package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;

import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.Base64;

import javax.net.ssl.SSLSocketFactory;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.http.Header;
import org.apache.http.HttpHeaders;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.CloseableHttpClient;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;

import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eid4u.api.attributes.Definitions;
import at.gv.egiz.eid4u.api.attributes.natural.IdType;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eID4UAPException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.util.CookieUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;

@Component("ReceiveConsentForAddtionalAttributesTask")
public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServletTask {

	@Autowired private AuthConfiguration moaAuthConfig;
	
	@Override
	public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp)
			throws TaskExecutionException {
		try{
			if (pendingReq instanceof EIDASData) {
				EIDASData eidasReq = (EIDASData) pendingReq;
			
				//delete eID4U http Cookie with pendingRequestId 
				CookieUtils.deleteCookie(httpReq, httpResp, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME);
				
				String authCode = httpReq.getParameter(OAuth20Constants.RESPONSE_CODE);	
				if (MiscUtil.isEmpty(authCode)) {
					Logger.info("Find NO OAuth2 authCode as http parameter 'code'. eID4U AP process stopping ... ");
					throw new eID4UAPException("NO OAuth2 'authCode' to access AP", null);
					
				}				
				Logger.trace("Find OAuth2 'code' with: " + authCode);
					
				/*
				 * access backend service with authCode
				 * 
				 */
				String tokenServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL);
				String tokenServiceUsername = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME);
				String tokenServicePassword = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD);
				
				if (MiscUtil.isEmpty(tokenServiceURL)) {
					Logger.info("NO TokenService URL in configuration for eID4U AP. ");
					throw new eID4UAPException("NO TokenService URL in configuration for eID4U AP.", null);
					
				}
					
				//open http client
				SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
						moaAuthConfig,
						tokenServiceURL);
				CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient(
						sslFactory,
						authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
								
				//build request URL
				URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL);
				uriBuilderToken.addParameter(OAuth20Constants.PARAM_GRANT_TYPE, 
						authConfig.getBasicConfiguration(
								eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE, 
								OAuth20Constants.PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE));
				uriBuilderToken.addParameter(OAuth20Constants.RESPONSE_CODE, authCode);
				Logger.trace("Full eID4U Token-Service request URL: " + uriBuilderToken.build());
				
				HttpGet httpGetToken = new HttpGet(uriBuilderToken.build());
				
				HttpClientContext localContext = HttpClientContext.create();
				if (MiscUtil.isNotEmpty(tokenServiceUsername)) {										
					Logger.debug("Find AuthCredentials for eID4U AP. Injecting credentials ... ");

					//Raw work-around, because API solution does not work well
					String auth = tokenServiceUsername.trim() + ":" + tokenServicePassword.trim();
					byte[] encodedAuth = Base64.getEncoder().encode(auth.getBytes(StandardCharsets.ISO_8859_1));
					String authHeader = "Basic " + new String(encodedAuth);
					httpGetToken.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
					
					//API solutuion
//					HttpHost targetHost = new HttpHost(uriBuilderToken.build().toString());					
//					AuthCache authCache = new BasicAuthCache();
//					authCache.put(targetHost, new BasicScheme());
//					
//					CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
//					credentialsProvider.setCredentials(AuthScope.ANY, 
//							new UsernamePasswordCredentials(tokenServiceUsername.trim(), tokenServicePassword.trim()));					
//					localContext.setCredentialsProvider(credentialsProvider);
//					localContext.setAuthCache(authCache);
					
				}
				
				//request tokenService
				HttpResponse httpResultToken = httpClient.execute(httpGetToken, localContext);

				Logger.trace("Receive http StatusCode: " + httpResultToken.getStatusLine().getStatusCode() 
						+ " from eID4U AP TokenService");								
								
				if (Logger.isTraceEnabled()) {
					for (Header el : httpResultToken.getAllHeaders())
						Logger.trace("Headername:" + el.getName() + " Value:" + el.getValue());
				}

				if (httpResultToken.getStatusLine().getStatusCode() != 200) {
					Logger.info("eID4U AP TokenService anwser with StatusCode:" + httpResultToken.getStatusLine().getStatusCode()
							+ " eID4U AP process stopping ... ");
					throw new eID4UAPException("eID4U AP TokenService return statusCode: " + httpResultToken.getStatusLine().getStatusCode(), null);
					
				}
				
				//parse AccessToken from TokenService response
				JsonElement fullToken = new JsonParser().parse(
						new InputStreamReader(httpResultToken.getEntity().getContent()));
				Logger.trace("FullToken: " + fullToken.toString());
				String accessToken = fullToken.getAsJsonObject().get(OAuth20Constants.RESPONSE_ACCESS_TOKEN).getAsString();
				
								
				//call Attribute Provider to receice eID4U attributes from TUG
				String attrProviderServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_DATASERVICE_URL);				
				if (MiscUtil.isEmpty(attrProviderServiceURL)) {
					Logger.info("NO Attr.Provider Service URL in configuration for eID4U AP. ");
					throw new eID4UAPException("NO Attr.Provider URL in configuration for eID4U AP.", null);
					
