package at.gv.egovernment.moa.id.auth.modules.eidas.engine;

import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Response;
import org.w3c.dom.Document;

import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.engine.Correlated;
import eu.eidas.auth.engine.ProtocolEngine;
import eu.eidas.auth.engine.configuration.ProtocolConfigurationAccessor;
import eu.eidas.auth.engine.core.ProtocolProcessorI;
import eu.eidas.auth.engine.metadata.MetadataFetcherI;
import eu.eidas.auth.engine.xml.opensaml.XmlSchemaUtil;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;

public class MOAProtocolEngine extends ProtocolEngine {

	public MOAProtocolEngine(ProtocolConfigurationAccessor configurationAccessor) {
		super(configurationAccessor);

	}

	/**
	 * Add SAML2 metadata refresh functionality if first validation failed 
	 * 
	 */
	@Override
	public Correlated unmarshallResponse(byte[] responseBytes) throws EIDASSAMLEngineException {
		try {
			return super.unmarshallResponse(responseBytes);
			
		} catch (EIDASSAMLEngineException e) {
			if (responseBytes != null ) {
				Logger.info("eIDAS Response validation FAILED. Starting metadata reloading process ...");
				Document document = XmlSchemaUtil.validateSamlSchema(responseBytes);
				Response response = (Response) unmarshall(document);
				String entityID = response.getIssuer().getValue();
				
				if (MiscUtil.isEmpty(entityID)) {
					Logger.debug("eIDAS Response contains no EntityID.");
					throw e;
					
				}
				
				if (startInternalMetadataRefesh(entityID)) {
					Logger.debug("Metadata refresh success. Revalidate eIDAS Response ...");
					return super.unmarshallResponse(responseBytes);
					
				}
				Logger.info("eIDAS metadata refresh not possible or not successful.");
				
			}			
			throw e;
			
		}
	}
	
	/**
	 * Add SAML2 metadata refresh functionality if first validation failed 
	 * 
	 */
	@Override
	public AuthnRequest unmarshallRequest(byte[] requestBytes) throws EIDASSAMLEngineException {
		try {
			return super.unmarshallRequest(requestBytes);
			
			
		} catch (EIDASSAMLEngineException e) {
			if (null != requestBytes) {
				Logger.info("eIDAS Request validation FAILED. Starting metadata reloading process ...");
				Document document = XmlSchemaUtil.validateSamlSchema(requestBytes);
				AuthnRequest request = (AuthnRequest) unmarshall(document);
				String entityID = request.getIssuer().getValue();
				
				if (MiscUtil.isEmpty(entityID)) {
					Logger.debug("eIDAS Authn. Request contains no EntityID.");
					throw e;
					
				}

				if (startInternalMetadataRefesh(entityID)) {
					Logger.debug("Metadata refresh success. Revalidate eIDAS Authn. Request ...");
					return super.unmarshallRequest(requestBytes);
					
				}
				
				Logger.info("eIDAS metadata refresh not possible or not successful.");
			}
			
			throw e;
						
		}
	}
	
	/**
	 * Refresh SAML2 metadata if the internal metadata provider supports this functionality
	 * 
	 * @param entityID
	 * @return true if refresh was success, otherwise false
	 */
	private boolean startInternalMetadataRefesh(String entityID) {
		//check if eIDAS SAML-Engine implementation supports metadata refresh
		ProtocolProcessorI protocolProcessor = this.getProtocolProcessor();
		if (protocolProcessor instanceof MOAEidasProtocolProcesser) {
			MetadataFetcherI metadataFetcher = 
					((MOAEidasProtocolProcesser)protocolProcessor).getMetadataFetcher();
			if (metadataFetcher instanceof MOAeIDASMetadataProviderDecorator)					
				return ((MOAeIDASMetadataProviderDecorator)metadataFetcher).refreshMetadata(entityID);
				
		}
		
		return false;
	}
	
//	@Override
//	protected X509Certificate getEncryptionCertificate(String requestIssuer,
//			String destinationCountryCode) throws EIDASSAMLEngineException {
//		if ((StringUtils.isNotBlank(destinationCountryCode)) && (null != getProtocolEncrypter())
//				&& (getProtocolEncrypter().isEncryptionEnabled(destinationCountryCode))) {
//			X509Certificate encryptionCertificate = getProtocolProcessor().getEncryptionCertificate(requestIssuer);
//			
//			if (null == encryptionCertificate) {
//				return getProtocolEncrypter().getEncryptionCertificate(destinationCountryCode);
//				
//			}
//			return encryptionCertificate;
//		}
//		return null;
//	}
//	
//	@Override
//	protected Response signResponse(IAuthenticationRequest request, Response response)
//			throws EIDASSAMLEngineException {
//		Response responseToSign = response;
//
//		if ((null != getProtocolEncrypter()) && (!(SAMLEngineUtils.isErrorSamlResponse(responseToSign)))) {
//			X509Certificate destinationCertificate = getEncryptionCertificate(request.getIssuer(),
//					request.getOriginCountryCode());
//
//			if (null != destinationCertificate) {
//				responseToSign = getProtocolEncrypter().encryptSamlResponse(responseToSign, destinationCertificate);
//				
//			} else if (getProtocolEncrypter().isEncryptionEnabled(request.getOriginCountryCode())) {
////				Logger.error(SAML_EXCHANGE,
////						"BUSINESS EXCEPTION : encryption cannot be performed, no matching certificate for issuer="
////								+ request.getIssuer() + " and country=" + request.getOriginCountryCode());
//
//				throw new EIDASSAMLEngineException(EidasErrorKey.SAML_ENGINE_INVALID_CERTIFICATE.errorCode(),
//						EidasErrorKey.SAML_ENGINE_INVALID_CERTIFICATE.errorMessage());
//			}
//
//		} else if (!(SAMLEngineUtils.isErrorSamlResponse(responseToSign))) {
//			checkSendingUnencryptedResponsesAllowed();
//			
//		}
//
//		Logger.debug("Signing SAML Response.");
//		return ((Response) getSigner().sign(responseToSign));
//	}
}