/*
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */
package at.gv.egovernment.moa.id.auth.modules.eidas.engine;

import java.security.KeyStore;

import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;

import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.auth.engine.metadata.MetadataFetcherI;
import eu.eidas.auth.engine.metadata.MetadataSignerI;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
import eu.eidas.engine.exceptions.SAMLEngineException;

/**
 * @author tlenz
 *
 */
public class MOAeIDASMetadataProviderDecorator implements MetadataFetcherI {

	private MetadataProvider metadataprovider = null;
	
	/**
	 * 
	 */
	public MOAeIDASMetadataProviderDecorator(MetadataProvider metadataprovider) {
		this.metadataprovider = metadataprovider;
		
	}
	
	
	/**
	 * Refresh the SAML2 metadata of a specific Entity
	 * <br>
	 * <b>Info:</b> A refresh is only possible if the internal metadata provider implements 
	 * the 'RefeshableMetadataProvider' interface
	 *    
	 * @param entityId EntityID that should be refreshed
	 * @return true if refresh was successful, otherwise false
	 */
	public boolean refreshMetadata(String entityId) {
		if (this.metadataprovider instanceof IRefreshableMetadataProvider )
			return ((IRefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId);		
		else
			return false;
		
	}
	
	/* (non-Javadoc)
	 * @see eu.eidas.auth.engine.metadata.MetadataFetcherI#getEntityDescriptor(java.lang.String, eu.eidas.auth.engine.metadata.MetadataSignerI)
	 */
	@Override
	public EntityDescriptor getEntityDescriptor(String url, MetadataSignerI paramMetadataSignerI)
			throws EIDASSAMLEngineException {
		try {
			/*TODO: maybe implement metadata signature validation on every request, 
			 * but it is not needed in case of cached metadata provider, 
			 * because signature must be only validated in case of cache reload operation 
			 */			
			return this.metadataprovider.getEntityDescriptor(url);			
			
		} catch (MetadataProviderException e) {
			throw new EIDASSAMLEngineException("eIDAS Metadata processing FAILED.", e);
			
		}
	}
	
	
	/* (non-Javadoc)
	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getEntityDescriptor(java.lang.String)
	 */
	@Deprecated
	public EntityDescriptor getEntityDescriptor(String url)
			throws SAMLEngineException {		
		try {
			return this.metadataprovider.getEntityDescriptor(url);
			
		} catch (MetadataProviderException e) {
			throw new SAMLEngineException("eIDAS Metadata processing FAILED.", e);
			
		}
	}

	/* (non-Javadoc)
	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getSPSSODescriptor(java.lang.String)
	 */
	@Deprecated
	public SPSSODescriptor getSPSSODescriptor(String url)
			throws SAMLEngineException {
		return getFirstRoleDescriptor(getEntityDescriptor(url), SPSSODescriptor.class);
		
	}

	/* (non-Javadoc)
	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getIDPSSODescriptor(java.lang.String)
	 */
	@Deprecated
	public IDPSSODescriptor getIDPSSODescriptor(String url)
			throws SAMLEngineException {
		return getFirstRoleDescriptor(getEntityDescriptor(url), IDPSSODescriptor.class);
		
	}

	/* (non-Javadoc)
	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, eu.eidas.auth.engine.EIDASSAMLEngine)
	 */
	@Deprecated
	public void checkValidMetadataSignature(String url, ProtocolEngineI engine)
			throws SAMLEngineException {
		//Do nothing, because metadata signature is already validated during 
		//metadata provider initialization 

		//TODO: maybe signature validation is needed on every request
		
	}

	/* (non-Javadoc)
	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, java.security.KeyStore)
	 */
	@Deprecated
	public void checkValidMetadataSignature(String url, KeyStore trustStore)
			throws SAMLEngineException {
		//Do nothing, because metadata signature is already validated during 
		//metadata provider initialization 
		
	}

	@Deprecated
    protected <T extends RoleDescriptor> T getFirstRoleDescriptor(EntityDescriptor entityDescriptor, final Class<T> clazz){
        for(RoleDescriptor rd:entityDescriptor.getRoleDescriptors()){
            if(clazz.isInstance(rd)){
                return (T)rd;
            }
        }
        return null;
    }



}