/*
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */
package at.gv.egovernment.moa.id.auth.modules.eidas.utils;

import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;

import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLConfigurator;

import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egiz.eid4u.api.attributes.Definitions;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner;
import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAEidasProtocolProcesser;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.AttributeRegistries;
import eu.eidas.auth.commons.attribute.AttributeRegistry;
import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.auth.engine.SamlEngineSystemClock;
import eu.eidas.auth.engine.metadata.MetadataFetcherI;
import eu.eidas.auth.engine.metadata.MetadataSignerI;
import eu.eidas.auth.engine.xml.opensaml.SAMLBootstrap;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
import eu.eidas.samlengineconfig.CertificateConfigurationManager;

/**
 * @author tlenz
 *
 */
public class SAMLEngineUtils {

	private static ProtocolEngineI eIDASEngine = null;
	private static MetadataSignerI metadataSigner = null;
	private static MetadataFetcherI metadataFetcher = null;	
	private static Map<String, AttributeDefinition<?>> allSupportedAttributeMap = 
			new HashMap<String, AttributeDefinition<?>>();
	
	public static synchronized ProtocolEngineI createSAMLEngine(MOAeIDASChainingMetadataProvider moaeIDASMetadataProvider) throws EIDASEngineException{
		
		if (eIDASEngine == null) {
			try {
			
				//get eIDAS SAMLengine configuration from MOA-ID configuration
				CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
								
				//set metadata management to eIDAS SAMLengine				
				metadataFetcher = new MOAeIDASMetadataProviderDecorator(moaeIDASMetadataProvider);
								
				//set metadata signer	
				metadataSigner = new MOAExtendedSWSigner(configManager);
				
				//load additional eIDAS attribute definitions
				String additionalAttributeConfigFile = 
						AuthConfigurationProviderFactory.getInstance().getBasicConfiguration(
								Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ATTIONAL_ATTRIBUTE_DEFINITIONS);
				AttributeRegistry addAttrDefinitions = AttributeRegistries.empty();				
				if (MiscUtil.isNotEmpty(additionalAttributeConfigFile)) {
					URL addAttrConfigUrl = new URL(FileUtils.makeAbsoluteURL(
							additionalAttributeConfigFile,
							AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir()));					
					addAttrDefinitions = AttributeRegistries.fromFile(addAttrConfigUrl.getPath(), null);
					
				}
								
				//build eIDAS SAML eninge
				ProtocolEngineI engine = MOAProtocolEngineFactory.ownCreateProtocolEngine(
						Constants.eIDAS_SAML_ENGINE_NAME, 
						configManager, 
						new MOAEidasProtocolProcesser(metadataFetcher, metadataSigner, addAttrDefinitions), 
						new SamlEngineSystemClock());
				
				//build a map with all actually supported attributes
				for (AttributeDefinition<?> el : engine.getProtocolProcessor().getAllSupportedAttributes())
					allSupportedAttributeMap.put(el.getFriendlyName(), el);

				//TODO: check if bug is fixed in next eIDAS SAML-engine version
				//overwrite eIDAS response validator suite because Condition-Valitator has not time jitter
				initOpenSAMLConfig("own-saml-eidasnode-config.xml");
				
				//add eIDAS specific SAML2 extensions to eIDAS Schema validatior
				SAMLSchemaBuilder.addExtensionSchema(
						at.gv.egovernment.moa.util.Constants.SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION);
				
				//add eID4U schemes
				SAMLSchemaBuilder.addExtensionSchema(
						Definitions.SAML2_eID4U_CORE_EXTENSIONS_SCHEMA_LOCATION);				
				SAMLSchemaBuilder.addExtensionSchema(
						Definitions.SAML2_eID4U_PERSON_EXTENSIONS_SCHEMA_LOCATION);
				SAMLSchemaBuilder.addExtensionSchema(
						Definitions.SAML2_eID4U_STUDIES_EXTENSIONS_SCHEMA_LOCATION);				
				SAMLSchemaBuilder.addExtensionSchema(
						Definitions.SAML2_eID4U_EXT_EUROPASS3_EXTENSIONS_SCHEMA_LOCATION);
				
				eIDASEngine = engine;
				
			} catch (EIDASSAMLEngineException | ConfigurationException e) {
				Logger.error("eIDAS SAMLengine initialization FAILED!", e);
				throw new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e);
				
			} catch (at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException e) {				
				Logger.error("eIDAS SAMLengine initialization FAILED!", e);
				throw new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e);
				
			} catch (MalformedURLException e) {
				Logger.error("eIDAS SAMLengine initialization FAILED!", e);
				throw new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e);
				
			}
		}
		
		return eIDASEngine;
	}

	/**
	 * Get a map of all eIDAS attributes, which are actually supported by eIDAS engine
	 * 
	 * @return Map<Attr. FriendlyName, AttributeDefinition>
	 */
	public static Map<String, AttributeDefinition<?>> getMapOfAllAvailableAttributes() {
		return allSupportedAttributeMap;
		
	}
		
	/**
	 * @return the metadataSigner
	 */
	public static MetadataSignerI getMetadataSigner() {
		if (eIDASEngine != null)
			return metadataSigner;
		
		else {
			Logger.error("eIDAS SAMLEngine is not initialized.");
			return null;
			
		}
	}

	/**
	 * @return the metadataFetcher
	 */
	public static MetadataFetcherI getMetadataFetcher() {
		if (eIDASEngine != null)
			return metadataFetcher;
		
		else {
			Logger.error("eIDAS SAMLEngine is not initialized.");
			return null;
			
		}
	}
	
	 private static void initOpenSAMLConfig(String xmlConfig) throws ConfigurationException {
	        XMLConfigurator configurator = new XMLConfigurator();
	        InputStream is = SAMLBootstrap.class.getClassLoader().getResourceAsStream(xmlConfig);
	        configurator.load(is);
	        
	    }
	
	
}