package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;

import iaik.x509.X509Certificate;

import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;

import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.logging.Logger;

public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder {

	public String getName() {
		return EID_ISSUING_NATION_NAME;
	}

	public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
			IAttributeGenerator<ATT> g) throws AttributeException {
		String countryCode = "AT";

		
		if (authSession.getStorkAuthnRequest() != null) {
			countryCode = authSession.getStorkAuthnRequest()
					.getCitizenCountryCode();
		} else {
			
			//TODO: replace with TSL lookup when TSL is ready!
			X509Certificate certificate = authSession.getSignerCertificate();

			if (certificate != null) {
				try {
					LdapName ln = new LdapName(certificate.getIssuerDN()
							.getName());
					for (Rdn rdn : ln.getRdns()) {
						if (rdn.getType().equalsIgnoreCase("C")) {
							Logger.info("C is: " + rdn.getValue());
							countryCode = rdn.getValue().toString();
							break;
						}
					}
				} catch (Exception e) {
					Logger.error("Failed to extract country code from certificate", e);
				}
			}
		}

		return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
				EID_ISSUING_NATION_NAME, countryCode);
	}

	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
		return g.buildEmptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
				EID_ISSUING_NATION_NAME);
	}

}