/*
 * Copyright 2019 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */
package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.tasks;

import java.security.NoSuchAlgorithmException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.config.EIDAuthRequestBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider;
import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.Utils;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;

/**
 * @author tlenz
 *
 */
@Component("CreateEIDSystemAuthnRequestTask")
public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 
	@Autowired PVPAuthnRequestBuilder authnReqBuilder;
	@Autowired EIDAuthCredentialProvider credential;
	@Autowired EIDAuthMetadataProvider metadataService;
	
	//@Autowired(required=true) ILoALevelMapper loaMapper;	
	//@Autowired(required=true) MOAMetadataProvider metadataProvider;
	 
	
	/* (non-Javadoc)
	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
	 */
	@Override
	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
			throws TaskExecutionException {
		try{
			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EID_SERVICE_SELECTED);
									
			// get entityID for central ms-specific eIDAS node 			
			String msNodeEntityID = Utils.getEIDSystemEntityId(pendingReq.getServiceProviderConfiguration(), authConfig);
			
			
			if (MiscUtil.isEmpty(msNodeEntityID)) {
				Logger.info("E-ID authentication not possible -> NO EntityID for E-ID System FOUND!");
				throw new MOAIDException("NO EntityID for E-ID System FOUND", null);
				
			}
						
			//load metadata with metadataURL, as backup
			String metadataURL = authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_NODE_METADATAURL);
			if (MiscUtil.isNotEmpty(metadataURL)) {
				Logger.warn("Use not recommended metadata-provider initialization!"
						+ " SAML2 'Well-Known-Location' is the preferred methode.");
				Logger.info("Initialize 'E-ID System' metadata-provider with URL:" + metadataURL);				
				metadataService.addMetadataWithMetadataURL(metadataURL);
				
			}
			
			//load IDP SAML2 entitydescriptor
			EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID);											
			if (entityDesc == null) {
				Logger.error("Requested 'E-ID System' " + entityDesc 
						+ " has no valid metadata or metadata is not found");
				throw new MOAIDException("Requested 'E-ID System' " + entityDesc 
						+ " has no valid metadata or metadata is not found", null);
				
			}
			
			//setup AuthnRequestBuilder configuration
			EIDAuthRequestBuilderConfiguration authnReqConfig = new EIDAuthRequestBuilderConfiguration();
			SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
			authnReqConfig.setRequestId(gen.generateIdentifier());
			authnReqConfig.setIdpEntity(entityDesc);
			authnReqConfig.setPassive(false);
			authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential());
			authnReqConfig.setSPEntityID(pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_METADATA);						
			authnReqConfig.setScopeRequesterId(
					Utils.getEidSystemApplicationId(pendingReq.getServiceProviderConfiguration(), pendingReq.getAuthURL()));
					
			//build and transmit AuthnRequest
			authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);

			revisionsLogger.logEvent(pendingReq, 
					MOAIDEventConstants.AUTHPROCESS_EID_SERVICE_REQUESTED,
					authnReqConfig.getRequestID());
			
		} catch (MOAIDException e) {
			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
						
		} catch (MetadataProviderException e) {
			
			throw new TaskExecutionException(pendingReq, 
					"Build PVP2.1 AuthnRequest to connect 'E-ID System' FAILED.", 
					new AuthnRequestBuildException("sp.pvp2.02", new Object[] {"'E-ID System'"},e ));

		} catch (MessageEncodingException | NoSuchAlgorithmException  | SecurityException e) {
			Logger.error("Build PVP2.1 AuthnRequest to connect 'E-ID System' FAILED", e);
			throw new TaskExecutionException(pendingReq, 
					e.getMessage(), 
					new AuthnRequestBuildException("sp.pvp2.13", new Object[] {"'E-ID System'"},e ));
			
		} catch (Exception e) {
			Logger.error("Build PVP2.1 AuthnRequest to connect 'E-ID System' FAILED", e);
			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
			
		}
	}

}