink (da hier schon bPK berechnet, die aber f�r OW nicht in
    		// AUTH Block aufscheinen darf. --> D.h. verifyIdentityLink umbauen - verify und AUTH Block bauen trennen)
    		
    		//TODO: Klaus fragen ob der Teil wirklich noch benötigt wird!!!!!
//    		boolean useMandate = session.getUseMandate();
//    		if (useMandate) { // Mandate modus
//    			// read certificate and set dataurl to 
//    			Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
//    			
//    
//     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
//
//     		   // build dataurl (to the GetForeignIDSerlvet)
//     		   String dataurl =
//                 new DataURLBuilder().buildDataURL(
//                   session.getAuthURL(),
//                   REQ_VERIFY_CERTIFICATE,
//                   session.getSessionID());
//           
//          
//     		  //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
//     		  //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
//     		  Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
//     		  ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
//    			
//    		}
//    		else {
    			Logger.info("Normal");
    			
    			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
    					.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
    			AuthConfigurationProvider authConf = AuthConfigurationProvider
    					.getInstance();
    			
    			createXMLSignatureRequestOrRedirect =  AuthenticationServer.getInstance()
    					.getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
    					authConf, oaParam);
    			
    			ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
    		}
    		
    		
//    	}
    	
		try {
			AuthenticationSessionStoreage.storeSession(session);
			
		} catch (MOADatabaseException e) {
			Logger.info("No valid MOA session found. Authentification process is abourted.");
			throw new AuthenticationException("auth.20", null);
		}
    }
    catch (ParseException ex) {
    	handleError(null, ex, req, resp);
    }
    
    catch (MOAIDException ex) {
      handleError(null, ex, req, resp);
    }
  }

}