/*
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */
package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;

import java.security.MessageDigest;

import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.data.Trible;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;

/**
 * @author tlenz
 *
 */
@eIDASMetadata
public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNaturalPersonBPKAttributeBuilder implements IeIDASAttribute{

	/* (non-Javadoc)
	 * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#getName()
	 */
	@Override
	public String getName() {
		return eu.eidas.auth.engine.core.eidas.spec.RepresentativeNaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri().toString();		
	}

	/* (non-Javadoc)
	 * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator)
	 */
	@Override
	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
			throws AttributeBuilderException {	
		
		try {
			Pair<String, String> calcResult = getBpkForSp(oaParam, authData);
			if (calcResult != null) {
				String personalID = calcResult.getFirst();
				String type = calcResult.getSecond();
				
				//generate eIDAS conform 'PersonalIdentifier' attribute
				if (!eIDASAttributeProcessingUtils.validateEidasPersonalIdentifier(personalID)) {
					Logger.debug("preCalculated PersonalIdentifier does not include eIDAS conform prefixes ... add prefix now");
					if (MiscUtil.isEmpty(type)
							|| !type.startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) {
						Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType());
						throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation");
						
					} 
					
					String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1);
					personalID = prefix.replaceAll("\\+", "/") + "/" + personalID;
												
				}
				
				//generate a transient unique identifier if it is requested
				Boolean isTransiendIDRequested = 
						authData.getGenericData(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, Boolean.class);
				if (isTransiendIDRequested != null && isTransiendIDRequested)
					personalID = generateTransientNameID(personalID);
										
				return g.buildStringAttribute(null, getName(), personalID);
				
			}

		} catch (Exception e) {
			Logger.info("Can not generate eIDAS attr: " + getName() + ". Reason:" + e.getMessage());
			
		}
		
		return null;
									
	}

	/* (non-Javadoc)
	 * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#buildEmpty(at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator)
	 */
	@Override
	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
		return null;
	}

	private String generateTransientNameID(String nameID) {
		//extract source-country and destination country from persistent identifier 
		Trible<String, String, String> split = eIDASAttributeProcessingUtils.parseEidasPersonalIdentifier(nameID);
		if (split == null) {
			Logger.error("eIDAS 'PersonalIdentifier' has a wrong format. There had to be a ERROR in implementation!!!!");
			throw new IllegalStateException("eIDAS 'PersonalIdentifier' has a wrong format. There had to be a ERROR in implementation!!!!");
			
		} 
		
		//build correct formated transient identifier
		String random = Random.nextLongRandom();		
		try {
			MessageDigest md = MessageDigest.getInstance("SHA-1");
			byte[] hash = md.digest((split.getThird() + random).getBytes("ISO-8859-1"));			
			return split.getFirst() + "/" + split.getSecond() + "/" + Base64Utils.encode(hash);
			
		} catch (Exception e) {
			Logger.error("Can not generate transient personal identifier!", e);
			return null;
			
		}
		
	}
}