package at.gv.egovernment.moa.spss.tsl.timer;

import iaik.pki.store.certstore.CertStoreException;
import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.truststore.TrustStoreException;
import iaik.pki.store.truststore.TrustStoreProfile;
import iaik.pki.store.utils.StoreUpdater;
import iaik.server.ConfigurationData;
import iaik.x509.X509Certificate;
import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
import iaik.xml.crypto.tsl.ex.TSLSearchException;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import java.util.TimerTask;

import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.config.TrustProfile;
import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moa.util.StringUtils;


public class TSLUpdaterTimerTask extends TimerTask {
	
	public static TSLConnector tslconnector_;

	@Override
	public void run() {
		
		try {
			update();
		} catch (TSLEngineDiedException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);

			// 		TODO wenn update nicht erfolgreich, dann soll TSL-Trustprofil nicht zur 
			// Verfügung stehen?
			
		} catch (TSLSearchException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		} catch (ConfigurationException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		} catch (MOAApplicationException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		} catch (CertStoreException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		} catch (TrustStoreException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		} catch (CertificateException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		} catch (FileNotFoundException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		} catch (IOException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		}

	}
	
	public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, FileNotFoundException, IOException {
		MessageProvider msg = MessageProvider.getInstance();
		
		//get TSl configuration
		ConfigurationProvider config = ConfigurationProvider.getInstance();
		ConfigurationData configData = new IaikConfigurator().configure(config);
		TSLConfiguration tslconfig = config.getTSLConfiguration();
		if (tslconfig != null) {
			
			Logger.info(new LogMsg(msg.getMessage("config.42", null)));
			
			// get certstore parameters
			CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters();
				
			// iterate over all truststores
			Map mapTrustProfiles = config.getTrustProfiles();
			Iterator it = mapTrustProfiles.entrySet().iterator();
			while (it.hasNext()) {
				Map.Entry pairs = (Map.Entry)it.next();
				TrustProfile tp = (TrustProfile) pairs.getValue();
				if (tp.isTSLEnabled()) {
					TrustStoreProfile tsp = new TrustStoreProfileImpl(config, tp.getId());
					TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
					trustStoreProfiles[0] = tsp;
					
					Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
		         
					TransactionId tid = new TransactionId("TSLConfigurator-" + tp.getId());
					ArrayList tsl_certs = null;
					if (StringUtils.isEmpty(tp.getCountries())) {
						Logger.debug(new LogMsg(msg.getMessage("config.44", null)));

						// get certificates from TSL from all countries
						tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
					}
					else {
						Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
						// get selected countries as array
						String countries = tp.getCountries();
						String[] array = countries.split(",");
						for (int i = 0; i < array.length; i++)
							array[i] = array[i].trim();
		                	  
						// get certificates from TSL from given countries
						tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
					}
					
					// create store updater for each TSL enabled truststore 
					Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
					StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
		            
					// convert ArrayList<File> to X509Certificate[]										
					X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
					Iterator itcert = tsl_certs.iterator();
					int i = 0;
					while(itcert.hasNext()) {
						File f = (File)itcert.next();
						X509Certificate cert = new X509Certificate(new FileInputStream(f));
						addCertificates[i] = cert;
						
						i++;
					}
					
					// get certificates to be removed
					X509Certificate[] removeCertificates = tp.getCertficatesToBeRemoved();
					
										
					//Logger.debug(new LogMsg(msg.getMessage("config.44", null)));	
					Logger.debug(new LogMsg("Remove " + removeCertificates.length + " certificates."));
					storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
					
					
					Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
					storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
		
					// set the certifcates to be removed for the next TSL update
					tp.setCertificatesToBeRemoved(addCertificates);
		            
				}
			}
		}
		

		
	}

}