/*******************************************************************************
 *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.validation;

import javax.servlet.http.HttpServletRequest;

import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.springframework.stereotype.Service;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.logging.Logger;


/**
 * @author tlenz
 *
 */
@Service("MOAAuthnRequestValidator")
public class AuthnRequestValidator implements IAuthnRequestValidator {
	
	public void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{

		//validate NameIDPolicy
		NameIDPolicy nameIDPolicy = authnReq.getNameIDPolicy();
		if (nameIDPolicy != null) {
			String nameIDFormat = nameIDPolicy.getFormat();
			if (nameIDFormat != null) {
				if ( !(NameID.TRANSIENT.equals(nameIDFormat) ||
						NameID.PERSISTENT.equals(nameIDFormat) ||
						NameID.UNSPECIFIED.equals(nameIDFormat)) ) {
				 
					throw new NameIDFormatNotSupportedException(nameIDFormat);
					
				}
				
			} else
				Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'");							
		} else
			Logger.trace("AuthnRequest includes no 'NameIDPolicy'");

		//select AttributeConsumingService from request
		AttributeConsumingService attributeConsumer = null;		
		Integer aIdx = authnReq.getAttributeConsumingServiceIndex();
		int attributeIdx = 0;
	
		if(aIdx != null) {
			attributeIdx = aIdx.intValue();
		}
		
		if (spSSODescriptor.getAttributeConsumingServices() != null  && 
				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
			attributeConsumer  = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
		} 
		
		String useMandate = httpReq.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE);
		if(useMandate != null) {
			if(useMandate.equals("true") && attributeConsumer != null) {
				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
					MandateAttributesNotHandleAbleException e = new MandateAttributesNotHandleAbleException();	
					throw new AuthnRequestValidatorException(e.getErrorId(), e.getParams(), pendingReq, e);
				}
			}
		}
		
		
	}

}