package at.gv.egovernment.moa.id.config.legacy;

import iaik.x509.X509Certificate;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;

import org.bouncycastle.crypto.macs.OldHMac;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.xml.XMLObject;
import org.w3c.dom.Element;

import eu.stork.vidp.messages.util.SAMLUtil;
import eu.stork.vidp.messages.util.XMLUtil;

import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
import at.gv.egovernment.moa.id.commons.db.dao.config.ClientKeyStore;
import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
import at.gv.egovernment.moa.id.commons.db.dao.config.KeyName;
import at.gv.egovernment.moa.id.commons.db.dao.config.KeyStore;
import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP;
import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType;
import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureCreationParameterType;
import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;

import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;

public class BuildFromLegacyConfig {

	private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID";

	private static final String SEARCHBKUTEMPLATE_LOCAL = "https://127.0.0.1:3496/";
	private static final String SEARCHBKUTEMPLATE_HANDY = "https://www.handy-signatur.at";
	private static final String SEARCHBKUTEMPLATE_ONLINE = "bkuonline/http-security-layer-request";
	
	public static MOAIDConfiguration build(File fileName, String rootConfigFileDir, MOAIDConfiguration oldconfig) throws ConfigurationException {
	    InputStream stream = null;
	    Element configElem;
	    ConfigurationBuilder builder;
	    
	    Logger.info("Load Legacy-Configuration from file=" + fileName);
	    
	    try {
	    	// load the main config file
			stream = new BufferedInputStream(new FileInputStream(fileName));
			configElem = DOMUtils.parseXmlValidating(stream);
			      
	    } catch (Throwable t) {
	    	throw new ConfigurationException("config.03", null, t);
		}
		   
		finally {
			try {
				if (stream != null) {
					stream.close();
			    }
			} catch (IOException e) {
			
			}
		}
	    
	    try {
	    	String oldbkuonline = "";
	    	String oldbkulocal = "";
	    	String oldbkuhandy = "";
	    		    	
	        // build the internal datastructures
	    	builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
	    	
	    	
	    	MOAIDConfiguration moaIDConfig = new MOAIDConfiguration();
	    	
	    	AuthComponentGeneral generalAuth = new AuthComponentGeneral();
	    	moaIDConfig.setAuthComponentGeneral(generalAuth);
	    	
	    	
	    	//not supported by MOA-ID 2.0
	    	//ConnectionParameter bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
	    	//bKUSelectable = (bKUConnectionParameter!=null);	    	
	    	//bKUSelectionType = builder.buildAuthBKUSelectionType();
	    	
	    	
	    	//Load generic Config
	    	Map genericConfiguration = builder.buildGenericConfiguration();
	    	GeneralConfiguration authGeneral = new GeneralConfiguration();
	    	
	    	if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID))
	    		authGeneral.setAlternativeSourceID(
	    				(String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID));
	    	
	    	if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))
	    		authGeneral.setTrustManagerRevocationChecking(
	    				Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)));
	    	
	    	if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY))
	    		authGeneral.setCertStoreDirectory(
	    				(String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY));
	    		
	    	
	    	//Load Assertion and Session timeouts
	    	TimeOuts timeOuts = new TimeOuts();
	    	if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY))
	    		timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY))));
	    	else
	    		timeOuts.setAssertion(BigInteger.valueOf(2*60)); //default 2min
	    	
	    	if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY))
	    		timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY))));
	    	else
	    		timeOuts.setAssertion(BigInteger.valueOf(30*60));  //default 30min
	    	
	    	timeOuts.setMOASessionUpdated(BigInteger.valueOf(15*60)); //default 15min
	    	authGeneral.setTimeOuts(timeOuts);    	
	    	generalAuth.setGeneralConfiguration(authGeneral);
	    	
	    	Protocols auth_protocols = new Protocols();
	    	generalAuth.setProtocols(auth_protocols);
	    	
	    	LegacyAllowed prot_legacy = new LegacyAllowed();
	    	auth_protocols.setLegacyAllowed(prot_legacy);
	    	final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x");
	    	prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED);
	    	
	    	PVP2 prot_pvp2 = new PVP2();
	    	auth_protocols.setPVP2(prot_pvp2);
	    	prot_pvp2.setPublicURLPrefix("https://....");
	    	prot_pvp2.setIssuerName("MOA-ID 2.x IDP");
	    	
