package at.gv.egovernment.moa.id.protocols.oauth20.protocol;

import javax.servlet.http.HttpServletRequest;

import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;

class OAuth20AuthRequest extends OAuth20BaseRequest {
	
	private static final long serialVersionUID = 1L;
	
	private String responseType;
	private String state;
	private String redirectUri;
	private String scope;
	private String clientID;
	
	/**
	 * @return the responseType
	 */
	public String getResponseType() {
		return responseType;
	}
	
	/**
	 * @param responseType
	 *            the responseType to set
	 */
	public void setResponseType(String responseType) {
		this.responseType = responseType;
	}
	
	/**
	 * @return the state
	 */
	public String getState() {
		return state;
	}
	
	/**
	 * @param state
	 *            the state to set
	 */
	public void setState(String state) {
		this.state = state;
	}
	
	/**
	 * @return the redirectUri
	 */
	public String getRedirectUri() {
		return redirectUri;
	}
	
	/**
	 * @param redirectUri
	 *            the redirectUri to set
	 */
	public void setRedirectUri(String redirectUri) {
		this.redirectUri = redirectUri;
	}
	
	/**
	 * @return the scope
	 */
	public String getScope() {
		return scope;
	}
	
	/**
	 * @param scope
	 *            the scope to set
	 */
	public void setScope(String scope) {
		this.scope = scope;
	}
	
	/**
	 * @return the clientID
	 */
	public String getClientID() {
		return clientID;
	}
	
	/**
	 * @param clientID
	 *            the clientID to set
	 */
	public void setClientID(String clientID) {
		this.clientID = clientID;
	}
	
	@Override
	protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception {
		this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true));
		this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true));
		this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true));
		this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
		this.setScope(this.getParam(request, OAuth20Constants.PARAM_SCOPE, false));
		
		// check for response type
		if (!this.responseType.equals(OAuth20Constants.RESPONSE_CODE)) {
			throw new OAuth20ResponseTypeException();
		}
		
		// check state for invalid characters (like < > & ; ... javascript ... to prevent xss)
		if (!OAuth20Util.isValidStateValue(this.getState())) {
			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_STATE);
		}
		
		// check if client id and redirect uri are ok
		try {
			// OAOAUTH20 cannot be null at this point. check was done in base request
			OAOAUTH20 oAuthConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL())
					.getoAuth20Config();
			
			if (!this.getClientID().equals(oAuthConfig.getOAuthClientId())
					|| !this.getRedirectUri().equals(oAuthConfig.getOAuthRedirectUri())) {
				throw new OAuth20AccessDeniedException();
			}
		}
		catch (ConfigurationException e) {
			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
		}
		
	}
}