/*******************************************************************************
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;

import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;

@Service("PVPAuthenticationRequestAction")
public class AuthenticationAction implements IAction {
	@Autowired IDPCredentialProvider pvpCredentials;
	@Autowired AuthConfiguration authConfig;
	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
	@Autowired(required=true) ApplicationContext springContext;
	
	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
			HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
		
		PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
		
		//get basic information
		MOARequest moaRequest = (MOARequest) pvpRequest.getRequest();
		AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
		EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);		
		
		AssertionConsumerService consumerService = 
				SAML2Utils.createSAMLObject(AssertionConsumerService.class);
		consumerService.setBinding(pvpRequest.getBinding());
		consumerService.setLocation(pvpRequest.getConsumerURL());
				
		DateTime date = new DateTime();
		
		SLOInformationImpl sloInformation = new SLOInformationImpl();

		//change to entity value from entity name to IDP EntityID (URL)
//		String issuerEntityID = pvpRequest.getAuthURL();
//		if (issuerEntityID.endsWith("/"))
//			issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1);

		String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(
				pvpRequest.getAuthURL());
		
		//build Assertion
		Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, 
				peerEntity, date, consumerService, sloInformation);
		
		Response authResponse = AuthResponseBuilder.buildResponse(
				metadataProvider, issuerEntityID, authnRequest, 
				date, assertion, authConfig.isPVP2AssertionEncryptionActive());
							
		IEncoder binding = null;

		if (consumerService.getBinding().equals(
				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
			binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
						
		} else if (consumerService.getBinding().equals(
				SAMLConstants.SAML2_POST_BINDING_URI)) {
			binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
			
		}

		if (binding == null) {
			throw new BindingNotSupportedException(consumerService.getBinding());
		}
		
		try {
			binding.encodeRespone(httpReq, httpResp, authResponse, 
					consumerService.getLocation(), moaRequest.getRelayState(),
					pvpCredentials.getIDPAssertionSigningCredential(), req);

			//set protocol type
			sloInformation.setProtocolType(req.requestedModule());
			sloInformation.setSpEntityID(req.getOnlineApplicationConfiguration().getPublicURLPrefix());
			return sloInformation;
			
		} catch (MessageEncodingException e) {
			Logger.error("Message Encoding exception", e);
			throw new MOAIDException("pvp2.01", null, e);
			
		} catch (SecurityException e) {
			Logger.error("Security exception", e);
			throw new MOAIDException("pvp2.01", null, e);

		}
		
	}

	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
			HttpServletResponse httpResp) {
		return true;
	}

	public String getDefaultActionName() {
		return "PVPAuthenticationRequestAction";
		
	}

}