package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;

import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;

public class AuthnRequestHandler implements IRequestHandler, PVPConstants {

	public boolean handleObject(MOARequest obj) {
		return (obj.getSamlRequest() instanceof AuthnRequest);
	}

	public String process(MOARequest obj, HttpServletRequest req,
			HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException {
		if (!handleObject(obj)) {
			throw new MOAIDException("pvp2.13", null);
		}

		AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest();
		EntityDescriptor peerEntity = obj.getEntityMetadata();
		
//		if (!AuthenticationSessionStoreage.isAuthenticated(authSession.getSessionID())) {
//			throw new AuthenticationException("auth.21", new Object[] {});
//		}
		
//		AuthenticationManager authmanager = AuthenticationManager.getInstance();
//		AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession());
		
		// authSession.getM

		Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity);

		Response authResponse = SAML2Utils.createSAMLObject(Response.class);


		Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
		nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
		nissuer.setFormat(NameID.ENTITY);
		authResponse.setIssuer(nissuer);
		authResponse.setInResponseTo(authnRequest.getID());
		authResponse.getAssertions().add(assertion);
		authResponse.setStatus(SAML2Utils.getSuccessStatus());

		Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
		int idx = 0;

		if (aIdx != null) {
			idx = aIdx.intValue();
		}
		
		SPSSODescriptor spSSODescriptor = peerEntity
				.getSPSSODescriptor(SAMLConstants.SAML20P_NS);

		AssertionConsumerService consumerService = spSSODescriptor
				.getAssertionConsumerServices().get(idx);

		if (consumerService == null) {
			throw new InvalidAssertionConsumerServiceException(idx);
		}
		String oaURL = consumerService.getLocation();

		IEncoder binding = null;

		if (consumerService.getBinding().equals(
				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
			binding = new RedirectBinding();
			
		} else if (consumerService.getBinding().equals(
				SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
			// TODO: not supported YET!!
			binding = new ArtifactBinding();
			
		} else if (consumerService.getBinding().equals(
				SAMLConstants.SAML2_POST_BINDING_URI)) {
			binding = new PostBinding();
			
		}

		if (binding == null) {
			throw new BindingNotSupportedException(consumerService.getBinding());
		}

		try {
			binding.encodeRespone(req, resp, authResponse, oaURL);
			// TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
			
			return assertion.getID();
			
		} catch (MessageEncodingException e) {
			Logger.error("Message Encoding exception", e);
			throw new MOAIDException("pvp2.01", null, e);
		} catch (SecurityException e) {
			Logger.error("Security exception", e);
			throw new MOAIDException("pvp2.01", null, e);
		}
	}
}