/*******************************************************************************
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 *******************************************************************************/
package at.gv.egovernment.moa.id.commons.validation;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

import at.gv.egovernment.moa.logging.Logger;
import iaik.asn1.ObjectID;
import iaik.utils.Util;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;


public class ValidationHelper {

	public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at";
	
	private static final String TEMPLATE_DATEFORMAT = "dd.MM.yyyy";
	

	
	public static boolean isPublicServiceAllowed(String identifier) {
		
		SSLSocket socket = null;
		
		try {
			URL url = new URL(identifier);
			String host = url.getHost();
			
			if (host.endsWith("/"))
				host = host.substring(0, host.length()-1);
			
			if (url.getHost().endsWith(PUBLICSERVICE_URL_POSTFIX)) {
				Logger.debug("PublicURLPrefix with .gv.at Domain found.");
				return true;
				
			} else {
				SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();			
				socket = (SSLSocket) factory.createSocket(url.getHost(), url.getPort());
				socket.startHandshake();
				
				SSLSession session = socket.getSession();
				Certificate[] servercerts = session.getPeerCertificates();
				X509Certificate[] iaikChain = new X509Certificate[servercerts.length];
				for (int i=0; i<servercerts.length; i++) {
					iaikChain[i] = new X509Certificate(servercerts[i].getEncoded());
				}
				
				
				X509Certificate cert = Util.arrangeCertificateChain(iaikChain, false)[0];
				
				if (cert != null) {
					ObjectID vwOID = new ObjectID("1.2.40.0.10.1.1.1"); // Verwaltungseigenschaft
					ObjectID dOID = new ObjectID("1.2.40.0.10.1.1.2"); // Dienstleistereigenschaft
					
					
					if ((cert.getExtension(vwOID) == null) && (cert.getExtension(dOID) == null)) {
						return false;
						
					} else {
						Logger.info("Found correct X509 Extension in server certificate. PublicService is allowed");
						return true;
					}		
				}
				
				return false;
			}
				
		} catch (MalformedURLException e) {
			Logger.warn("PublicURLPrefix can not parsed to URL", e);
			return false;
			
		} catch (UnknownHostException e) {
			Logger.warn("Can not connect to PublicURLPrefix Server", e);
			return false;
			
		} catch (IOException e) {
			Logger.warn("Can not connect to PublicURLPrefix Server", e);
			return false;
			
		} catch (CertificateEncodingException e) {
			Logger.warn("Can not parse X509 server certificate", e);
			return false;
			
		} catch (CertificateException e) {
			Logger.warn("Can not read X509 server certificate", e);
			return false;
			
		} catch (X509ExtensionInitException e) {
			Logger.warn("Can not read X509 server certificate extension", e);
			return false;
		}
		
		finally {
			if (socket != null)
				try {
					socket.close();
				} catch (IOException e) {
					Logger.warn("SSL Socket can not be closed.", e);
				}
		}
	}
	
	public static boolean validateOAID(String oaIDObj) {
		if (oaIDObj != null) {
			try {
				
				long oaID = Long.valueOf(oaIDObj);
			
				if (oaID >= 0 && oaID < Long.MAX_VALUE)
					return true;
				
			} catch (Throwable t) {
				Logger.warn("No valid DataBase OAID received! " + oaIDObj);
			}
		}
		return false;
	}
	
	public static boolean validateNumber(String value) {
		
		Logger.debug("Validate Number " + value);

		try {
			Float.valueOf(value);
			
			return true;
			
		} catch (NumberFormatException e) {
			return false;
		}
		
		
	}
	
	public static boolean validatePhoneNumber(String value) {
		Logger.debug ("Validate PhoneNumber " + value);
		
        /* ************************************************************************************************
         * Legende: 
         * ========   AA = post/pre-Text
         *            BB = (+49)
         *            CC = Vorwahl  
         *            DD = Durchwahl
         *            EE = Nebenstelle                                                                
         * Pattern p = Pattern.compile("^ [a-zA-Z .,;:/\\-]* [ ]* [(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1} [ ]* [0-9]*[ ]* [0-9][ ]* [0-9]* [ ]* [a-zA-Z .,;:\\/-]* $");
         *                                ------- AA -------      --------------------- BB ---------------------      --------- CC --------          - DD -          - EE -          ------- AA -------
         * ************************************************************************************************ */
        Pattern pattern = Pattern.compile("^[a-zA-Z .,;:/\\-]*[ ]*[(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1}[ ]*[0-9]*[ ]*[0-9]*[ ]*[0-9]*[ ]*[a-zA-Z .,;:\\/-]*$");
        Matcher matcher = pattern.matcher(value);
        boolean b = matcher.matches();
        if (b) {
     	   Logger.debug("Parameter PhoneNumber erfolgreich ueberprueft");
     	  return true;
        }
        else {
     	   Logger.error("Fehler Ueberpruefung Parameter PhoneNumber. PhoneNumber entspricht nicht den Kriterien ^ [a-zA-Z .,;:/\\-]* [ ]* [(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1} [ ]* [0-9]*[ ]*[/\\-]{0,1} [ ]*[ ]* [0-9]* [ ]* [a-zA-Z .,;:\\/-]* $");
     	  return false;  
        }  
        