	    	Organization pvp2_org = new Organization();
	    	prot_pvp2.setOrganization(pvp2_org);
	    	pvp2_org.setDisplayName("OrganisationDisplayName");
	    	pvp2_org.setName("OrganisatioName");
	    	pvp2_org.setURL("http://www.egiz.gv.at");
	    	
	    	List<Contact> pvp2_contacts = new ArrayList<Contact>();
	    	prot_pvp2.setContact(pvp2_contacts);	    	
	    	
	    	Contact pvp2_contact = new Contact();
	    	pvp2_contact.setCompany("OrganisationDisplayName");
	    	pvp2_contact.setGivenName("Max");
	    	
	    	
	    	List<String> mails = new ArrayList<String>();
	    	pvp2_contact.setMail(mails);
	    	mails.add("max@muster.mann");

	    	List<String> phones = new ArrayList<String>();
	    	pvp2_contact.setPhone(phones);
	    	phones.add("01 5555 5555");
	    	
	    	pvp2_contact.setSurName("Mustermann");
	    	pvp2_contact.setType("technical");
	    	pvp2_contacts.add(pvp2_contact);
	    	
	    	//SSO
	    	SSO auth_sso = new SSO();
	    	generalAuth.setSSO(auth_sso);
	    	auth_sso.setTarget("");
	    	auth_sso.setFriendlyName("");

	    	
	    	//set SecurityLayer Transformations
	    	String[] transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
	    	String[] transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames);
	    	
	    	List<TransformsInfoType> auth_transformInfos = new ArrayList<TransformsInfoType>();
	    	if (transformsInfos != null && transformsInfos.length > 0) {
	    		for (int i=0; i<transformsInfos.length; i++) {

	    			TransformsInfoType transforminfotype = new TransformsInfoType();
	    			transforminfotype.setFilename(transformsInfoFileNames[i]);
	    		
	    			transforminfotype.setTransformation(Base64Utils.encode(transformsInfos[i].getBytes("UTF-8")).getBytes("UTF-8"));
	    			auth_transformInfos.add(transforminfotype); 
	    		}
	    		
	    	} 
	    	
	    	SecurityLayer auth_securityLayer = new SecurityLayer();
	    	auth_securityLayer.setTransformsInfo(auth_transformInfos);
	    	generalAuth.setSecurityLayer(auth_securityLayer);
	    	
	    	
	    	//set MOASP configuration
	    	MOASP auth_moaSP = new MOASP();
	    	generalAuth.setMOASP(auth_moaSP);
	    	
	    	//set MOASP connection
	    	ConnectionParameter moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
	    	if (moaSpConnectionParameter != null) {
	    		ConnectionParameterClientAuthType auth_moaSP_connection = 
	    			parseConnectionParameterClientAuth(moaSpConnectionParameter);
	    		auth_moaSP.setConnectionParameter(auth_moaSP_connection);
	    	}
	    	
	    	//set VerifyIdentityLink
	    	String moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
	    	VerifyIdentityLink auth_moaSP_verifyIdentityLink = new VerifyIdentityLink();
	    	auth_moaSP_verifyIdentityLink.setTrustProfileID(moaSpIdentityLinkTrustProfileID);
	    	auth_moaSP.setVerifyIdentityLink(auth_moaSP_verifyIdentityLink);
	    	
	    	//set VerifyAuthBlock
	    	String moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
	    	VerifyAuthBlock auth_moaSP_verifyAuthBlock = new VerifyAuthBlock();
	    	auth_moaSP_verifyAuthBlock.setTrustProfileID(moaSpAuthBlockTrustProfileID);
	    	String[] moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
	    	List<String> transformlist = new ArrayList<String>();
	    	Collections.addAll(transformlist, moaSpAuthBlockVerifyTransformsInfoIDs);
	    	auth_moaSP_verifyAuthBlock.setVerifyTransformsInfoProfileID(transformlist);
	    	auth_moaSP.setVerifyAuthBlock(auth_moaSP_verifyAuthBlock);
	    	
	    	
	    	//set IdentityLinkSigners
	    	IdentityLinkSigners auth_idsigners = new IdentityLinkSigners();
	    	generalAuth.setIdentityLinkSigners(auth_idsigners);
	    	List<String> identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
	    	auth_idsigners.setX509SubjectName(identityLinkX509SubjectNames);
	    	
	    	
	    	//not supported by MOA-ID 2.0
	    	VerifyInfoboxParameters defaultVerifyInfoboxParameters = null;
//	        Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH);
//	        if (defaultVerifyInfoboxParamtersElem != null) {
//	          defaultVerifyInfoboxParameters = 
//	            builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID);
//	        }
	        

