/*
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */
package at.gv.egovernment.moa.id.protocols.pvp2x.utils;

import java.util.List;

import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.opensaml.ws.soap.client.BasicSOAPMessageContext;
import org.opensaml.ws.soap.client.http.HttpClientBuilder;
import org.opensaml.ws.soap.client.http.HttpSOAPClient;
import org.opensaml.ws.soap.common.SOAPException;
import org.opensaml.ws.soap.soap11.Body;
import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;

import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.logging.Logger;

/**
 * @author tlenz
 *
 */
public class MOASAMLSOAPClient {

	public static List<XMLObject> send(String destination, XMLObject payLoad) throws ConfigurationException, SOAPException, SecurityException {		
		//build SOAP request				
	    BasicParserPool parserPool = new BasicParserPool();
	    parserPool.setNamespaceAware(true);
					    
	    Envelope soapRequest = SAML2Utils.buildSOAP11Envelope(payLoad);
	    
		BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext();
		soapContext.setOutboundMessage(soapRequest);

		//set security policy context
//		BasicSecurityPolicy policy = new BasicSecurityPolicy();
//		policy.getPolicyRules().add(
//				new MOAPVPSignedRequestPolicyRule(
//						TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
//						SPSSODescriptor.DEFAULT_ELEMENT_NAME));		
//		SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy);
//		soapContext.setSecurityPolicyResolver(secResolver);
		 
		HttpClientBuilder clientBuilder = new HttpClientBuilder();
		if (destination.startsWith("https")) {
			try {
				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
				SecureProtocolSocketFactory sslprotocolsocketfactory = 
						new MOAHttpProtocolSocketFactory(
								PVPConstants.SSLSOCKETFACTORYNAME,
								AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
										AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
								AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
								null,
								AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), 
								AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
								AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(),
								AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
										AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
				clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory );
				
			} catch (MOAHttpProtocolSocketFactoryException e) {
				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
				
			}				
		}
		
		HttpSOAPClient soapClient = new HttpSOAPClient(clientBuilder.buildClient(), parserPool);
		
		//send request to IDP				
		soapClient.send(destination, soapContext);
		
		//parse response
		Envelope soapResponse = (Envelope) soapContext.getInboundMessage();				
		Body soapBody = soapResponse.getBody();

		return soapBody.getUnknownXMLObjects();
		
	}
}