/*
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */
package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

import com.google.common.net.MediaType;

import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthMetadataConfiguration;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;

/**
 * @author tlenz
 *
 */
@Controller
public class EidasCentralAuthMetadataController extends AbstractController {
	
	@Autowired PVPMetadataBuilder metadatabuilder;
	@Autowired AuthConfiguration authConfig;
	@Autowired EidasCentralAuthCredentialProvider credentialProvider; 
	@Autowired IPVP2BasicConfiguration pvpConfiguration;
	
	public EidasCentralAuthMetadataController() {
		super();
		Logger.debug("Registering servlet " + getClass().getName() 
				+ " with mappings '" + EidasCentralAuthConstants.ENDPOINT_METADATA 
				+ "'.");
		
	}
	
	@RequestMapping(value = EidasCentralAuthConstants.ENDPOINT_METADATA, 
					method = {RequestMethod.GET})
	public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
		//check PublicURL prefix
		try {
			String authURL = HTTPUtils.extractAuthURLFromRequest(req);		
			if (!authConfig.getPublicURLPrefix().contains(authURL)) {		
				resp.sendError(HttpServletResponse.SC_FORBIDDEN, "No valid request URL");
				return;
				
			} else {
				//initialize metadata builder configuration
				EidasCentralAuthMetadataConfiguration metadataConfig = 
						new EidasCentralAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
				metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes());
				
				
				//build metadata
				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
				
				//write response
				byte[] content = xmlMetadata.getBytes("UTF-8");
				resp.setStatus(HttpServletResponse.SC_OK);
				resp.setContentLength(content.length);
				resp.setContentType(MediaType.XML_UTF_8.toString());
				resp.getOutputStream().write(content);

			}
			
		} catch (Exception e) {
			Logger.warn("Build federated-authentication PVP metadata FAILED.", e);
			protAuthService.handleErrorNoRedirect(e, req, resp, false);
			
		}
		
	}

	private List<Pair<String, Boolean>> getAdditonalRequiredAttributes() {
	  List<Pair<String, Boolean>> result = new ArrayList<Pair<String, Boolean>>();
	  
	  //load SEMPER attributes if required
	  if (authConfig.getBasicConfigurationBoolean(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) {
	    result.addAll(EidasCentralAuthConstants.DEFAULT_SEMPER_MANDATE_PVP_ATTRIBUTES);
	      
	  }
	  
	  //load attributes from configuration
	  Map<String, String> addReqAttributes = authConfig.getBasicConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST);		
		if (addReqAttributes != null) {			
			for (String el : addReqAttributes.values()) {
				if (MiscUtil.isNotEmpty(el)) {
					Logger.trace("Parse additional attr. definition: " + el);
					List<String> attr = KeyValueUtils.getListOfCSVValues(el.trim());
					if (attr.size() == 2) {						
						result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1))));
						
					} else
						Logger.info("IGNORE additional attr. definition: " + el
								+ " Reason: Format not valid");
				}				
			}			
		}
				
		return result;
				

	}
		
}