	    	//Set ForeignIdentities
	    	ForeignIdentities auth_foreign = new ForeignIdentities();
	    	generalAuth.setForeignIdentities(auth_foreign);
	    	
	    	//set Connection parameters
	        ConnectionParameter foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter();
	        ConnectionParameterClientAuthType auth_foreign_connection = 
	        		parseConnectionParameterClientAuth(foreignIDConnectionParameter);
	        auth_foreign.setConnectionParameter(auth_foreign_connection);
	        
	        //set STORK configuration
	    	STORKConfig storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap());
	    	STORK auth_foreign_stork = new STORK();
	    	auth_foreign.setSTORK(auth_foreign_stork);
	    	
	    	//set CPEPS
	    	Map<String, at.gv.egovernment.moa.id.config.legacy.CPEPS> map = storkConfig.getCpepsMap();
	    	Set<String> map_keys = map.keySet();
	    	List<CPEPS> auth_foreign_stork_cpeps = new ArrayList<CPEPS>(); 	    	
	    	for (String key : map_keys) {
	    		CPEPS cpep = new CPEPS();
	    		cpep.setCountryCode(map.get(key).getCountryCode());
	    		cpep.setURL(map.get(key).getPepsURL().toExternalForm());  //check correctness!!!!
	    		
	    		List<String> cpep_reqs = new ArrayList<String>();
	    		
	    		List<RequestedAttribute> map1 = map.get(key).getCountrySpecificRequestedAttributes();
	    		for (RequestedAttribute e1 : map1) {
	    			Element element = SAMLUtil.marshallMessage(e1);
	    			cpep_reqs.add(XMLUtil.printXML(element));
	    		}
	    		cpep.setAttributeValue(cpep_reqs);
	    		auth_foreign_stork_cpeps.add(cpep);
	    	}
	    	auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps);
	    	
	    	
	    	//set SAMLSigningParameter
	    	if (storkConfig.getSignatureCreationParameter() != null && 
	    			storkConfig.getSignatureVerificationParameter() != null) {
	    		SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter();
	    		auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign);
	    	
	    		SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType();
	    		auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat);
	    		KeyStore stork_saml_creat_keystore = new KeyStore();
	    		stork_saml_creat.setKeyStore(stork_saml_creat_keystore);
	    		stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword());
	    		stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath());
	    		KeyName stork_saml_creat_keyname = new KeyName();
	    		stork_saml_creat.setKeyName(stork_saml_creat_keyname);
	    		stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName());
	    		stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword());
	    	
	    	
	    	
	    		SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType();
	    		auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify);
	    		stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID());
	    	
	    	}
	    	
	    	//TODO: check correctness
	    	//set QualityAuthenticationAssurance
	    	//set RequestedAttbutes
	    	
	    	
	    	//set OnlineMandates config
	        ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter();
	        if (onlineMandatesConnectionParameter != null) {
	        	OnlineMandates auth_mandates = new OnlineMandates();
	        	generalAuth.setOnlineMandates(auth_mandates);
	        	auth_mandates.setConnectionParameter(
	        		parseConnectionParameterClientAuth(onlineMandatesConnectionParameter));
	        }
	        
	        
	        //TODO: add auth template configuration!!!
	        
	        
	    	if (oldconfig != null) {
	    		if (oldconfig.getDefaultBKUs() != null) {
	    			oldbkuhandy = oldconfig.getDefaultBKUs().getHandyBKU();
	    			oldbkulocal = oldconfig.getDefaultBKUs().getLocalBKU();
	    			oldbkuonline = oldconfig.getDefaultBKUs().getOnlineBKU();
	    		}	    		
	    	} else {
	    		List<String> trustbkus = builder.getTrustedBKUs();
	    		for (String trustbku : trustbkus) {
	    			if (MiscUtil.isEmpty(oldbkuonline) && trustbku.endsWith(SEARCHBKUTEMPLATE_ONLINE))
	    				oldbkuonline = trustbku;
	    			
	    			if (MiscUtil.isEmpty(oldbkuhandy) && trustbku.startsWith(SEARCHBKUTEMPLATE_HANDY))
	    				oldbkuhandy = trustbku;
	    			
	    			if (MiscUtil.isEmpty(oldbkulocal) && trustbku.startsWith(SEARCHBKUTEMPLATE_LOCAL))
	    				oldbkulocal = trustbku;
	    		}
	    		
	    	}
	        

	        //set OnlineApplications
	        OAAuthParameter[] onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);

