package at.gv.egovernment.moa.id.protocols.oauth20.protocol;

import java.security.SignatureException;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
import at.gv.egovernment.moa.id.protocols.oauth20.Pair;
import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OpenIdExpirationTimeAttribute;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException;
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil;
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken;
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;

import com.google.gson.JsonObject;

class OAuth20TokenAction implements IAction {
	
	public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
			AuthenticationSession moasession) throws MOAIDException {
		
		AuthenticationSession session = null;
		try {
			OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req;
			
			session = AuthenticationSessionStoreage.getSession(oAuthRequest.getCode());
			if (session == null) {
				throw new OAuth20UnauthorizedClientException();
			}
			
			OAuth20SessionObject auth20SessionObject = session.getoAuth20SessionObject();
			Logger.debug("Loaded OAuth20SessionObject from session: " + session.getSessionID());
			
			// do checking for different grant types and code
			if (auth20SessionObject == null || !auth20SessionObject.getCode().equals(oAuthRequest.getCode())) {
				throw new OAuth20UnauthorizedClientException();
			} else {
				Logger.debug("Loaded of OAuth20SessionObject was successful");
			}
			
			final String accessToken = UUID.randomUUID().toString();
			
			// create response
			Map<String, Object> params = new HashMap<String, Object>();
			params.put(OAuth20Constants.RESPONSE_ACCESS_TOKEN, accessToken);
			params.put(OAuth20Constants.RESPONSE_TOKEN_TYPE, OAuth20Constants.RESPONSE_TOKEN_TYPE_VALUE_BEARER);
			params.put(OAuth20Constants.RESPONSE_EXPIRES_IN, OpenIdExpirationTimeAttribute.expirationTime);
			
			// build id token and scope
			Pair<String, String> pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest,
					auth20SessionObject.getAuthDataSession());
			Logger.debug("RESPONSE ID_TOKEN: " + pair.getFirst());
			params.put(OAuth20Constants.RESPONSE_ID_TOKEN, pair.getFirst());
			Logger.debug("RESPONSE SCOPE: " + pair.getSecond());
			params.put(OAuth20Constants.PARAM_SCOPE, pair.getSecond());
			
			// create response
			JsonObject jsonObject = new JsonObject();
			OAuth20Util.addProperytiesToJsonObject(jsonObject, params);
			String jsonResponse = jsonObject.toString();
			Logger.debug("JSON Response: " + jsonResponse);
			
			// write respone to http response
			httpResp.setContentType("application/json");
			httpResp.setStatus(HttpServletResponse.SC_OK);
			httpResp.getOutputStream().print(jsonResponse);
			httpResp.getOutputStream().close();
			
			return null;
		}
		catch (Exception e) {
			Logger.error(e.getMessage(), e);
			throw new OAuth20ServerErrorException();
		}
		
		finally {
			if (session != null) {
				// destroy session for clean up
				try {
					Logger.debug("Going to destroy session: " + session.getSessionID());
					AuthenticationSessionStoreage.destroySession(session.getSessionID());
				}
				catch (MOADatabaseException e) {
				}
			}
		}
	}
	
	/*
	 * (non-Javadoc)
	 * @see
	 * at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls
	 * .IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
	 */
	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
		return false;
	}
	
	/*
	 * (non-Javadoc)
	 * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
	 */
	public String getDefaultActionName() {
		return OAuth20Protocol.TOKEN_ACTION;
	}
	
	private Pair<String, String> buildIdToken(String scope, OAuth20TokenRequest oAuthRequest, AuthenticationSession session)
			throws MOAIDException, SignatureException {
		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL());
		AuthenticationData authData = AuthenticationServer.buildAuthenticationData(session, oaParam, oAuthRequest.getTarget());
		
		OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer());
		OAuthJsonToken token = new OAuthJsonToken(signer);
		
		StringBuilder resultScopes = new StringBuilder();
		// always fill with open id
		OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), session, oaParam, authData);
		resultScopes.append("openId");
		
		for (String s : scope.split(" ")) {
			if (s.equalsIgnoreCase("profile")) {
				OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), session, oaParam, authData);
				resultScopes.append(" profile");
			} else if (s.equalsIgnoreCase("eID")) {
				OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), session, oaParam, authData);
				resultScopes.append(" eID");
			} else if (s.equalsIgnoreCase("eID_gov") && oaParam.getBusinessService()) {
				OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), session, oaParam, authData);
				resultScopes.append(" eID_gov");
			} else if (s.equalsIgnoreCase("mandate") && session.getUseMandate() && oaParam.getBusinessService()) {
				OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), session, oaParam, authData);
				resultScopes.append(" mandate");
			}
			// TODO parser STORK
		}
		
		// add properties and sign
		// HmacSHA256Signer signer = new HmacSHA256Signer("testSigner", "key_id",
		// "super_secure_pwd".getBytes());
		// Signer signer = OAuth20Util.loadSigner(authData.getIssuer(), oaParam.getoAuth20Config());
		
		return Pair.newInstance(token.serializeAndSign(), resultScopes.toString());
	}
	
}