package at.gv.egovernment.moa.id.protocols.pvp2x.verification;

import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.security.SAMLSignatureProfileValidator;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.validation.ValidationException;

import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.logging.Logger;

public class EntityVerifier {
	public static void verify(EntityDescriptor entityDescriptor) throws MOAIDException {
		if (entityDescriptor.getSignature() == null) {
			throw new SAMLRequestNotSignedException();
		}

		try {
			SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
			sigValidator.validate(entityDescriptor.getSignature());
		} catch (ValidationException e) {
			Logger.error("Failed to validate Signature", e);
			throw new SAMLRequestNotSignedException(e);
		}
		
		Credential credential = CredentialProvider.getSPTrustedCredential(entityDescriptor.getEntityID());
		if(credential == null) {
			throw new NoCredentialsException(entityDescriptor.getEntityID());
		}
		
		SignatureValidator sigValidator = new SignatureValidator(credential);
		try {
		    sigValidator.validate(entityDescriptor.getSignature());
		} catch (ValidationException e) {
			Logger.error("Failed to verfiy Signature", e);
			throw new SAMLRequestNotSignedException(e);
		}
	}
	
	public static void verify(EntitiesDescriptor entityDescriptor) throws MOAIDException {
		if (entityDescriptor.getSignature() == null) {
			throw new SAMLRequestNotSignedException();
		}

		try {
			SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
			sigValidator.validate(entityDescriptor.getSignature());
		} catch (ValidationException e) {
			Logger.error("Failed to validate Signature", e);
			throw new SAMLRequestNotSignedException(e);
		}
		
		Credential credential = CredentialProvider.getSPTrustedCredential(entityDescriptor.getName());
		if(credential == null) {
			throw new NoCredentialsException("moaID IDP");
		}
		
		SignatureValidator sigValidator = new SignatureValidator(credential);
		try {
		    sigValidator.validate(entityDescriptor.getSignature());
		} catch (ValidationException e) {
			Logger.error("Failed to verfiy Signature", e);
			throw new SAMLRequestNotSignedException(e);
		}
	}
	
	
}