package at.gv.egovernment.moa.spss.server.tools;

import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintStream;
import java.security.cert.CertificateException;

import iaik.asn1.structures.Name;
import iaik.pki.store.certstore.CertStoreException;
import iaik.pki.store.certstore.CertStoreTypes;
import iaik.pki.store.certstore.directory.DirectoryCertStore;
import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
import iaik.pki.store.certstore.directory.DirectoryStoreException;
import iaik.security.ecc.provider.ECCProvider;
import iaik.security.provider.IAIK;
import iaik.utils.RFC2253NameParserException;
import iaik.x509.X509Certificate;

/**
 * A tool to support X509 certificate handling for configuring the MOA SP/SS 
 * service.
 * 
 * This class provides functions for:
 * <ul>
 * <li>printing certificate information</li>
 * <li>adding certificates to the cert store</li>
 * </ul> 
 * 
 * @author Patrick Peck
 * @version $Id$
 */
public class CertTool {

  /** Error message if the DN cannot be parsed according to RFC2253. */
  private static final String ILLEGAL_RFC2253_NAME =
    "Kein gültiger RFC2253-Name";

  /**
   * Main entry point of the tool.
   * 
   * @param args The command line arguments. A single argument is expected,
   * which is the file name of the X509 certificate to inspect.
   */
  public static void main(String args[]) {
    CertTool certTool = new CertTool();

    if (args.length == 2 && "-info".equals(args[0])) {
      initProviders();
      certTool.printCertInfo(args[1], System.out);
    } else if (args.length == 3 && "-add".equals(args[0])) {
      initProviders();
      certTool.addCertToCertStore(args[1], args[2]);
    } else {
      certTool.printUsage(System.err);
    }
  }
  
  /**
   * Init the JCE providers, depending on the JDK used.
   * 
   * Adds the IAIK JCE and IAIK ECC providers.
   */
  private static void initProviders() {
    if (System.getProperty("java.version").startsWith("1.3")) {
      IAIK.addAsProvider();
    } else {
      IAIK.addAsJDK14Provider();
    }
    ECCProvider.addAsProvider();
  }

  /**
   * Print the information about the certificate.
   * 
   * This method will output information about the Subject DN, the Issuer DN and
   * the serial number of the certificate.
   * 
   * @param certFile The name of the certificate file to inspect.
   * @param out The stream to print the information to.
   */
  public void printCertInfo(String certFile, PrintStream out) {
    try {
      InputStream is = new BufferedInputStream(new FileInputStream(certFile));
      X509Certificate cert = new X509Certificate(is);
      String issuerDN;
      String serial;
      String subjectDN;

      try {
        subjectDN = ((Name) (cert.getSubjectDN())).getRFC2253String();
      } catch (RFC2253NameParserException e) {
        subjectDN = ILLEGAL_RFC2253_NAME;
      }

      try {
        issuerDN = ((Name) (cert.getIssuerDN())).getRFC2253String();
      } catch (RFC2253NameParserException e) {
        issuerDN = ILLEGAL_RFC2253_NAME;
      }

      serial = cert.getSerialNumber().toString();

      out.println("SubjectDN (RFC2253): " + subjectDN);
      out.println("IssuerDN (RFC2253) : " + issuerDN);
      out.println("Serial Number      : " + serial);
    } catch (FileNotFoundException e) {
      System.err.println("Zertifikat nicht gefunden: " + certFile);
    } catch (IOException e) {
      System.err.println(
        "I/O Fehler beim Lesen des Zertifikats: " + e.getMessage());
    } catch (CertificateException e) {
      System.err.println(
        "Fehler beim Lesen des Zertifikats: " + e.getMessage());
    } catch (Throwable t) {
      System.err.println("Allgemeiner Fehler: " + t.getMessage());
    }
  }

  /**
   * Add a certificate to a directory certificate store.
   * 
   * @param certFile The certificate to add.
   * @param certStoreRoot The root directory of the certificate store.
   */
  public void addCertToCertStore(String certFile, String certStoreRoot) {
    try {
      // read the certificate
      InputStream is = new BufferedInputStream(new FileInputStream(certFile));
      X509Certificate cert = new X509Certificate(is);

      // initialize the DirectoryCertStore
      DirectoryCertStore certStore =
        new DirectoryCertStore(
          new SimpleDirectoryCertStoreParameters(certStoreRoot),
          null);
      
      certStore.storeCertificate(cert, null);
      
      System.out.println("\nDas Zertifikat wurde erfolreich hinzugefügt.\n");

    } catch (FileNotFoundException e) {
      System.err.println("Zertifikat nicht gefunden: " + certFile);
    } catch (IOException e) {
      System.err.println(
        "I/O Fehler beim Lesen des Zertifikats: " + e.getMessage());
    } catch (CertificateException e) {
      System.err.println(
        "Fehler beim Lesen des Zertifikats: " + e.getMessage());
    } catch (DirectoryStoreException e) {
      System.err.println(
        "Fehler beim Öffnen des Zertifikatsspeichers: " + e.getMessage());
    } catch (CertStoreException e) {
      System.err.println(
        "Fehler beim Hinzufügen des Zertifikats: " + e.getMessage());
    } catch (Throwable t) {
      System.err.println("Allgemeiner Fehler: " + t.getMessage());
      t.printStackTrace();
    }
  }

  /**
   * Print tool usage.
   * 
   * @param out The <code>PrintStream</code> to print to.
   */
  private void printUsage(PrintStream out) {
    out.println("\nCerttool-Syntax:\n");
    out.println("-info <X509 Zertifikatsdatei");
    out.println();
    out.println("-add  <X509 Zertifikatsdatei> <Zertifikatsspeicher>");
    out.println("\n");
  }

}

/**
 * Simple implementation of the <code>DirectoryCertStoreParameters</code>
 * interface intelligent enough for setting up a simple
 * <code>DirectoryCertStore</code> in the <code>CertTool</code>.
 * 
 * @author Patrick Peck
 * @version $Id$
 */
class SimpleDirectoryCertStoreParameters
  implements DirectoryCertStoreParameters {

  /** The cert store root directory. */
  private String rootDirectory;

  /**
   * Create a new <code>SimpleDirectoryCertStoreParameters</code> object.
   * 
   * @param rootDirectory The root directory of the cert store.
   */
  public SimpleDirectoryCertStoreParameters(String rootDirectory) {
    this.rootDirectory = rootDirectory;
  }

  /**
   * @return <code>&quot;MOA Directory CertStore&quot;</code>
   * @see iaik.pki.store.certstore.CertStoreParameters#getId()
   */
  public String getId() {
    return "MOA Directory CertStore";
  }

  /**
   * @return CertStoreTypes.DIRECTORY
   * @see iaik.pki.store.certstore.CertStoreParameters#getType()
   */  
  public String getType() {
    return CertStoreTypes.DIRECTORY;
  }

  /**
   * @return <code>false</code>
   * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
   */
  public boolean isReadOnly() {
    return false;
  }

  /**
   * @return <code>false</code>
   * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
   */
  public boolean createNew() {
    return false;
  }

  /**
   * @return The root directory given at construction time.
   * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
   */
  public String getRootDirectory() {
    return rootDirectory;
  }

}