package at.gv.egovernment.moa.id.protocols.oauth20.protocol;

import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;

import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.logging.Logger;

import com.google.gson.JsonObject;

public class OAuth20Protocol implements IModulInfo {
	
	public static final String NAME = OAuth20Protocol.class.getName();
	public static final String PATH = "id_oauth20";
	
	public static final String AUTH_ACTION = "AUTH";
	public static final String TOKEN_ACTION = "TOKEN";
	
	private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
	
	static {
		actions.put(AUTH_ACTION, new OAuth20AuthAction());
		actions.put(TOKEN_ACTION, new OAuth20TokenAction());
	}
	
	public String getName() {
		return NAME;
	}
	
	public String getPath() {
		return PATH;
	}
	
	public IAction getAction(String action) {
		return actions.get(action);
	}
	
	/*
	 * (non-Javadoc)
	 * @see
	 * at.gv.egovernment.moa.id.moduls.IModulInfo#preProcess(javax.servlet.http.HttpServletRequest,
	 * javax.servlet.http.HttpServletResponse, java.lang.String)
	 */
	public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException {
		// validation is done inside creation
		OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request);
		Logger.debug("Created: " + res);
		return res;
	}
	
	/*
	 * (non-Javadoc)
	 * @see
	 * at.gv.egovernment.moa.id.moduls.IModulInfo#canHandleRequest(javax.servlet.http.HttpServletRequest
	 * , javax.servlet.http.HttpServletResponse)
	 */
	public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
		if (request.getParameter("action").equals(AUTH_ACTION)) {
			return getAction(AUTH_ACTION);
		} else if (request.getParameter("action").equals(TOKEN_ACTION)) {
			return getAction(TOKEN_ACTION);
		}
		
		return null;// getAction(AUTH_ACTION);
	}
	
	/*
	 * (non-Javadoc)
	 * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable,
	 * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
	 * at.gv.egovernment.moa.id.moduls.IRequest)
	 */
	public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest)
			throws Throwable {
		
		StringBuilder url = new StringBuilder();
		
		String paramRedirect = request.getParameter(OAuth20Constants.PARAM_REDIRECT_URI);
		
		if (e instanceof OAuth20Exception) {
			
			String action = request.getParameter("action");
			
			Logger.debug("Going to throw O OAuth20Exception for action: " + action);
			OAuth20Exception oAuth20Exception = ((OAuth20Exception) e);
			
			String errorCode = oAuth20Exception.getErrorCode();
			String errorDescription = oAuth20Exception.getMessage();
			// String errorUri = "http://tools.ietf.org/html/draft-ietf-oauth-v2-11";
			
			if (action.equals(AUTH_ACTION)) {
				
				// check if given redirect url is ok
				if (StringUtils.isNotEmpty(paramRedirect) && OAuth20Util.isUrl(paramRedirect)) {
					url.append(paramRedirect);
					
					// otherwise throw an
				} else {
					throw new MOAIDException("oauth20.01", new Object[] {});
				}
				
				String state = request.getParameter(OAuth20Constants.PARAM_STATE);
				
				OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR, errorCode);
				OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_DESCRIPTION,
						URLEncoder.encode(oAuth20Exception.getMessageId() + ": " + errorDescription, "UTF-8"));
				// OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri);
				OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_STATE, state);
				
				response.setContentType("text/html");
				response.setStatus(HttpServletResponse.SC_FOUND);
				response.addHeader("Location", url.toString());
				Logger.debug("REDIRECT TO: " + url.toString());
				return true;
				
			} else if (action.equals(TOKEN_ACTION)) {
				Map<String, Object> params = new HashMap<String, Object>();
				params.put(OAuth20Constants.PARAM_ERROR, errorCode);
				params.put(OAuth20Constants.PARAM_ERROR_DESCRIPTION,
						URLEncoder.encode(oAuth20Exception.getMessageId() + ": " + errorDescription, "UTF-8"));
				// params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri);
				
				// create response
				JsonObject jsonObject = new JsonObject();
				OAuth20Util.addProperytiesToJsonObject(jsonObject, params);
				String jsonResponse = jsonObject.toString();
				Logger.debug("JSON Response: " + jsonResponse);
				
				// write respone to http response
				response.setContentType("application/json");
				response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
				response.getOutputStream().print(jsonResponse);
				response.getOutputStream().close();
				
				return true;
			}
			
		}
		
		return false;
		
	}
	
	/*
	 * (non-Javadoc)
	 * @see
	 * at.gv.egovernment.moa.id.moduls.IModulInfo#validate(javax.servlet.http.HttpServletRequest,
	 * javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
	 */
	public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
		// we validate in the preProcess
		return true;
	}
	
}