				}
				
				
				URIBuilder uriBuilderAttrProv = new URIBuilder(attrProviderServiceURL);
				HttpGet httpGetData = new HttpGet(uriBuilderAttrProv.build());
				
				//encode and add token as header
				String authHeader = "Bearer " + accessToken;
				httpGetData.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
				
				//get and add bPK as header
				httpGetData.setHeader(
						"X-PVP-BPK", 
						pendingReq.getRawData(eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, String.class));
				
				//request Attribute Provider
				HttpResponse httpResultData = httpClient.execute(httpGetData);

				//parse response
				Logger.trace("Receive http StatusCode: " + httpResultData.getStatusLine().getStatusCode() 
						+ " from eID4U Attr.Provider Service");								
								
				if (Logger.isTraceEnabled()) {
					for (Header el : httpResultData.getAllHeaders())
						Logger.trace("Headername:" + el.getName() + " Value:" + el.getValue());
				}

				if (httpResultData.getStatusLine().getStatusCode() != 200) {
					Logger.info("eID4U Attr.Provider Service anwser with StatusCode:" + httpResultData.getStatusLine().getStatusCode()
							+ " eID4U AP process stopping ... ");
					throw new eID4UAPException("eID4U Attr.Provider Service return statusCode: " + httpResultData.getStatusLine().getStatusCode(), null);
					
				}
				
				
				//parse eID4U attributes from Attr.Provider service response
				JsonElement fullAttrSet = new JsonParser().parse(
						new InputStreamReader(httpResultData.getEntity().getContent()));
				Logger.trace("FullAttrSet: " + fullAttrSet.toString());
				
				
				//TODO: implement collection process
				populateEid4uDummyAttributes(fullAttrSet.getAsJsonObject());
					
								
			} else
				Logger.debug("No eIDAS Request found. Skip eID4U attribute collection");
			
		} catch (Exception e) {
			Logger.error("IdentityLink generation for foreign person FAILED.", e);
			throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
			
		}
		
	}

	private void populateEid4uDummyAttributes(JsonObject jsonObject) {
		try {
			eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress.Builder dummyAddr = PostalAddress.builder();
			dummyAddr.postCode("8020");
			dummyAddr.postName("Graz");
			dummyAddr.addressId("25");
			dummyAddr.cvAddressArea("Mustergasse");
			dummyAddr.locatorDesignator("25");
			dummyAddr.thoroughfare("Mustergasse"); 

			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
			session.setGenericDataToSession(Definitions.IDTYPE_NAME, IdType.PASSPORT);
			session.setGenericDataToSession(Definitions.IDNUMBER_NAME, "P0571414");
//			session.setGenericDataToSession(Definitions.IDISSUER_NAME, "Magistrat Nirgendwo");
//			session.setGenericDataToSession(Definitions.IDEXPIREDATE_NAME, "2020-01-01");
//			//session.setGenericDataToSession(Definitions.EHICID_NAME, "80010000012345678990");
//			session.setGenericDataToSession(Definitions.NATIONALITY_NAME, "AT");
//			session.setGenericDataToSession(Definitions.CITIZENSHIP_FRIENDLYNAME, "AT");
//			session.setGenericDataToSession(Definitions.MARITALSTATE_NAME, MaritalState.SINGLE);
//			session.setGenericDataToSession(Definitions.COUNTRYOFBIRTH_NAME, "AT");
			session.setGenericDataToSession(Definitions.EMAIL_NAME, jsonObject.get("email").getAsString());
//			session.setGenericDataToSession(Definitions.PHONE_NAME, "+43666111222444");
//			session.setGenericDataToSession(Definitions.TEMPORARYADDRESS_NAME, dummyAddr.build());
			//session.setGenericDataToSession(Definitions.TAXIDENTIFICATIONNUMBER_NAME, "AT/1213454654718");
//			session.setGenericDataToSession(Definitions.HOMEINSTITUTIONNAME_NAME, "Graz Technical University");
//			session.setGenericDataToSession(Definitions.HOMEINSTITUTIONIDENTIFIER_NAME, "A GRAZ02");
//			session.setGenericDataToSession(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, "AT");
//			session.setGenericDataToSession(Definitions.HOMEINSTITUTIONADDRESS_NAME, dummyAddr.build());
//			session.setGenericDataToSession(Definitions.CURRENTLEVELOFSTUDY_NAME, "7");
//			session.setGenericDataToSession(Definitions.FIELDOFSTUDY_NAME, "52");
			//session.setGenericDataToSession(Definitions.CURRENTDEGREE_NAME, "MsC");
//			session.setGenericDataToSession(Definitions.DEGREE_NAME, "6");
//			session.setGenericDataToSession(Definitions.DEGREEAWARDINGINSTITUTION_NAME, "Graz Technical University");
//			session.setGenericDataToSession(Definitions.GRADUATIONYEAR_NAME, "2016");
//			session.setGenericDataToSession(Definitions.DEGREECOUNTRY_NAME, "AT");
			
			//TODO: not all attributes are populated with dummy values
			
		} catch (EAAFStorageException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		
	}

}