/*
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */
package at.gv.egovernment.moa.id.auth.modules.eidas;

import java.net.URI;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;

import org.apache.xml.security.signature.XMLSignature;
import org.opensaml.xml.encryption.EncryptionConstants;
import org.opensaml.xml.signature.SignatureConstants;

import at.gv.egiz.eaaf.core.impl.data.Trible;

/**
 * @author tlenz
 *
 */
public class Constants {

	public static final String eIDAS_SAML_ENGINE_NAME = "default";
	public static final String SSLSOCKETFACTORYNAME = "eIDASMetadataSSLSocketFactory";
		
	//default keys for eIDAS SAML-engine configuration
	public static final String eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG = "SamlEngineConf";
	public static final String eIDAS_SAML_ENGINE_NAME_ID_SIGNATURECONFIG = "SignatureConf";
	public static final String eIDAS_SAML_ENGINE_NAME_ID_ENCRYPTIONCONFIG = "EncryptionConf";
	public static final String eIDAS_SAML_ENGINE_NAME_ID_CLASS = "class";
	
	//default implementations for eIDAS SAML-engine functionality
	//public static final String SAML_SIGNING_IMPLENTATION = "at.gv.egovernment.moa.id.auth.modules.eidas.config.MOASWSigner";
	public static final String SAML_SIGNING_IMPLENTATION = "at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner";
	public static final String SAML_ENCRYPTION_IMPLENTATION = "at.gv.egovernment.moa.id.auth.modules.eidas.config.ModifiedEncryptionSW";
	
	//configuration property keys
	public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS";
	public static final String CONIG_PROPS_EIDAS_SAMLENGINE="samlengine";
	public static final String CONIG_PROPS_EIDAS_NODE= CONIG_PROPS_EIDAS_PREFIX + ".node";
	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX=CONIG_PROPS_EIDAS_PREFIX + "." + CONIG_PROPS_EIDAS_SAMLENGINE;
	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file";	
	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN="sign";
	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT="enc";
	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
			+ CONIG_PROPS_EIDAS_SAMLENGINE_SIGN + ".config.file";
	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
			+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ATTIONAL_ATTRIBUTE_DEFINITIONS = 
			CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".attributes.addition.config";
	public static final String CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE = CONIG_PROPS_EIDAS_PREFIX + ".metadata.validation.truststore";
	
	
	public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode";
	public static final String CONIG_PROPS_EIDAS_NODE_COUNTRY = CONIG_PROPS_EIDAS_NODE + ".country";
	public static final String CONIG_PROPS_EIDAS_NODE_LoA = CONIG_PROPS_EIDAS_NODE + ".LoA";	
	
	public static final String CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX = CONIG_PROPS_EIDAS_PREFIX + ".metadata.url";
	
	public static final String CONFIG_PROPS_EIDAS_BPK_TARGET_PREFIX = CONIG_PROPS_EIDAS_PREFIX + ".bpk.target.";
	
	
	
	//timeouts and clock skews
	public static final long CONFIG_PROPS_SKEWTIME_BEFORE = -2 * 60 * 1000;  			//5 minutes skew time for response validation
	public static final long CONFIG_PROPS_SKEWTIME_AFTER = 2 * 60 * 1000;  			//5 minutes skew time for response validation
	public static final long CONFIG_PROPS_METADATA_GARBAGE_TIMEOUT = 7 * 24 * 60 * 60 * 1000;	//remove unused eIDAS metadata after 7 days

	//eIDAS request parameters
	public static final String eIDAS_REQ_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
	
	//eIDAS attribute names	
	public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
	public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
	public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName";	
	public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName";	
	public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier";
	public static final String eIDAS_ATTR_LEGALNAME = "LegalName";
		
	//http endpoint descriptions
	public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
	public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/sp/redirect";
	public static final String eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST = "/eidas/ColleagueRequest";
	public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata";
	
	
	//Event-Codes for Revisionslog
	public static final int eIDAS_REVERSIONSLOG_METADATA = 3400;
	public static final int eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST = 3401;
	public static final int eIDAS_REVERSIONSLOG_IDP_AUTHRESPONSE = 3402;
		
	
    public static final String METADATA_ALLOWED_ALG_DIGIST = 
    		SignatureConstants.ALGO_ID_DIGEST_SHA256 + ";" + 
    		SignatureConstants.ALGO_ID_DIGEST_SHA512 ;
    
    public static final String METADATA_ALLOWED_ALG_SIGN = 
    		SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256 + ";" + 
    		SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512 + ";" + 
    		XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256_MGF1 + ";" + 
    		XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512_MGF1;
    
    public static final String METADATA_ALLOWED_ALG_ENCRYPT = 
    		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM + ";" + 
    		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM + ";" + 
    		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM + ";" + 
    		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128 + ";" + 
    		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
    
    public static final List<URI> NATURALPERSONMINIMUMDATASETLIST = Collections.unmodifiableList(new ArrayList<URI>() {
		private static final long serialVersionUID = 1L;
		{
			add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri());
			add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME.getNameUri());
			add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri());
			add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri());
		}
	});

    
}