	        ArrayList<OnlineApplication> moa_oas = new ArrayList<OnlineApplication>();
	        moaIDConfig.setOnlineApplication(moa_oas);
	        
	        for (OAAuthParameter oa : onlineApplicationAuthParameters) {
	        	OnlineApplication moa_oa = new OnlineApplication();
	        	
	        	//set general OA configuration
	        	moa_oa.setCalculateHPI(false); //TODO: Bernd fragen warum das nicht direkt über den Bereichsidentifyer definert wird
	        	moa_oa.setFriendlyName(oa.getFriendlyName()); 
	        	moa_oa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(oa.getKeyBoxIdentifier()));
	        	moa_oa.setPublicURLPrefix(oa.getPublicURLPrefix());
	        	moa_oa.setTarget(oa.getTarget());
	        	moa_oa.setTargetFriendlyName(oa.getTargetFriendlyName());
        		moa_oa.setType(oa.getOaType());
        		moa_oa.setIsActive(true);
	        	
	        	
	        	AuthComponentOA oa_auth = new AuthComponentOA();
	        	moa_oa.setAuthComponentOA(oa_auth);
	        	
	        	//SLLayer Version / useIframe 
//	        	oa_auth.setSlVersion(oa.getSlVersion());
//	        	oa_auth.setUseIFrame(false);
//	        	oa_auth.setUseUTC(oa.getUseUTC());
	        	
	        	
	        	//BKUURLs
	        	BKUURLS bkuurls = new BKUURLS();
	        	bkuurls.setOnlineBKU(oldbkuonline);
	        	bkuurls.setHandyBKU(oldbkuhandy);
	        	bkuurls.setLocalBKU(oldbkulocal);
	        	oa_auth.setBKUURLS(bkuurls);
	        	
	        	//IdentificationNumber
	        	IdentificationNumber idnumber = new IdentificationNumber();
	        	idnumber.setValue(oa.getIdentityLinkDomainIdentifier());
	        	idnumber.setType(oa.getIdentityLinkDomainIdentifierType());
	        	oa_auth.setIdentificationNumber(idnumber);
	        	
	        	//set Templates
	        	TemplatesType templates = new TemplatesType();
	        	oa_auth.setTemplates(templates);
	        	templates.setAditionalAuthBlockText("");
	        	TemplateType template = new TemplateType();
	        	template.setURL(oa.getTemplateURL());
	        	ArrayList<TemplateType> template_list = new ArrayList<TemplateType>();
	        	template_list.add(template);
	        	templates.setTemplate(template_list);
	        	
	        	
	        	//set TransformsInfo
	        	String[] transforminfos = oa.getTransformsInfos();
	        	ArrayList<TransformsInfoType> oa_transforminfos = new ArrayList<TransformsInfoType>();
	        	for (String e1 : transforminfos) {
	        		TransformsInfoType transforminfo = new TransformsInfoType();
	        		transforminfo.setFilename(e1);
	        		oa_transforminfos.add(transforminfo);
	        	}
	        	oa_auth.setTransformsInfo(oa_transforminfos);
	        	
	        	//VerifyInfoBoxes not supported by MOAID 2.0
	        	
	        	//set Mandates
	        	Mandates oa_mandates = new Mandates();
	        	oa_auth.setMandates(oa_mandates);
	        	oa_mandates.setProfiles(oa.getMandateProfiles());
	        	
	        	//STORK
	        	//TODO: OA specific STORK config is deactivated in MOA 1.5.2
	        	
	        	//SSO
	        	OASSO oa_sso = new OASSO();
	        	oa_auth.setOASSO(oa_sso);
	        	oa_sso.setUseSSO(true);
	        	oa_sso.setSingleLogOutURL("");
	        	oa_sso.setAuthDataFrame(true);
	        	
	        	//OA_SAML1
	        	OASAML1 oa_saml1 = new OASAML1();
	        	oa_auth.setOASAML1(oa_saml1);
	        	oa_saml1.setConditionLength(BigInteger.valueOf(oa.getConditionLength()));
	        	oa_saml1.setProvideAUTHBlock(oa.getProvideAuthBlock());
	        	oa_saml1.setProvideCertificate(oa.getProvideCertifcate());
	        	oa_saml1.setProvideFullMandatorData(oa.getProvideFullMandatorData());
	        	oa_saml1.setProvideIdentityLink(oa.getProvideIdentityLink());
	        	oa_saml1.setProvideStammzahl(oa.getProvideStammzahl());
	        	oa_saml1.setUseCondition(oa.getUseCondition());
	        	
