package at.gv.egovernment.moa.id.moduls;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.List;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.hibernate.Query;
import org.hibernate.Session;

import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;

public class SSOManager {
	
	private static final String SSOCOOKIE = "MOA_ID_SSO";
	
	private static final int DEFAULTSSOTIMEOUT = 15*60; //sec
	
	private static SSOManager instance = null;
	private static int sso_timeout;
	
	
	public static SSOManager getInstance() {
		if (instance == null) {
			instance = new SSOManager();
			
			try {
				sso_timeout = (int) AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionUpdated().longValue();

			} catch (ConfigurationException e) {
				Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT);
				sso_timeout = DEFAULTSSOTIMEOUT;
			}
		
		}
		
		return instance;
	}
	
	public boolean isValidSSOSession(String ssoSessionID, HttpServletRequest httpReq) {
				
		//search SSO Session
		if (ssoSessionID == null) {
			Logger.info("No SSO Session cookie found.");
			return false;		
		}
		
//		String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(),
//				AuthenticationManager.MOA_SESSION, null);
		
		return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);	
		
	}
	
	public String getMOASession(String ssoSessionID) {
		return AuthenticationSessionStoreage.getMOASessionID(ssoSessionID);
	}
	
	public String existsOldSSOSession(String ssoId) {
		
		  Logger.trace("Check that the SSOID has already been used");
		  Session session = MOASessionDBUtils.getCurrentSession();
		  
		  List<OldSSOSessionIDStore> result;
		  
		  synchronized (session) {
			  session.beginTransaction();
			  Query query = session.getNamedQuery("getSSOSessionWithOldSessionID");
			  query.setString("sessionid", ssoId);
			  result = query.list();
			  
			  //send transaction
			  
		  }
		  
		  Logger.trace("Found entries: " + result.size());
		  
		  //Assertion requires an unique artifact
		  if (result.size() == 0) {
			  session.getTransaction().commit();
			  return null;  
		  }
		  
		  OldSSOSessionIDStore oldSSOSession = result.get(0);
		  
		  AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession();

		  if (correspondingMoaSession == null) {
				Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found.");
				return null;
		  }
		  
		  
		  String moasessionid = correspondingMoaSession.getSessionid();
		  
		  session.getTransaction().commit();
			
		  return moasessionid;

	}
	
	public String createSSOSessionInformations(String moaSessionID, String OAUrl) {
		
		String newSSOId = Random.nextRandom();
			
		System.out.println("generate new SSO Tokken (" + newSSOId + ")");
		
		if (MiscUtil.isEmpty(moaSessionID) || MiscUtil.isEmpty(OAUrl)) {
			Logger.warn("MoaSessionID or OAUrl are empty -> SSO is not enabled!");
			return null;
		}
		
		return newSSOId;
		
	}
	
	
	public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
		Cookie[] cookies = httpReq.getCookies();
		
		if (cookies != null) {
			deleteSSOSessionID(httpReq, httpResp);	
		}
		
		Cookie cookie = new Cookie(SSOCOOKIE, ssoId);
		cookie.setMaxAge(sso_timeout);
		cookie.setSecure(true);
		cookie.setPath(httpReq.getContextPath());		
		httpResp.addCookie(cookie);		
	}
		
	
	
	public String getSSOSessionID(HttpServletRequest httpReq) {
	Cookie[] cookies = httpReq.getCookies();
		
		if (cookies != null) {
			for (Cookie cookie : cookies) {
				
				//funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird (firefox) 
				//if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) {
								
				if (cookie.getName().equals(SSOCOOKIE)) {
					return cookie.getValue();
				}
			}
		}
		return null;
	}
	
	public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
		Cookie[] cookies = httpReq.getCookies();		
				
		if (cookies != null) {
			for (Cookie cookie : cookies) {
				if (!cookie.getName().equals(SSOCOOKIE))	
					httpResp.addCookie(cookie);
			}
		}
	}
}