package at.gv.egovernment.moa.spss.tsl.connector;

import java.security.cert.X509Certificate;
import java.util.List;
import java.util.ListIterator;

import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.KeySelectorResult;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.X509Data;

import iaik.server.modules.xmlverify.MOAKeySelector;
import iaik.xml.crypto.tsl.TSLContext;
import iaik.xml.crypto.tsl.ex.TSLSecurityException;
import iaik.xml.crypto.tsl.ex.TSLVerificationException;
import iaik.xml.crypto.tsl.verify.TslKeyInfoHints;
import iaik.xml.crypto.utils.X509KeySelectorResult;

public class MOATslKeySelector extends MOAKeySelector {

	private final ListIterator<X509Certificate> tslSignerCerts_;
	private TSLContext tslContextI_;

	public MOATslKeySelector(ListIterator<X509Certificate> euTslCertsHash, TSLContext tslContext) {
		if(euTslCertsHash == null){
			tslContext.throwException(
				new TSLVerificationException(
					TSLSecurityException.Type.MISSING_INFO_ON_TSL_SIGNER)
			);
		}
		tslSignerCerts_ = euTslCertsHash;
		tslContextI_ = tslContext;
		tslContext.toString();
	}

	@Override
	protected KeyInfoHints newKeyInfoHints(KeyInfo keyInfo,
		XMLCryptoContext context)
		throws KeySelectorException {

		return new TslKeyInfoHints(keyInfo, context, tslContextI_, tslSignerCerts_);

	}

	@Override
	protected KeySelectorResult select(KeyInfoHints hints,
		KeySelectorResult[] results) {

		if (results.length > 1){

			return (KeySelectorResult) tslContextI_.throwException(
				new TSLSecurityException(TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER),
				//we need an anonymous class to find the enclosing Method
        (new Object(){}).getClass().getEnclosingMethod(),
        this,
        new Object[] {hints, results}
			);

		} else {
			KeySelectorResult result = results[0];
			  if (result instanceof X509KeySelectorResult) {
			    result = new MOAX509KeySelectorResult((X509KeySelectorResult)result);
			  } else {
			    result = new MOAKeySelectorResult(result.getKey());
			  }
			  return result;
		}
	}
	
	@Override
  public KeySelectorResult select(X509Data x509Data,
    Purpose purpose,
    AlgorithmMethod method,
    XMLCryptoContext context) throws KeySelectorException {

		X509KeySelectorResult ksr;
		try {
			ksr = (X509KeySelectorResult) super.select(x509Data, purpose, method, context);
		} catch (ClassCastException e) {
			ksr = (X509KeySelectorResult) tslContextI_.throwException(
				e,
				//we need an anonymous class to find the enclosing Method
				(new Object(){}).getClass().getEnclosingMethod(),
				this,
				new Object[]{x509Data, purpose, method, context});
		}

		if (ksr == null){
			//there has been a Problem with the X509Data
			ksr = (X509KeySelectorResult) tslContextI_.throwException(
				new KeySelectorException(failReason_.replace(". ", ".\n")),
				//we need an anonymous class to find the enclosing Method
				(new Object(){}).getClass().getEnclosingMethod(),
				this,
				new Object[]{x509Data, purpose, method, context});
		}

		List l = ksr.getCertificates();
		tslContextI_.securityCheck(
			TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER,
			(X509Certificate[]) l.toArray(new X509Certificate[l.size()]),
			tslSignerCerts_
		);

		return ksr;
  }

	@Override
	protected KeySelectorResult select(X509Certificate cert, Purpose purpose,
		AlgorithmMethod method, XMLCryptoContext context)
		throws KeySelectorException {

		tslContextI_.securityCheck(
			TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER,
			cert,
			tslSignerCerts_
		);

		return super.select(cert, purpose, method, context);
	}
}