package at.gv.egovernment.moa.id.moduls;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;

public class AuthenticationManager implements MOAIDAuthConstants {

	public static final String MOA_SESSION = "MoaAuthenticationSession";
	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";

	public static AuthenticationSession getAuthenticationSession(
			HttpSession session) {
		String sessionID = HTTPSessionUtils.getHTTPSessionString(session,
				MOA_SESSION, null);
		if (sessionID != null) {
			return AuthenticationSessionStore.getSession(sessionID);
		}
		return null;
	}

	/**
	 * Checks if the session is authenticated
	 * 
	 * @param request
	 * @param response
	 * @return
	 */
	public static boolean isAuthenticated(HttpServletRequest request,
			HttpServletResponse response) {
		Logger.info("Checking authentication");

		HttpSession session = request.getSession();
		
		String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
		
		if(moaSessionID == null) {
			Logger.info("NO MOA Session to logout");
			return false;
		}
		
		AuthenticationSession authSession = AuthenticationSessionStore
				.getSession(moaSessionID);
		
		if(authSession == null) {
			Logger.info("NO MOA Authentication data for ID " + moaSessionID);
			return false;
		}
		
		return authSession.isAuthenticated();
	}

	/**
	 * Checks if this request can authenticate a MOA Session
	 * 
	 * @param request
	 * @param response
	 * @return
	 */
	public static boolean tryPerformAuthentication(HttpServletRequest request,
			HttpServletResponse response) {
		
		HttpSession session = request.getSession();
		
		String sessionID = (String) request.getParameter(PARAM_SESSIONID);
		if (sessionID != null) {
			Logger.info("got MOASession: " + sessionID);
			AuthenticationSession authSession = AuthenticationSessionStore
					.getSession(sessionID);
			if (authSession != null) {
				Logger.info("MOASession found! A: "
						+ authSession.isAuthenticated() + ", AU "
						+ authSession.isAuthenticatedUsed());
				if (authSession.isAuthenticated()
						&& !authSession.isAuthenticatedUsed()) {
					authSession.setAuthenticatedUsed(true);
					HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION,
							sessionID);
					return true; // got authenticated
				}
			}
		}
		return false;
	}
	
	public static void logout(HttpServletRequest request,
			HttpServletResponse response) {
		Logger.info("Logout");

		HttpSession session = request.getSession();
		
		String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
		
		if(moaSessionID == null) {
			moaSessionID = (String) request.getParameter(PARAM_SESSIONID);
		}
		
		if(moaSessionID == null) {
			Logger.info("NO MOA Session to logout");
			return;
		}
		
		AuthenticationSession authSession = AuthenticationSessionStore
				.getSession(moaSessionID);
		
		if(authSession == null) {
			Logger.info("NO MOA Authentication data for ID " + moaSessionID);
			return;
		}
		
		authSession.setAuthenticated(false);
		HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
		AuthenticationSessionStore.destroySession(moaSessionID);
		session.invalidate();
	}

	public static void doAuthentication(HttpServletRequest request,
			HttpServletResponse response, IRequest target)
			throws ServletException, IOException, MOAIDException {
		HttpSession session = request.getSession();
		Logger.info("Starting authentication ...");

		if (!ParamValidatorUtils.isValidOA(target.getOAURL()))
			throw new WrongParametersException("StartAuthentication", PARAM_OA,
					"auth.12");

		if (target.getOAURL() == null) {
			throw new WrongParametersException("StartAuthentication", PARAM_OA,
					"auth.12");
		}

		// TODO: Build authentication form

		/*
		 * String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(),
		 * modul, protocol);
		 * 
		 * response.setContentType("text/html;charset=UTF-8"); PrintWriter out =
		 * new PrintWriter(response.getOutputStream()); out.print(loginForm);
		 * out.flush(); return;
		 */

		session.getServletContext().getNamedDispatcher("StartAuthentication")
				.forward(request, response);
	}
}