	        	//OA_PVP2
	        	OAPVP2 oa_pvp2 = new OAPVP2();
	        	oa_auth.setOAPVP2(oa_pvp2);
	        		        	
	        	moa_oas.add(moa_oa);
	        	//ConfigurationDBUtils.save(moa_oa);
	        }
	        
	        //removed from MOAID 2.0 config
	    	//identityLinkX509SubjectNames =  builder.getIdentityLink_X509SubjectNames();
	       
	        
	    	//set chaining modes
	    	ChainingModes moa_chainingModes = new ChainingModes();
	    	moaIDConfig.setChainingModes(moa_chainingModes);
	    	
	    	ChainingModeType type = ChainingModeType.fromValue(builder.getDefaultChainingMode());
	    	moa_chainingModes.setSystemDefaultMode(type);
	    	
	    	Map<IssuerAndSerial, String> chainingModes = builder.buildChainingModes();
	    	List<TrustAnchor> chaining_anchor = new ArrayList<TrustAnchor>();
	    	Set<IssuerAndSerial> chaining_anchor_map = chainingModes.keySet();
	    	for (IssuerAndSerial e1 : chaining_anchor_map) {
	    		TrustAnchor trustanchor = new TrustAnchor();
	    		
	    		ChainingModeType type1 = ChainingModeType.fromValue(chainingModes.get(e1));
	    		trustanchor.setMode(type1);
	    		
	    		trustanchor.setX509IssuerName(e1.getIssuerDN());
	    		trustanchor.setX509SerialNumber(e1.getSerial());
	    		chaining_anchor.add(trustanchor);
	    	}
	    	moa_chainingModes.setTrustAnchor(chaining_anchor);
	    	
	    	
	    	//set trustedCACertificate path
	    	moaIDConfig.setTrustedCACertificates(builder.getTrustedCACertificates());
	    	
	   	    	
	    	//Not required in MOAID 2.0 config (DefaultBKUs & SLRequestTemplates)
	    	//trustedBKUs = builder.getTrustedBKUs();
	    	//trustedTemplateURLs = builder.getTrustedTemplateURLs();
	    	
	    	
	    	//set DefaultBKUs
	    	DefaultBKUs moa_defaultbkus = new DefaultBKUs();
	    	moaIDConfig.setDefaultBKUs(moa_defaultbkus);
	    	moa_defaultbkus.setOnlineBKU(oldbkuonline);
	    	moa_defaultbkus.setHandyBKU(oldbkuhandy);
	    	moa_defaultbkus.setLocalBKU(oldbkulocal);
	    	
	    	
	    	//set SLRequest Templates
	    	SLRequestTemplates moa_slrequesttemp = new SLRequestTemplates();
	    	moaIDConfig.setSLRequestTemplates(moa_slrequesttemp);
	    	moa_slrequesttemp.setOnlineBKU("http://localhost:8080/moa-id-auth/template_onlineBKU.html");
	    	moa_slrequesttemp.setHandyBKU("http://localhost:8080/moa-id-auth/template_handyBKU.html");
	    	moa_slrequesttemp.setLocalBKU("http://127.0.0.1:8080/moa-id-auth/template_localBKU.html");

	    	return moaIDConfig;
	    	
	    } catch (Throwable t) {
	    	throw new ConfigurationException("config.02", null, t);
	    }
	}
	
	private static ConnectionParameterClientAuthType parseConnectionParameterClientAuth(
			ConnectionParameter old) {
    	ConnectionParameterClientAuthType auth_moaSP_connection = new ConnectionParameterClientAuthType();
    	auth_moaSP_connection.setURL(old.getUrl());
    	
    	//TODO: remove from Database config!!!!!
//    	auth_moaSP_connection.setAcceptedServerCertificates(old.getAcceptedServerCertificates());
//    	ClientKeyStore auth_moaSP_connection_keyStore = new ClientKeyStore();
//    	auth_moaSP_connection_keyStore.setValue(old.getClientKeyStore());
//    	auth_moaSP_connection_keyStore.setPassword(old.getClientKeyStorePassword());
//    	auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore);
		return auth_moaSP_connection;
	}
	
	  private static Properties getGeneralPVP2ProperiesConfig(Properties props) {
	      Properties configProp = new Properties();
	      for (Object key : props.keySet()) {
	      	String propPrefix = "protocols.pvp2.";
	      	if (key.toString().startsWith(propPrefix)) {
	      		String propertyName = key.toString().substring(propPrefix.length());
	      		configProp.put(propertyName, props.get(key.toString()));
	      	}
	      }
	      return configProp;
	  }
}