package at.gv.egovernment.moa.spss.server.iaik.xmlsign;

import java.util.List;
import java.util.Set;

import iaik.server.modules.algorithms.SignatureAlgorithms;
import iaik.server.modules.keys.AlgorithmUnavailableException;
import iaik.server.modules.keys.KeyEntryID;
import iaik.server.modules.keys.KeyModule;
import iaik.server.modules.keys.KeyModuleFactory;
import iaik.server.modules.keys.UnknownKeyException;
import iaik.server.modules.xml.Canonicalization;
import iaik.server.modules.xmlsign.XMLSignatureCreationProfile;
import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation;

import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moa.spss.server.util.IdGenerator;

/**
 * An object providing auxiliary information for creating an XML signature.
 * 
 * @author Patrick Peck
 * @version $Id$
 */
public class XMLSignatureCreationProfileImpl
  implements XMLSignatureCreationProfile {

  /** The transformations to apply to a data object. */
  private List dataObjectTreatmentList;
  /** The set of keys available to the signing process. */
  private Set keySet;
  /** The type URI of the signature manifest. */
  private String securityLayerManifestTypeURI;
  /** Whether the created signature is to be Security Layer conform. */ 
  private boolean securityLayerConform;
  /** Where to insert the signature into the signature environment. */
  private XMLSignatureInsertionLocation signatureInsertionLocation;
  /** The signature structur type. */
  private String signatureStructureType;
  /** The type of <code>Canonicalization</code> to use for the signed info. */
  private Canonicalization signedInfoCanonicalization;
  /** Properties to be signed during signature creation. */ 
  private List signedProperties;
  /** The ID generator for signature IDs. */
  private IdGenerator signatureIDGenerator;
  /** The ID generator for manifst IDs. */
  private IdGenerator manifestIDGenerator;
  /** The ID generator for XMLDsig manifest IDs. */
  private IdGenerator dsigManifestIDGenerator;
  /** The ID generator for signed property IDs. */
  private IdGenerator propertyIDGenerator;

  /**
   * Create a new <code>XMLSignatureCreationProfileImpl</code>.
   * 
   * @param createProfileCount Provides external information about the 
   * number of calls to the signature creation module, using the same request.
   * @param reservedIDs The set of IDs that must not be used while generating
   * new IDs.
   */
  public XMLSignatureCreationProfileImpl(
    int createProfileCount,
    Set reservedIDs) {
    signatureIDGenerator =
      new IdGenerator("signature-" + createProfileCount, reservedIDs);
    manifestIDGenerator =
      new IdGenerator("manifest-" + createProfileCount, reservedIDs);
    dsigManifestIDGenerator =
      new IdGenerator("dsig-manifest-" + createProfileCount, reservedIDs);
    propertyIDGenerator =
      new IdGenerator("etsi-signed-" + createProfileCount, reservedIDs);
  }

  /**
   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getDataObjectTreatmentList()
   */
  public List getDataObjectTreatmentList() {
    return dataObjectTreatmentList;
  }

  /**
   * Sets the list of <code>DataObjectTreatment</code>s.
   * 
   * @param dataObjectTreatmentList The <code>DataObjectTreatment</code>s to
   * set.
   */
  public void setDataObjectTreatmentList(List dataObjectTreatmentList) {
    this.dataObjectTreatmentList = dataObjectTreatmentList;
  }

  /**
   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet()
   */
  public Set getKeySet() {
    return keySet;
  }

  /**
   * Set the set of <code>KeyEntryID</code>s which may be used for signature
   * creation.
   * 
   * @param keySet The set of <code>KeyEntryID</code>s to set.
   */
  public void setKeySet(Set keySet) {
    this.keySet = keySet;
  }

  /**
   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSecurityLayerManifestTypeURI()
   */
  public String getSecurityLayerManifestTypeURI() {
    return securityLayerManifestTypeURI;
  }

