package eu.stork.peps.auth.engine.core.validator;

import org.opensaml.saml2.core.Response;
import org.opensaml.xml.validation.ValidationException;
import org.opensaml.xml.validation.Validator;

public class MultipleAssertionResponseValidator implements Validator<Response> {

	/**
	 * Validate action.
	 * 
	 * @param response
	 *            the response to validate
	 * 
	 * @throws ValidationException
	 *             the validation exception
	 */
	public final void validate(final Response response) throws ValidationException {
		validateAssertion(response);
		validateConsent(response);
		validateDestination(response);
		validateTime(response);
		validateId(response);
	}

	/**
	 * Validate assertion.
	 * 
	 * @param response
	 *            the attribute query
	 * 
	 * @throws ValidationException
	 *             the validation exception
	 */
	protected final void validateAssertion(final Response response) throws ValidationException {
		if (response.getAssertions() == null || response.getAssertions().size() < 2) {
			throw new ValidationException("Multiple assertions must be specified.");
		}
	}

	/**
	 * Validate the Consent
	 * 
	 * @param response
	 *            the response to validate
	 * @throws ValidationException
	 *             the validation exception
	 */
	protected void validateConsent(Response response) throws ValidationException {
		if (response.getConsent() == null)
			throw new ValidationException("Consent is required");
	}

	/**
	 * Validate the destination
	 * 
	 * @param response
	 *            the response to validate
	 * @throws ValidationException
	 *             the validation exception
	 */
	protected void validateDestination(Response response) throws ValidationException {
		if (response.getDestination() == null)
			throw new ValidationException("Destination is required");
	}

	/**
	 * Validate issue times
	 * 
	 * @param response
	 *            the response to validate
	 * @throws ValidationException
	 *             the validation exception
	 */
	protected void validateTime(Response response) throws ValidationException {		
        if (response.getIssueInstant().minusMinutes(5).isAfterNow())
            throw new ValidationException("Issue time is in the futue");
    }
	
	/**
	 * Validate ids
	 * 
	 * @param response
	 *            the response to validate
	 * @throws ValidationException
	 *             the validation exception
	 */
	protected void validateId(Response response) throws ValidationException {
		if (response.getID() == null || response.getInResponseTo() == null)
			throw new ValidationException("Id and response id is required");
	}

}