/*
 * Copyright 2003 Federal Chancellery Austria
 * MOA-SPSS has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */

package at.gv.egovernment.moa.spss.server.iaik.pki;

import java.util.Arrays;

import at.gv.egovernment.moa.sig.tsl.exception.TslPKIException;
import at.gv.egovernment.moa.sig.tsl.pki.TslTrustStoreProfile;
import at.gv.egovernment.moa.sig.tsl.pki.chaining.ChainingTrustStoreProfile;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.config.TrustProfile;
import at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation.ValidationProfileImpl;
import at.gv.egovernment.moa.spss.server.iaik.pki.revocation.RevocationProfileImpl;
import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory;
import at.gv.egovernment.moaspss.logging.Logger;
import iaik.pki.PKIProfile;
import iaik.pki.pathvalidation.ValidationProfile;
import iaik.pki.revocation.RevocationProfile;
import iaik.pki.store.truststore.TrustStoreProfile;

/**
 * Implementation of the <code>PKIProfile</code> interface containing
 * information needed for certificate path validation. It uses configuration
 * data from the MOA configuration.
 *
 * @author Patrick Peck
 * @version $Id$
 */
public class PKIProfileImpl implements PKIProfile {

  /** Profile information for revocation checking. */
  private RevocationProfile revocationProfile;
  /** Profile information about the trust profile to use. */
  private TrustStoreProfile trustStoreProfile;
  /** Profile information about the certificate validation. */
  private ValidationProfile validationProfile;
  /**
   * The <code>ConfigurationProvider</code> to read the MOA configuration data
   * from.
   */
  private final ConfigurationProvider config;

  /**
   * Create a new <code>PKIProfileImpl</code>.
   * 
   * @param config         The MOA configuration providing configuration data
   *                       about certificate path validation.
   * @param trustProfileID The trust profile ID denoting the location of the trust
   *                       store.
   * @throws MOAApplicationException An error occurred building the profile.
   */
  public PKIProfileImpl(ConfigurationProvider config, String trustProfileID) throws MOAApplicationException {

    this.config = config;
    setRevocationProfile(new RevocationProfileImpl(config));
    setValidationProfile(new ValidationProfileImpl(config));

    // generate TrustStoreProfile from TrustStore configuration
    internalTrustProfileBuilder(trustProfileID);

  }

  private void internalTrustProfileBuilder(String trustProfileId) throws MOAApplicationException {
    final TrustProfile tp = config.getTrustProfile(trustProfileId);
    if (tp != null) {
      // build directory based trust store as default

      if (tp.isTSLEnabled()) {
        TslTrustStoreProfile tslTrustStore;
        try {
          if (!TSLServiceFactory.isInitialized()) {
            Logger.error("Can not build TrustProfile:" + trustProfileId
                + " Reason: TrustProfile needs TSL support but TSL client NOT initialized.");
            throw new TslPKIException("Trust Status-List service client is NOT initialized");

          }

          // build TSL truststore if enabled
          tslTrustStore = TSLServiceFactory.getTSLServiceClient().buildTrustStoreProfile(
              tp.getCountries(),
              tp.getAllowedTspStatus(),
              tp.getAllowedTspServiceTypes(),
              trustProfileId + "_TSL");

          // build Directory based TrustStore
          final TrustStoreProfileImpl directoryTrustStore = new TrustStoreProfileImpl(trustProfileId
              + "_Directory", tp.getUri());

          // generate a virtual truststore that concatenates the TSL TrustStore and the
          // directory TrustStore
          final ChainingTrustStoreProfile chainedProfile = new ChainingTrustStoreProfile(
              Arrays.asList(tslTrustStore, directoryTrustStore),
              trustProfileId);

          // set this virtual truststore
          setTrustStoreProfile(chainedProfile);

        } catch (final TslPKIException e) {
          Logger.error("Virtual TSL based TrustProfile generation FAILED.", e);
          throw new MOAApplicationException("2900", new Object[] { trustProfileId });

        }

      } else {
        setTrustStoreProfile(new TrustStoreProfileImpl(trustProfileId, tp.getUri()));
      }

    } else {
      throw new MOAApplicationException("2203", new Object[] { trustProfileId });

    }

  }

  /**
   * @see iaik.pki.PKIProfile#autoAddCertificates()
   */
  /*
   * public boolean autoAddCertificates() { return useAuthorityInfoAccess() ? true
   * : config.getAutoAddCertificates(); }
   */

  /**
   * @see iaik.pki.PKIProfile#getRevocationProfile()
   */
  @Override
  public RevocationProfile getRevocationProfile() {
    return revocationProfile;
  }

  /**
   * Sets the <code>RevocationProfile</code>.
   * 
   * @param revocationProfile The <code>RevocationProfile</code> used for
   *                          revocation checking.
   */
  protected void setRevocationProfile(RevocationProfile revocationProfile) {
    this.revocationProfile = revocationProfile;
  }

  /**
   * @see iaik.pki.PKIProfile#getTrustStoreProfile()
   */
  @Override
  public TrustStoreProfile getTrustStoreProfile() {
    return trustStoreProfile;
  }

  /**
   * Sets the <code>TrustStoreProfile</code>.
   * 
   * @param trustStoreProfile The <code>TrustStoreProfile</code>.
   */
  protected void setTrustStoreProfile(TrustStoreProfile trustStoreProfile) {
    this.trustStoreProfile = trustStoreProfile;
  }

  /**
   * @see iaik.pki.PKIProfile#getValidationProfile()
   */
  @Override
  public ValidationProfile getValidationProfile() {
    return validationProfile;
  }

  /**
   * Sets the <code>ValidationProfile</code>.
   * 
   * @param validationProfile The <code>ValidationProfile</code> to set.
   */
  protected void setValidationProfile(ValidationProfile validationProfile) {
    this.validationProfile = validationProfile;
  }

  /**
   * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
   */
  @Override
  public boolean useAuthorityInfoAccess() {
    return config.getUseAuthorityInfoAccess();
  }

  /**
   * @see iaik.pki.PKIProfile#autoAddCertificates()
   */
  @Override
  public int autoAddCertificates() {
    if (config.getAutoAddCertificates()) {
      if (config.getAutoAddEECertificates()) {
        return PKIProfile.AUTO_ADD_ENABLE;
      } else {
        return PKIProfile.AUTO_ADD_EE_DISABLE;
      }

    } else {
      return PKIProfile.AUTO_ADD_DISABLE;
    }

  }

  @Override
  public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
    // TODO AFITZEK IMPLEMENT THIS METHOD
    return null;
  }

}