/*******************************************************************************
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.protocol;

import javax.servlet.http.HttpServletRequest;

import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;

import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
import at.gv.egovernment.moa.logging.Logger;

@Component("OAuth20AuthRequest")
@Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
public class OAuth20AuthRequest extends OAuth20BaseRequest {
	
	/**
	 * @param req
	 * @throws ConfigurationException
	 */
	public OAuth20AuthRequest()  {
		super();
				
		//AuthnRequest needs authentication
		this.setNeedAuthentication(true);

		//set protocol action, which should be executed after authentication
		this.setAction(OAuth20AuthAction.class.getName());
	}

	private static final long serialVersionUID = 1L;
	
	private String responseType;
	private String state;
	private String redirectUri;
	private String scope;
	private String clientID;
	private String nonce;
	
	/**
	 * @return the responseType
	 */
	public String getResponseType() {
		return responseType;
	}
	
	/**
	 * @param responseType
	 *            the responseType to set
	 */
	public void setResponseType(String responseType) {
		this.responseType = responseType;
	}
	
	/**
	 * @return the state
	 */
	public String getState() {
		return state;
	}
	
	/**
	 * @param state
	 *            the state to set
	 */
	public void setState(String state) {
		this.state = state; 
	}
	
	/**
	 * @return the redirectUri
	 */
	public String getRedirectUri() {
		return redirectUri;
	}
	
	/**
	 * @param redirectUri
	 *            the redirectUri to set
	 */
	public void setRedirectUri(String redirectUri) {
		this.redirectUri = redirectUri;
	}
	
	/**
	 * @return the scope
	 */
	public String getScope() {
		return scope;
	}
	
	/**
	 * @param scope
	 *            the scope to set
	 */
	public void setScope(String scope) {
		this.scope = scope;
	}
	
	/**
	 * @return the clientID
	 */
	public String getClientID() {
		return clientID;
	}
	
	/**
	 * @param clientID
	 *            the clientID to set
	 */
	public void setClientID(String clientID) {
		this.clientID = clientID;
	}
	
	
	
	/**
	 * @return the nonce
	 */
	public String getNonce() {
		return nonce;
	}

	/**
	 * @param nonce the nonce to set
	 */
	public void setNonce(String nonce) {
		this.nonce = nonce;
	}

	@Override
	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
		this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true));
		this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true));
		this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true));
		this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
		this.setScope(this.getParam(request, OAuth20Constants.PARAM_SCOPE, false));
		this.setNonce(this.getParam(request, OAuth20Constants.PARAM_NONCE, false));
		
		// check for response type
		if (!this.responseType.equals(OAuth20Constants.RESPONSE_CODE)) {
			throw new OAuth20ResponseTypeException();
		}
		
		// check state for invalid characters (like < > & ; ... javascript ... to prevent xss)
		if (!OAuth20Util.isValidStateValue(this.getState())) {
			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_STATE);
		}
		
		// check if client id and redirect uri are ok
		try {
			// OAOAUTH20 cannot be null at this point. check was done in base request
			ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
			
			
			if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
					|| !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
				throw new OAuth20AccessDeniedException();
			}
			
			this.setOnlineApplicationConfiguration(oAuthConfig);
			Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
			
			
		} catch (EAAFConfigurationException e) {
			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
		}
		
	}

//	/* (non-Javadoc)
//	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
//	 */
//	@Override
//	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
//		Map<String, String> reqAttr = new HashMap<String, String>();
//		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
//			reqAttr.put(el, "");
//						
//		for (String s : scope.split(" ")) {
//			if (s.equalsIgnoreCase("profile")) {
//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
//					reqAttr.put(el.getName(), "");
//
//			} else if (s.equalsIgnoreCase("eID")) {
//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
//					reqAttr.put(el.getName(), "");
//				
//			} else if (s.equalsIgnoreCase("eID_gov")) {
//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
//					reqAttr.put(el.getName(), "");
//				
//			} else if (s.equalsIgnoreCase("mandate")) {
//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
//					reqAttr.put(el.getName(), "");
//				
//			} else if (s.equalsIgnoreCase("stork")) {
//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
//					reqAttr.put(el.getName(), "");
//				
//			}
//		}
//		
//		//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
//		return reqAttr.keySet();
//	}
}