package at.gv.egovernment.moa.id.protocols.stork2;

import java.io.StringWriter;
import java.util.ArrayList;
import java.util.List;

import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PEPSUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.peps.auth.commons.PersonalAttributeList;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins.
 * The class is called whenever the {@link AuthenticationRequest} Action is invoked and checks for missing attributes.
 * Furthermore, the class can handle direct posts. That is when the class triggers an attribute query which needs user
 * interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes.
 * 
 * TODO how do we treat mandatory and optional attributes?
 */
public class AttributeCollector implements IAction {

    /**
     * The Constant ARTIFACT_ID.
     */
    private static final String ARTIFACT_ID = "artifactId";

    /* (non-Javadoc)
     * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
     */
    public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {

		// - fetch the container
		String artifactId = (String) httpReq.getParameter(ARTIFACT_ID);
		DataContainer container;
		try {
			container = AssertionStorage.getInstance().get(artifactId, DataContainer.class);
		} catch (MOADatabaseException e) {
			Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e);
			throw new MOAIDException("stork.11", null);
		}

        // read configuration parameters of OA
        OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL());
        if (oaParam == null)
            throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});

        // find the attribute provider plugin that can handle the response
        IPersonalAttributeList newAttributes = null;
        for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs()))
            try {
                newAttributes = current.parse(httpReq);
                
                // stop as soon as we hit a capable plugin
                break;
            } catch (UnsupportedAttributeException e1) {
                // the current provider cannot find anything familiar within the
                // provided httpreq. Try the next one.
            }

        if (null == newAttributes) {
            // we do not have a provider which is capable of fetching something
            // from the received httpreq.
            Logger.error("No attribute could be retrieved from the response the attribute provider gave us.");
        }

        // - insert the embedded attribute(s) into the container
        addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes);

        // see if we need some more attributes
        return processRequest(container, httpReq, httpResp, moasession, oaParam);
    }

    /**
     * Checks if there are missing attributes and tries to fetch them. If there are no more attribute to fetch,
     * this very method creates and sends the protocol result to the asking S-PEPS.
     *
     * @param container the {@link DataContainer} representing the status of the overall query.
     * @return the string
     * @throws MOAIDException
     */
    public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException {
        // check if there are attributes we need to fetch

        IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
        IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList();
        List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>();
        for (PersonalAttribute current : requestAttributeList)
            if (!responseAttributeList.containsKey(current.getName()))
                missingAttributes.add(current);

        Logger.info("collecting attributes...");
		Logger.debug("found " + missingAttributes.size() + " missing attributes");

        // Try to get all missing attributes
        try {
            // for each attribute still missing
            for (PersonalAttribute currentAttribute : missingAttributes) {
            	
				/*
				 * prefill attributes with "notAvailable". If we get them later, we override the value and status.
				 * This way, there is no error case in which an attribute is left unanswered.
				 */
				IPersonalAttributeList aquiredAttributes = new PersonalAttributeList();
				currentAttribute.setStatus("notAvailable");
				aquiredAttributes.add((PersonalAttribute) currentAttribute.clone());
				addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes);

            	// - check if we can find a suitable AttributeProvider Plugin
                for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) {
                    try {
                        // - hand over control to the suitable plugin
                    	Logger.info(currentProvider.getClass().getSimpleName() + " called to handle attribute '" + currentAttribute.getName() + "'");
                        aquiredAttributes = currentProvider.acquire(currentAttribute, container.getRequest().getSpCountry(), moasession);
                    	Logger.info(currentProvider.getClass().getSimpleName() + " can handle attribute '" + currentAttribute.getName() + "'");
                        break;
                    } catch (UnsupportedAttributeException e) {
                        // ok, try the next attributeprovider
                    	Logger.info(currentProvider.getClass().getSimpleName() + " could not handle attribute '" + currentAttribute.getName() + "'");
                    } catch (MOAIDException e) {
                        // the current plugin had an error. Try the next one.
                    	Logger.info(currentProvider.getClass().getSimpleName() + " could not handle attribute '" + currentAttribute.getName() + "' due to an error");
                    }
                }
                
				// check if we could fetch the attribute
				if (null == aquiredAttributes) {
					// if not
					Logger.error("We have no suitable plugin for obtaining the attribute '" + currentAttribute.getName() + "'");
				} else
					// else, update any existing attributes
					addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes);
            }
            Logger.info("collecting attributes done");
            
            // ask for consent if necessary
            if(oaParam.isRequireConsentForStorkAttributes())
            	new ConsentEvaluator().requestConsent(container, response, oaParam);
            else
            	new ConsentEvaluator().generateSTORKResponse(response, container);

            return "12345"; // AssertionId

        } catch (ExternalAttributeRequestRequiredException e) {
            // the attribute request is ongoing and requires an external service.
            try {
                // memorize the container again
				Logger.debug("prepare putting the container into temporary storage...");

                // - generate new key
                String newArtifactId = new SecureRandomIdentifierGenerator()
                        .generateIdentifier();
                // - put container in temporary store.
                AssertionStorage.getInstance().put(newArtifactId, container);

				Logger.debug("...successful");

				Logger.info(e.getAp().getClass().getSimpleName() + " is going to ask an external service provider for the requested attributes");
                // add container-key to redirect embedded within the return URL
                e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam);

            } catch (Exception e1) {
                // TODO should we return the response as is to the PEPS?
                Logger.error("Error putting incomplete Stork response into temporary storage", e1);
                e1.printStackTrace();
                throw new MOAIDException("stork.11", null);
            }

            return "12345"; // TODO what to do here?
        }
    }

    /**
     * Adds or updates all {@link PersonalAttribute} objects given in {@code source} to/in {@code target}.
     *
     * @param target the target
     * @param source the source
     * @throws MOAIDException 
     */
	private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) throws MOAIDException {
		Logger.debug("Updating " + source.size() + " attributes...");
		for (PersonalAttribute current : source) {
			Logger.trace("treating " + current.getName());
	        
			// check if we need to update the current pa
			if (target.containsKey(current.getName())) {
				PersonalAttribute existing = target.get(current.getName());
				if(!(existing.isEmptyValue() && existing.isEmptyComplexValue()))
					if(!(existing.getValue().equals(current.getValue()) || existing.getComplexValue().equals(current.getComplexValue()))) {
		                Logger.error("Attribute Value does not match the value from first authentication!");
		                throw new MOAIDException("stork.16", new Object[] {existing.getName()});
					}

				target.get(current.getName()).setStatus(current.getStatus());
				target.get(current.getName()).setValue(current.getValue());
				target.get(current.getName()).setComplexValue(current.getComplexValue());
			} else
				target.add(current);

			Logger.trace("...successfully treated " + current.getName());
		}
	}

    /* (non-Javadoc)
     * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
     */
    public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
    	// this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action.
        return false;
    }

    /* (non-Javadoc)
     * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
     */
    public String getDefaultActionName() {
        return STORKProtocol.ATTRIBUTE_COLLECTOR;
    }
}