/*
 * Copyright 2003 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */


package at.gv.egovernment.moa.id.proxy;

import iaik.pki.PKIException;
import iaik.pki.jsse.IAIKX509TrustManager;

import java.io.IOException;
import java.security.GeneralSecurityException;

import javax.net.ssl.SSLSocketFactory;

import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.Logger;

/**
 * Web application initializer
 * 
 * @author Paul Ivancsics
 * @version $Id$
 */
public class MOAIDProxyInitializer {

  /**
   * Initializes the web application components which need initialization: 
   * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner.
   */
  public static void initialize() 
    throws ConfigurationException, IOException, GeneralSecurityException, PKIException {
      
    Logger.setHierarchy("moa.id.proxy");
    
    // Restricts TLS cipher suites
    System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA");
        
    // load some jsse classes so that the integrity of the jars can be verified
    // before the iaik jce is installed as the security provider
    // this workaround is only needed when sun jsse is used in conjunction with
    // iaik-jce (on jdk1.3)
    ClassLoader cl = MOAIDProxyInitializer.class.getClassLoader();
    try {
      cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
    } 
    catch (ClassNotFoundException e) {
      Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e);
    }

    // Initializes the SSLSocketFactory store
    SSLUtils.initialize();

    // Initializes IAIKX509TrustManager logging
    String log4jConfigURL = System.getProperty("log4j.configuration");
    if (log4jConfigURL != null) {
      IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));
    }
    
    // Loads the configuration
    ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.reload();

    // Initializes the Axis secure socket factory for use in calling the MOA-Auth web service,
    // using configuration data
    ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter();
    if (connParamAuth!=null) {
	    if (connParamAuth.isHTTPSURL()) {
	      SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
	      AxisSecureSocketFactory.initialize(ssf);
	    }
    } else {
    	throw new ConfigurationException("config.16", null);
    }
    
    // Initializes the Axis secure socket factories for use in calling the online applications,
    // using configuration data
    OAProxyParameter[] oaParams = proxyConf.getOnlineApplicationParameters();
    for (int i = 0; i < oaParams.length; i++) {
      OAProxyParameter oaParam = oaParams[i];
      ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
      if (oaConnParam.isHTTPSURL())
        SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
    }
    
    // Initializes the ConnectionBuilderFactory from configuration data
    ConnectionBuilderFactory.initialize();

    // Initializes the LoginParameterResolverFactory from configuration data
    LoginParameterResolverFactory.initialize();
    
  }
  
}