package at.gv.egovernment.moa.id.protocols.pvp2x;

import iaik.pkcs.pkcs11.objects.Object;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringEscapeUtils;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.StatusMessage;
import org.opensaml.saml2.core.StatusResponseType;

import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
import at.gv.egovernment.moa.id.moduls.ServletInfo;
import at.gv.egovernment.moa.id.moduls.ServletType;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.validation.ChainSAMLValidator;
import at.gv.egovernment.moa.id.protocols.pvp2x.validation.SAMLSignatureValidator;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.ChainSAMLVerifier;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerifierMOASP;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;

public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {

	public static final String NAME = PVP2XProtocol.class.getName();
	public static final String PATH = "id_pvp2x";

	public static final String REDIRECT = "Redirect";
	public static final String POST = "Post";
	public static final String SOAP = "Soap";
	public static final String METADATA = "Metadata";

	private static List<ServletInfo> servletList = new ArrayList<ServletInfo>();

	private static List<IDecoder> decoder = new ArrayList<IDecoder>();

	private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
	
	private ChainSAMLVerifier samlVerifier = new ChainSAMLVerifier();
	
	private ChainSAMLValidator samlValidator = new ChainSAMLValidator();
	
	static {
		servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT,
				ServletType.AUTH));
		servletList.add(new ServletInfo(PVPProcessor.class, POST,
				ServletType.AUTH));

		decoder.add(new PostBinding());
		decoder.add(new RedirectBinding());
		
		actions.put(REDIRECT, new AuthenticationAction());
		actions.put(POST, new AuthenticationAction());
		actions.put(METADATA, new MetadataAction());
		
		instance = new PVP2XProtocol();
	}

	private static PVP2XProtocol instance = null;

	public static PVP2XProtocol getInstance() {
		if (instance == null) {
			instance = new PVP2XProtocol();
		}
		return instance;
	}

	public List<ServletInfo> getServlets() {
		return servletList;
	}

	public String getName() {
		return NAME;
	}

	public String getPath() {
		return PATH;
	}

	private IDecoder findDecoder(String action) {
		Iterator<IDecoder> decoderIT = decoder.iterator();
		while (decoderIT.hasNext()) {
			IDecoder decoder = decoderIT.next();
			if (decoder.handleDecode(action)) {
				return decoder;
			}
		}

		return null;
	}

	public PVP2XProtocol() {
		super();
		
		samlVerifier.addVerifier(new SAMLVerifierMOASP());
		
		samlValidator.addValidator(new SAMLSignatureValidator());
	}

	public IRequest preProcess(HttpServletRequest request,
			HttpServletResponse response, String action) throws MOAIDException {

		if(METADATA.equals(action)) {
			return new PVPTargetConfiguration();
		}
		
		IDecoder decoder = findDecoder(action);
		if (decoder == null) {
			return null;
		}
		try {
			PVPTargetConfiguration config = new PVPTargetConfiguration();

			MOARequest moaRequest = decoder.decodeRequest(request, response);
			
			RequestAbstractType samlReq =  moaRequest.getSamlRequest();

			//String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq));
			
			//Logger.info("SAML : " + xml);
			
			// TODO: verify samlReq
			//samlValidator.validateRequest(samlReq);
			
			// TODO: validate samlReq for 
			//samlVerifier.verifyRequest(samlReq);
			
			// TODO: OAURL is AssertionConsumerService URL from entitydescriptor ...
			
			if(!(samlReq instanceof AuthnRequest)) {
				throw new MOAIDException("Unsupported request", new Object[] {});
			}
			
			AuthnRequest authnRequest = (AuthnRequest)samlReq;
			
			Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
			int idx = 0;
			
			if(aIdx != null) {
				idx = aIdx.intValue();
			}
			
			String oaURL = moaRequest.getEntityMetadata().
					getSPSSODescriptor(SAMLConstants.SAML20P_NS).
					getAssertionConsumerServices().get(idx).getLocation();
			
			//String oaURL = (String) request.getParameter(PARAM_OA);
			oaURL = StringEscapeUtils.escapeHtml(oaURL);
			if (!ParamValidatorUtils.isValidOA(oaURL))
				throw new WrongParametersException("StartAuthentication",
						PARAM_OA, "auth.12");
			config.setOAURL(oaURL);
			config.setRequest(moaRequest);
			request.getSession().setAttribute(PARAM_OA, oaURL);

			return config;
		} catch (Exception e) {
			e.printStackTrace();
			throw new MOAIDException(e.getMessage(), new Object[] {});
		}
	}

	public boolean generateErrorMessage(Throwable e,
			HttpServletRequest request, HttpServletResponse response,
			IRequest protocolRequest) throws Throwable {
		
		if(protocolRequest == null) {
			throw e;
		}
		
		StatusResponseType samlResponse = 
				SAML2Utils.createSAMLObject(StatusResponseType.class);
		Status status = SAML2Utils.createSAMLObject(Status.class);
		StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
		StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
		if(e instanceof NoPassivAuthenticationException) {
			statusCode.setValue(StatusCode.NO_PASSIVE_URI);
			statusMessage.setMessage(e.getLocalizedMessage());	
		} else {
			statusCode.setValue(StatusCode.RESPONDER_URI);
			statusMessage.setMessage(e.getLocalizedMessage());
		}
		
		status.setStatusCode(statusCode);
		status.setStatusMessage(statusMessage);
		samlResponse.setStatus(status);
		IEncoder encoder = new RedirectBinding();

		encoder.encodeRespone(request, response, samlResponse, protocolRequest.getOAURL());
		return true;
	}

	public IAction getAction(String action) {
		return actions.get(action);
	}

	public IAction canHandleRequest(HttpServletRequest request,
			HttpServletResponse response) {
		if(request.getParameter("SAMLRequest") != null) {
			return getAction(REDIRECT);
		}
		
		if(METADATA.equals(request.getParameter("action"))) {
			return getAction(METADATA);
		}
		return null;
	}

}