/*******************************************************************************
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 * 
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 * 
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 ******************************************************************************/
/*
 * Copyright 2003 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */


package at.gv.egovernment.moa.id.commons.utils.ssl;

import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Set;

import iaik.asn1.structures.AlgorithmID;
import iaik.pki.PKIProfile;
import iaik.pki.pathvalidation.ValidationProfile;
import iaik.pki.revocation.RevocationProfile;
import iaik.pki.revocation.RevocationSourceTypes;
import iaik.pki.store.truststore.TrustStoreProfile;
import iaik.pki.store.truststore.TrustStoreTypes;

/**
 * Implementation of the <code>PKIProfile</code> interface and subinterfaces
 * providing information needed for certificate path validation.
 * 
 * @author Paul Ivancsics
 * @version $Id$
 */
public class PKIProfileImpl extends ObservableImpl
  implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
	
  /**
   * URI to the truststore
   */
  private String trustStoreURI;

	/**
	 * revocation checking;
	 */
	private boolean revocationChecking;
  
	
	private String[] revocationCheckMethode = new String[] {RevocationSourceTypes.CRL};
	protected String ocspRequestHashAlgorithm_ = null;
	
  /**
   * The trust profile identifier. 
   */
  private String id;


  /**
   * Create a new <code>PKIProfileImpl</code>.
   * 
   * @param trustStoreURI trust store URI
   */
  public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) {
    this.trustStoreURI = trustStoreURI;
    this.revocationChecking = revocationChecking;
    String id = String.valueOf(System.currentTimeMillis());
    setId("id-" + id);
  }

  /**
   * @see iaik.pki.PKIProfile#getRevocationProfile()
   */
  public RevocationProfile getRevocationProfile() {
    return this;
  }

  /**
   * @see iaik.pki.PKIProfile#getTrustStoreProfile()
   */
  public TrustStoreProfile getTrustStoreProfile() {
    return this;
  }

  /**
   * @see iaik.pki.PKIProfile#getValidationProfile()
   */
  public ValidationProfile getValidationProfile() {
    return this;
  }

  /**
   * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
   */
  public boolean useAuthorityInfoAccess() {
    return true;
  }
  
  /**
   * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
   */
  public long getMaxRevocationAge(String arg0) {
    return 0L;
  }

  /**
   * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
   */
  public String getOCSPRequestHashAlgorithm() {
	  if (ocspRequestHashAlgorithm_ == null) {
	      try
	      {
	        ocspRequestHashAlgorithm_ = AlgorithmID.sha1.getImplementationName();
	      }
	      catch (NoSuchAlgorithmException localNoSuchAlgorithmException) {}
	    }
	    return ocspRequestHashAlgorithm_;
  }

  public void setOCSPRequestHashAlgorithm(AlgorithmID paramAlgorithmID)
		    throws NoSuchAlgorithmException
		  {
		    if (paramAlgorithmID == null) {
		      throw new NullPointerException("Algorithm must not be null.");
		    }
		    ocspRequestHashAlgorithm_ = paramAlgorithmID.getImplementationName();
		  }
  
  /**
   * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
   */
  public String[] getPreferredServiceOrder(X509Certificate arg0) {
    return revocationCheckMethode;
  }

  public void setPreferredServiceOrder(String[] order) {
	  this.revocationCheckMethode = order;
  }
  
  /**
   * @see iaik.pki.store.truststore.TrustStoreProfile#getType()
   */
  public String getType() {
    return TrustStoreTypes.DIRECTORY;
  }

  /**
   * @see iaik.pki.store.truststore.TrustStoreProfile#getURI()
   */
  public String getURI() {
    return trustStoreURI;
  }

  /**
   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit()
   */
  public boolean getInitialAnyPolicyInhibit() {
    return false;
  }

  /**
   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy()
   */
  public boolean getInitialExplicitPolicy() {
    return false;
  }

  /**
   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit()
   */
  public boolean getInitialPolicyMappingInhibit() {
    return false;
  }

  /**
   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet()
   */
  public Set getInitialPolicySet() {
    return Collections.EMPTY_SET;
  }

  /**
   * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing()
   */
  public boolean getNameConstraintsProcessing() {
    return false;
  }

  /**
   * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing()
   */
  public boolean getPolicyProcessing() {
    return false;
  }

  /**
   * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
   */
  public boolean getRevocationChecking() {
		return this.revocationChecking;
  }

  /**
   * @see iaik.pki.store.truststore.TrustStoreProfile#getId()
   */
  public String getId() {
    return id;
  }
  /**
   * Sets the trust profile identifier.
   * @param id The id to set.
   */
  public void setId(String id) {
    this.id = id;
  }

/* (non-Javadoc)
 * @see iaik.pki.PKIProfile#autoAddCertificates()
 */
@Override
public int autoAddCertificates() {
	return 1;
	
}

/* (non-Javadoc)
 * @see iaik.pki.PKIProfile#getIndirectRevocationTrustStoreProfile()
 */
@Override
public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
	return null;
	
}
}