  /**
   * Set the SecurityLayerManifestTypeURI.
   * 
   * @param securityLayerManifestTypeURI The SecurityLayerManifestTypeURI to
   * set.
   */
  public void setSecurityLayerManifestTypeURI(String securityLayerManifestTypeURI) {
    this.securityLayerManifestTypeURI = securityLayerManifestTypeURI;
  }

  /**
   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID)
   */
  public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
    throws AlgorithmUnavailableException {

    TransactionContext context =
      TransactionContextManager.getInstance().getTransactionContext();
    TransactionId tid = new TransactionId(context.getTransactionID());
    KeyModule module = KeyModuleFactory.getInstance(tid);
    Set algorithms;

    try {
      algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID);
    } catch (UnknownKeyException e) {
      throw new AlgorithmUnavailableException(
        "Unknown key entry: " + selectedKeyID,
        e,
        null);
    }

    if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)
      || algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA)
      || algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA)
      || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA)
      || algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)
      || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {

      return SignatureAlgorithms.SHA1_WITH_RSA;
    } else if (
      algorithms.contains(SignatureAlgorithms.ECDSA_X962_C2TNB191V1)) {
      return SignatureAlgorithms.ECDSA_X962_C2TNB191V1;
    } else if (
      algorithms.contains(SignatureAlgorithms.DSA)) {
      return SignatureAlgorithms.DSA; 
    } else {
      throw new AlgorithmUnavailableException(
        "No algorithm for key entry: " + selectedKeyID,
        null,
        null);
    }
  }

  /**
   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureInsertionLocation()
   */
  public XMLSignatureInsertionLocation getSignatureInsertionLocation() {
    return signatureInsertionLocation;
  }

  /**
   * Set the location where the signature is to be inserted into the signature
   * parent.
   * 
   * @param signatureInsertionLocation The location to set.
   */
  public void setSignatureInsertionLocation(XMLSignatureInsertionLocation signatureInsertionLocation) {
    this.signatureInsertionLocation = signatureInsertionLocation;
  }

  /**
   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureStructureType()
   */
  public String getSignatureStructureType() {
    return signatureStructureType;
  }

  /**
   * Set the signature structure type.
   * @param signatureStructureType The signature structure type to set.
   */
  public void setSignatureStructureType(String signatureStructureType) {
    this.signatureStructureType = signatureStructureType;
  }

  /**
   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedInfoCanonicalization()
   */
  public Canonicalization getSignedInfoCanonicalization() {
    return signedInfoCanonicalization;
  }

  /**
   * Sets the canonicalization method to use for the SignedInfo object.
   * 
   * @param signedInfoCanonicalization The canonicalization method to set.
   */
  public void setSignedInfoCanonicalization(Canonicalization signedInfoCanonicalization) {
    this.signedInfoCanonicalization = signedInfoCanonicalization;
  }

  /**
   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
   */
  public List getSignedProperties() {
    return signedProperties;
  }

  /**
   * Set the signed properties.
   * 
   * @param signedProperties The signed properties to set.
   */
  public void setSignedProperties(List signedProperties) {
    this.signedProperties = signedProperties;
  }

  /**
   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
   */
  public boolean isSecurityLayerConform() {
    return securityLayerConform;
  }

  /**
   * Sets the security layer conformity.
   * 
   * @param securityLayerConform <code>true</code>, if the created signature
   * is to be conform to the Security Layer specification.
   */
  public void setSecurityLayerConform(boolean securityLayerConform) {
    this.securityLayerConform = securityLayerConform;
  }

  /**
   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureID()
   */
  public String getSignatureID() {
    return signatureIDGenerator.uniqueId();
  }

  /**
   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSecurityLayerManifestID()
   */
  public String getSecurityLayerManifestID() {
    return manifestIDGenerator.uniqueId();
  }

  /**
   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getDsigManifestID()
   */
  public String getDsigManifestID() {
    return dsigManifestIDGenerator.uniqueId();
  }

  /**
   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedPropertiesID()
   */
  public String getSignedPropertiesID() {
    return propertyIDGenerator.uniqueId();
  }

}