		
	}
	
	public static boolean validateURL(String urlString) {
		
		Logger.debug("Validate URL " + urlString);
		
		if (urlString.startsWith("http") || urlString.startsWith("https")) {
  		  try {
			new URL(urlString);
			return true;
			
  		  } catch (MalformedURLException e) {
  		  }
		}
		
		return false;
	}
	
//	public static boolean validateGeneralURL(String urlString) {
//		
//		Logger.debug("Validate URL " + urlString);
//		
//  		  try {
//			new URL(urlString);
//			return true;
//			
//  		  } catch (MalformedURLException e) {
//  			  
//  		  }
//		
//		return false;
//	}
	
	public static boolean isValidAdminTarget(String target) {
		   
	   Logger.debug("Ueberpruefe Parameter Target");
	            
       Pattern pattern = Pattern.compile("[a-zA-Z-]{1,5}");
       Matcher matcher = pattern.matcher(target);
       boolean b = matcher.matches();
       if (b) {
    	   Logger.debug("Parameter SSO-Target erfolgreich ueberprueft. SSO Target is PublicService.");
    	  return true;
       }
       else {
    	   Logger.info("Parameter SSO-Target entspricht nicht den Kriterien " +
    	   		"(nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang) fuer den oeffentlichen Bereich. " +
    	   		"Valiere SSO-Target fuer privatwirtschaftliche Bereiche.");
    	  return false;  
       }           
	}
	
	public static boolean isValidTarget(String target) {
		   
		   Logger.debug("Ueberpruefe Parameter Target");
		            
	       if (TargetValidator.isValidTarget(target)) {
	    	   Logger.debug("Parameter Target erfolgreich ueberprueft");
	    	  return true;
	       }
	       else {
	    	   Logger.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");
	    	  return false;  
	       }
		            
		}
	
	public static boolean isValidSourceID(String sourceID) {
		   
	   Logger.debug("Ueberpruefe Parameter sourceID");

	   Pattern pattern = Pattern.compile("[\\w-_]{1,20}");
	   Matcher matcher = pattern.matcher(sourceID);
	   boolean b = matcher.matches();
	   if (b) {
	 	  Logger.debug("Parameter sourceID erfolgreich ueberprueft");
	 	  return true;
      }
      else {
    	  Logger.error("Fehler Ueberpruefung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)");
    	  return false;  
      }            
	}
	
	public static boolean isDateFormat(String dateString) {
		if (dateString.length() > TEMPLATE_DATEFORMAT.length())
			return false;
		
		SimpleDateFormat sdf = new SimpleDateFormat(TEMPLATE_DATEFORMAT);
		try {
			sdf.parse(dateString);
			return true;
			
		} catch (ParseException e) {
			return false;
		}
	}

	public static boolean isEmailAddressFormat(String address) {
		if (address == null) {
			return false;
		}
		return Pattern.compile("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,6}$").matcher(address).matches();
	}
	
	public static boolean isValidOAIdentifier(String param) {
		if (param == null) {
			return false;
		}
		return param.indexOf(";") != -1 ||
					 param.indexOf("%") != -1 ||
					 param.indexOf("\"") != -1 ||
					 param.indexOf("'") != -1 ||
					 param.indexOf("?") != -1 ||
					 param.indexOf("`") != -1 ||
					 param.indexOf(",") != -1 ||
					 param.indexOf("<") != -1 ||
					 param.indexOf(">") != -1 ||
					 param.indexOf("\\") != -1;	
		
	}
	
	public static String getNotValidOAIdentifierCharacters() {
		
		return "; % \" ' ` , < > \\";
	}	
	
	public static boolean containsNotValidCharacter(String param, boolean commaallowed) {
		
		if (param == null) {
			return false;
		}
		return param.indexOf(";") != -1 ||
					 param.indexOf("%") != -1 ||
					 param.indexOf("\"") != -1 ||
					 param.indexOf("'") != -1 ||
					 param.indexOf("?") != -1 ||
					 param.indexOf("`") != -1 ||
					 ( param.indexOf(",") != -1 && !commaallowed ) ||
					 param.indexOf("<") != -1 ||
					 param.indexOf(">") != -1 ||
					 param.indexOf("\\") != -1 ||
					 param.indexOf("/") != -1;					 					
	}
	
	public static String getNotValidCharacter(boolean commaallowed) {
		
		if (commaallowed)
			return "; % \" ' ` < > \\ /";
		else
			return "; % \" ' ` , < > \\ /";
	}
	
	public static boolean isNotValidIdentityLinkSigner(String param) {
		if (param == null) {
			return false;
		}
		return param.indexOf(";") != -1 ||
					 param.indexOf("%") != -1 ||
					 param.indexOf("\"") != -1 ||
					 param.indexOf("'") != -1 ||
					 param.indexOf("?") != -1 ||
					 param.indexOf("`") != -1 ||
					 param.indexOf("<") != -1 ||
					 param.indexOf(">") != -1;	
		
	}
	
	public static String getNotValidIdentityLinkSignerCharacters() {
		
		return "; % \" ' ` < >";
	}
	
	public static boolean isValidHexValue(String param) {
		
		try {
			if (param.startsWith("#") && param.length() <= 7) {			
				Long.decode(param);
				return true;
			}
			
		} catch (Exception e) {
			
		}
		return false;
		
	}
	
}