/*******************************************************************************
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.utils;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.core.Subject;

import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.peps.auth.commons.PersonalAttributeList;

import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;

public class AssertionAttributeExtractor {
	
	private Assertion assertion = null;
	private Map<String, String> attributs = new HashMap<String, String>();
	private PersonalAttributeList storkAttributes = new PersonalAttributeList();
		
	private final List<String> minimalAttributeNameList = Arrays.asList(
			PVPConstants.PRINCIPAL_NAME_NAME, 
			PVPConstants.GIVEN_NAME_NAME,
			PVPConstants.BIRTHDATE_NAME);
	
	
	public AssertionAttributeExtractor(StatusResponseType samlResponse) throws AssertionAttributeExtractorExeption {
		if (samlResponse != null && samlResponse instanceof Response) {
			List<Assertion> assertions = ((Response) samlResponse).getAssertions();			
			if (assertions.size() == 0) 
				throw new AssertionAttributeExtractorExeption("Assertion");
				
			else if (assertions.size() > 1)
				Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used.");
			
			assertion = assertions.get(0);

			if (assertion.getAttributeStatements() != null &&
					assertion.getAttributeStatements().size() > 0) {
				AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
				for (Attribute attr : attrStat.getAttributes()) {
					if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {							
						List<String> storkAttrValues = new ArrayList<String>();
						storkAttrValues.add(attr.getAttributeValues().get(0).getDOM().getTextContent());
						PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), 
								false, storkAttrValues , "Available");
						storkAttributes.put(attr.getName(), storkAttr );
						
					} else 					
						attributs.put(attr.getName(), attr.getAttributeValues().get(0).getDOM().getTextContent());
			}
				
			}
						
		} else 
			throw new AssertionAttributeExtractorExeption();		
	}

	/**
	 * check attributes from assertion with minimal required attribute list
	 * @return
	 */
	public boolean containsAllRequiredAttributes() {
		return containsAllRequiredAttributes(minimalAttributeNameList);
		
	}
	
	/**
	 * check attributes from assertion with attributeNameList
	 * bPK or enc_bPK is always needed
	 * 
	 * @param List of attributes which are required
	 * 
	 * @return
	 */
	public boolean containsAllRequiredAttributes(List<String> attributeNameList) {		
		
		//first check if a bPK or an encrypted bPK is available
		if (attributs.containsKey(PVPConstants.ENC_BPK_LIST_NAME) || 
				(attributs.containsKey(PVPConstants.BPK_NAME) && attributs.containsKey(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME))) {
			boolean flag = true;
			for (String attr : attributeNameList) {
				if (!attributs.containsKey(attr))
					flag = false;
			}
			
			return flag;
			
		}			
		return false;
		
	}
	
	public boolean containsAttribute(String attributeName) {
		return attributs.containsKey(attributeName);
		
	}
	
	public String getAttribute(String attributeName) {
		return attributs.get(attributeName);
		
	}
	
	public PersonalAttributeList getSTORKAttributes() {
		return storkAttributes;
	}
	
	
	public String getNameID() throws AssertionAttributeExtractorExeption {		
		if (assertion.getSubject() != null) {
			Subject subject = assertion.getSubject();
			
			if (subject.getNameID() != null) {
				if (MiscUtil.isNotEmpty(subject.getNameID().getValue()))					
					return subject.getNameID().getValue();			
				
				else
					Logger.error("SAML2 NameID Element is empty.");
			}
		}
			
		throw new AssertionAttributeExtractorExeption("nameID");
	}
	
	public String getSessionIndex() throws AssertionAttributeExtractorExeption {		
		AuthnStatement authn = getAuthnStatement();
		
		if (MiscUtil.isNotEmpty(authn.getSessionIndex()))
			return authn.getSessionIndex();
		
		else
			throw new AssertionAttributeExtractorExeption("SessionIndex");		
	}

	/**
	 * @return
	 * @throws AssertionAttributeExtractorExeption 
	 */
	public String getQAALevel() throws AssertionAttributeExtractorExeption {
		AuthnStatement authn = getAuthnStatement();
		if (authn.getAuthnContext() != null && authn.getAuthnContext().getAuthnContextClassRef() != null) {
			AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef();
			
			if (MiscUtil.isNotEmpty(qaaClass.getAuthnContextClassRef()))
				return qaaClass.getAuthnContextClassRef();
			
			else
				throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)");			
		}
		
		throw new AssertionAttributeExtractorExeption("AuthnContextClassRef");		
	}
	
	public Assertion getFullAssertion() {
		return assertion;
	}
	
	private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
		List<AuthnStatement> authnList = assertion.getAuthnStatements();
		if (authnList.size() == 0)
			throw new AssertionAttributeExtractorExeption("AuthnStatement");
		
		else if (authnList.size() > 1)
			Logger.warn("Found more then ONE AuthnStatements in PVP2.1 assertions. Only the First is used.");
		
		return authnList.get(0);
	}

}