package at.gv.egovernment.moa.spss.tsl.timer;

import iaik.asn1.ObjectID;
import iaik.pki.store.certstore.CertStoreException;
import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.truststore.TrustStoreException;
import iaik.pki.store.truststore.TrustStoreProfile;
import iaik.pki.store.utils.StoreUpdater;
import iaik.server.ConfigurationData;
import iaik.x509.X509Certificate;
import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
import iaik.xml.crypto.tsl.ex.TSLSearchException;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import java.util.TimerTask;

import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.config.TrustProfile;
import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moaspss.logging.LogMsg;
import at.gv.egovernment.moaspss.logging.Logger;
import at.gv.egovernment.moaspss.util.StringUtils;


public class TSLUpdaterTimerTask extends TimerTask {
	
	public static TSLConnector tslconnector_;
	
	public static ConfigurationData configData_ = null;

	@Override
	public void run() {
		
		try {
			Logger.info("Start TSL Update");
			update();
			Logger.info("Finished TSL Update");
		} catch (TSLEngineDiedException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		} catch (TSLSearchException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		} catch (ConfigurationException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		} catch (MOAApplicationException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		} catch (CertStoreException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		} catch (TrustStoreException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		}  catch (FileNotFoundException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		} catch (IOException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		} catch (CertificateException e) {
			MessageProvider msg = MessageProvider.getInstance();
			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
		}

	}
	
	public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, IOException {
		MessageProvider msg = MessageProvider.getInstance();
		
		//TrustProfile tp = null;
		TrustStoreProfile tsp = null;
		StoreUpdater storeUpdater = null;
		TransactionId tid = null;
		
			//get TSl configuration
			ConfigurationProvider config = ConfigurationProvider.getInstance();
			if (configData_ == null)
				configData_ = new IaikConfigurator().configure(config);
			
			TSLConfiguration tslconfig = config.getTSLConfiguration();
			if (tslconfig != null) {
				
				tslconnector_.updateTSLs(new Date(), new String[]{"accredited","undersupervision"});
				
				Logger.info(new LogMsg(msg.getMessage("config.42", null)));
				
				// get certstore parameters
				CertStoreParameters[] certStoreParameters = configData_.getPKIConfiguration().getCertStoreConfiguration().getParameters();
					
				// iterate over all truststores
				Map mapTrustProfiles = config.getTrustProfiles();
				Iterator it = mapTrustProfiles.entrySet().iterator();
				while (it.hasNext()) {
					Map.Entry pairs = (Map.Entry)it.next();
					TrustProfile tp = (TrustProfile) pairs.getValue();
					if (tp.isTSLEnabled()) {
						tsp = new TrustStoreProfileImpl(config, tp.getId());
						TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
						trustStoreProfiles[0] = tsp;
						
						
						Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
			         
						tid = new TransactionId("TSLConfigurator-" + tp.getId());
						ArrayList tsl_certs = null;
						if (StringUtils.isEmpty(tp.getCountries())) {
							Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
	
							// get certificates from TSL from all countries
							tsl_certs = tslconnector_.getQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
						}
						else {
							Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
							// get selected countries as array
							String countries = tp.getCountries();
							String[] array = countries.split(",");
							for (int i = 0; i < array.length; i++)
								array[i] = array[i].trim();
			                	  
							// get certificates from TSL from given countries
							tsl_certs = tslconnector_.getQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
						}
						
						// create store updater for each TSL enabled truststore 
						Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
						storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
						
						// delete files in trustprofile
						
						File ftp = new File(tp.getUri());
						File[] files = ftp.listFiles();
						X509Certificate[] removeCertificates = new X509Certificate[files.length];
						int i = 0;
						for (File file : files) {
							FileInputStream fis = new FileInputStream(file);
							removeCertificates[i] = new X509Certificate(fis);
							i++;
							fis.close();
								//file.delete();
						}
						
						// remove all certificates
						storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
						storeUpdater.removeCertificatesFromCertStores(removeCertificates, tid);
						
						
						// copy files from original trustAnchorsLocURI into tslworking trust profile
				    	File src = new File(tp.getUriOrig());
				    	files = src.listFiles();
				    	X509Certificate[] addCertificates = new X509Certificate[files.length];
				    	i = 0;
				        for (File file : files) {
				        	FileInputStream fis = new FileInputStream(file);
				        	addCertificates[i] = new X509Certificate(fis);
				        	//FileUtils.copyFile(file, new File(tp.getUri(), file.getName()));
				        	i++;
				        	fis.close();
				        }
						
				        // convert ArrayList<File> to X509Certificate[]						
				        if (tsl_certs == null) {
				        	Logger.warn("No certificates from TSL imported.");
				        	//throw new TSLSearchException("No certificates from TSL imported.");
				        }
				        else {
				        
				        	X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];
				        	Iterator itcert = tsl_certs.iterator();
				        	i = 0;
				        	File f = null;
				        	while(itcert.hasNext()) {
				        		f = (File)itcert.next();
				        		FileInputStream fis = new FileInputStream(f);
				        		X509Certificate cert = new X509Certificate(fis);
				        		addCertificatesTSL[i] = cert;
								
				        		i++;
				        		fis.close();
				        	}
						  
				        	Logger.info(new LogMsg("Add " + addCertificatesTSL.length + " certificates to " + tp.getId() + " from TSL."));
				        	storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);
				        	storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);
						
				        	Logger.info(new LogMsg("Add " + addCertificates.length + " certificates to " + tp.getId() + "."));
				        	storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
				        	storeUpdater.addCertificatesToCertStores(addCertificates, tid);
				        }			            
					}
				}
			}
		

		
	}

}