package at.gv.egovernment.moa.id.protocols.stork2;

import java.io.StringWriter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;

import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;

import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PEPSUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.peps.auth.commons.PersonalAttributeList;
import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;

/**
 * creates a STORK attribute request for a configurable set of attributes
 */
public class StorkAttributeRequestProvider implements AttributeProvider {

	private PersonalAttributeList requestedAttributes;
	
	/** The destination. */
	private String destination;
	
	/**
	 * Instantiates a new stork attribute request provider.
	 *
	 * @param apUrl the AP location
	 */
	public StorkAttributeRequestProvider(String apUrl) {
		destination = apUrl;
	}

	/* (non-Javadoc)
	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)
	 */
	public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession)
			throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException {
		requestedAttributes = new PersonalAttributeList(1);
		requestedAttributes.add(attribute);
		throw new ExternalAttributeRequestRequiredException(this);
	}

	/* (non-Javadoc)
	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)
	 */
	public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException {
		Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
		
		//extract STORK Response from HTTP Request
		//Decodes SAML Response
		byte[] decSamlToken;
		try {
			decSamlToken = PEPSUtil.decodeSAMLToken(httpReq.getParameter("SAMLResponse"));
		} catch(NullPointerException e) {
			throw new UnsupportedAttributeException();
		}

		//Get SAMLEngine instance
		STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");

		STORKAttrQueryResponse attrResponse = null;
		try {
			//validate SAML Token
			Logger.debug("Starting validation of SAML response");
			attrResponse = engine.validateSTORKAttrQueryResponse(decSamlToken, (String) httpReq.getRemoteHost());
			Logger.info("SAML response succesfully verified!");
		}catch(STORKSAMLEngineException e){
			Logger.error("Failed to verify STORK SAML Response", e);
			throw new MOAIDException("stork.05", null);
		}
		
		return attrResponse.getPersonalAttributeList();
	}

	/* (non-Javadoc)
	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String)
	 */
	public void performRedirect(String url, String spCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException {
		
    	String spSector = "Business";
    	String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
    	String spApplication = spInstitution;

    	//generate AuthnRquest
    	STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest();
    	attributeRequest.setDestination(destination);
    	attributeRequest.setAssertionConsumerServiceURL(url);
    	attributeRequest.setIssuer(HTTPUtils.getBaseURL(req));
    	attributeRequest.setQaa(oaParam.getQaaLevel());
    	attributeRequest.setSpInstitution(spInstitution);
    	attributeRequest.setCountry(spCountryCode);
    	attributeRequest.setSpCountry(spCountryCode);
    	attributeRequest.setSpApplication(spApplication);
    	attributeRequest.setSpSector(spSector);
    	attributeRequest.setPersonalAttributeList(requestedAttributes);

    	attributeRequest.setCitizenCountryCode("AT");


    	Logger.debug("STORK AttrRequest succesfully assembled.");

    	STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP");
    	try {
    		attributeRequest = samlEngine.generateSTORKAttrQueryRequest(attributeRequest);
    	} catch (STORKSAMLEngineException e) {
			Logger.error("Could not sign STORK SAML AttrRequest.", e);
			throw new MOAIDException("stork.00", null);
		}

		Logger.info("STORK AttrRequest successfully signed!");
		
		try {
			Logger.trace("Initialize VelocityEngine...");

			VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
			Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm");
			VelocityContext context = new VelocityContext();
			context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(attributeRequest.getTokenSaml()));
			context.put("action", destination);

			StringWriter writer = new StringWriter();
			template.merge(context, writer);

			resp.getOutputStream().write(writer.toString().getBytes());
		} catch (Exception e) {
			Logger.error("Error sending STORK SAML AttrRequest.", e);
			throw new MOAIDException("stork.11", null);
		}
	}

}