/*
 * Copyright 2003 Federal Chancellery Austria
 * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */

package at.gv.egovernment.moa.spss.server.iaik.pki;

import iaik.pki.PKIProfile;
import iaik.pki.pathvalidation.ValidationProfile;
import iaik.pki.revocation.RevocationProfile;
import iaik.pki.store.truststore.TrustStoreProfile;
import iaik.pki.store.truststore.TrustStoreTypes;

import java.util.Arrays;

import at.gv.egovernment.moa.sig.tsl.api.ITslService;
import at.gv.egovernment.moa.sig.tsl.exception.TslPKIException;
import at.gv.egovernment.moa.sig.tsl.pki.TslTrustStoreProfile;
import at.gv.egovernment.moa.sig.tsl.pki.chaining.ChainingTrustStoreProfile;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.config.TrustProfile;
import at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation.ValidationProfileImpl;
import at.gv.egovernment.moa.spss.server.iaik.pki.revocation.RevocationProfileImpl;
import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory;
import at.gv.egovernment.moaspss.logging.Logger;

/**
 * Implementation of the <code>PKIProfile</code> interface containing
 * information needed for certificate path validation. It uses configuration
 * data from the MOA configuration.
 * 
 * @author Patrick Peck
 * @version $Id$
 */
public class PKIProfileImpl implements PKIProfile {

	/** Profile information for revocation checking. */
	private RevocationProfile revocationProfile;
	/** Profile information about the trust profile to use. */
	private TrustStoreProfile trustStoreProfile;
	/** Profile information about the certificate validation. */
	private ValidationProfile validationProfile;
	/**
	 * The <code>ConfigurationProvider</code> to read the MOA configuration data
	 * from.
	 */
	private ConfigurationProvider config;

	/**
	 * Create a new <code>PKIProfileImpl</code>.
	 * 
	 * @param config
	 *            The MOA configuration providing configuration data about
	 *            certificate path validation.
	 * @param trustProfileID
	 *            The trust profile ID denoting the location of the trust store.
	 * @throws MOAApplicationException
	 *             An error occurred building the profile.
	 */
	public PKIProfileImpl(ConfigurationProvider config, String trustProfileID) throws MOAApplicationException {

		this.config = config;
		setRevocationProfile(new RevocationProfileImpl(config));
		setValidationProfile(new ValidationProfileImpl(config));
				
		//generate TrustStoreProfile from TrustStore configuration
		internalTrustProfileBuilder(trustProfileID);
				
	}

	
	private void internalTrustProfileBuilder(String trustProfileId) throws MOAApplicationException {
		TrustProfile tp = (TrustProfile) config.getTrustProfile(trustProfileId);
		if (tp != null) {
			//build directory based trust store as default
			
			
			if (tp.isTSLEnabled()) {
				TslTrustStoreProfile tslTrustStore;
				try {
					if (!TSLServiceFactory.isInitialized()) {
						Logger.error("Can not build TrustProfile:" + trustProfileId 
								+ " Reason: TrustProfile needs TSL support but TSL client NOT initialized.");
						throw new TslPKIException("Trust Status-List service client is NOT initialized");
						
					}
				
					//build TSL truststore if enabled
					tslTrustStore = TSLServiceFactory.getTSLServiceClient().
							buildTrustStoreProfile(
									tp.getCountries(), 
									tp.getAllowedTspStatus(), 
									tp.getAllowedTspServiceTypes(), 
									trustProfileId + "_TSL");
							
					//build Directory based TrustStore
					TrustStoreProfileImpl directoryTrustStore = new TrustStoreProfileImpl(trustProfileId + "_Directory", tp.getUri());
				
					//generate a virtual truststore that concatenates the TSL TrustStore and the directory TrustStore
					ChainingTrustStoreProfile chainedProfile = new ChainingTrustStoreProfile(
							Arrays.asList(tslTrustStore, directoryTrustStore), 
							trustProfileId);
				
					//set this virtual truststore
					setTrustStoreProfile(chainedProfile);
					
				} catch (TslPKIException e) {
					Logger.error("Virtual TSL based TrustProfile generation FAILED.", e);
					throw new MOAApplicationException("2900", new Object[] { trustProfileId });
					
				}
				
			} else 
				setTrustStoreProfile(new TrustStoreProfileImpl(trustProfileId, tp.getUri()));
									
		} else {
			throw new MOAApplicationException("2203", new Object[] { trustProfileId });
			
		}
				
	}
	
	/**
	 * @see iaik.pki.PKIProfile#autoAddCertificates()
	 */
	/*public boolean autoAddCertificates() {
		return useAuthorityInfoAccess() ? true : config.getAutoAddCertificates();
	}*/

	/**
	 * @see iaik.pki.PKIProfile#getRevocationProfile()
	 */
	public RevocationProfile getRevocationProfile() {
		return revocationProfile;
	}

	/**
	 * Sets the <code>RevocationProfile</code>.
	 * 
	 * @param revocationProfile
	 *            The <code>RevocationProfile</code> used for revocation
	 *            checking.
	 */
	protected void setRevocationProfile(RevocationProfile revocationProfile) {
		this.revocationProfile = revocationProfile;
	}

	/**
	 * @see iaik.pki.PKIProfile#getTrustStoreProfile()
	 */
	public TrustStoreProfile getTrustStoreProfile() {
		return trustStoreProfile;
	}

	/**
	 * Sets the <code>TrustStoreProfile</code>.
	 * 
	 * @param trustStoreProfile
	 *            The <code>TrustStoreProfile</code>.
	 */
	protected void setTrustStoreProfile(TrustStoreProfile trustStoreProfile) {
		this.trustStoreProfile = trustStoreProfile;
	}

	/**
	 * @see iaik.pki.PKIProfile#getValidationProfile()
	 */
	public ValidationProfile getValidationProfile() {
		return validationProfile;
	}

	/**
	 * Sets the <code>ValidationProfile</code>.
	 * 
	 * @param validationProfile
	 *            The <code>ValidationProfile</code> to set.
	 */
	protected void setValidationProfile(ValidationProfile validationProfile) {
		this.validationProfile = validationProfile;
	}

	/**
	 * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
	 */
	public boolean useAuthorityInfoAccess() {
		return config.getUseAuthorityInfoAccess();
	}

	/**
	 * @see iaik.pki.PKIProfile#autoAddCertificates()
	 */
	@Override
	public int autoAddCertificates() {
		if(config.getAutoAddCertificates()) {
			return PKIProfile.AUTO_ADD_EE_DISABLE;
		} else {
			return PKIProfile.AUTO_ADD_DISABLE;
		}
		// TODO AFITZEK allow saving of end entity certificates
	}

	@Override
	public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
		// TODO AFITZEK IMPLEMENT THIS METHOD
		return null;
	}

}