/*
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */
package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;

import java.util.Timer;

import javax.net.ssl.SSLHandshakeException;

import org.apache.commons.httpclient.MOAHttpClient;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.xml.parse.BasicParserPool;

import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
import at.gv.egovernment.moa.logging.Logger;

/**
 * @author tlenz
 *
 */
public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
	
	/**
	 * Create a single SAML2 HTTP metadata provider
	 * 
	 * @param metadataURL URL, where the metadata should be loaded
	 * @param filter Filters, which should be used to validate the metadata
	 * @param IdForLogging Id, which is used for Logging
	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
	 * 
	 * @return SAML2 Metadata Provider
	 */
	protected HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer) {
		HTTPMetadataProvider httpProvider = null;
		//Timer timer= null;
		MOAHttpClient httpClient = null;
		try {			
			httpClient = new MOAHttpClient();
			
			if (metadataURL.startsWith("https:")) {
				try {
					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
							PVPConstants.SSLSOCKETFACTORYNAME, 
							AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
							null,
							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
							AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
							AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(),
							AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
									AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
					
					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);

				} catch (MOAHttpProtocolSocketFactoryException e) {
					Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
					
				}
			}
			
//			timer = new Timer(true);
			httpProvider = new HTTPMetadataProvider(timer, httpClient, 
					metadataURL);
			httpProvider.setParserPool(new BasicParserPool());
			httpProvider.setRequireValidMetadata(true);
			httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
			httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
			//httpProvider.setRefreshDelayFactor(0.1F);
			
			httpProvider.setMetadataFilter(filter);
			httpProvider.initialize();
			
			httpProvider.setRequireValidMetadata(true);
			
			return httpProvider;
						
		} catch (Throwable e) {			
			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
				Logger.warn("SSL-Server certificate for metadata " 
						+ metadataURL + " not trusted.", e);
				
			} if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
				Logger.warn("Signature verification for metadata" 
						+ metadataURL + " FAILED.", e);
			
			} if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
				Logger.warn("Schema validation for metadata " 
						+ metadataURL + " FAILED.", e);								
			}
			
			Logger.error(
					"Failed to load Metadata file for "
							+ IdForLogging + "[ "
							+ e.getMessage() + " ]", e);
						
			if (httpProvider != null) {
				Logger.debug("Destroy failed Metadata provider");
				httpProvider.destroy();
			}
			
//			if (timer != null) {
//				Logger.debug("Destroy Timer.");
//				timer.cancel();
//			}

			
		}
		
		return null;	
	}

}