package at.gv.egiz.moazs.msg;

import at.gv.egiz.moazs.util.FileUtils;
import at.gv.egiz.moazs.util.SSLContextCreator;
import at.gv.zustellung.app2mzs.xsd.ClientType;
import at.gv.zustellung.app2mzs.xsd.KeyStoreType;
import at.gv.zustellung.msg.xsd.App2ZusePort;
import com.sun.istack.Nullable;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.jaxws.JaxWsClientFactoryBean;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import javax.net.ssl.SSLContext;

import static at.gv.zustellung.app2mzs.xsd.KeyStoreType.keyStoreTypeBuilder;

@Component
public class MsgClientFactory {

    private static final Logger log = LoggerFactory.getLogger(MsgClientFactory.class);

    private final StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor;
    private final SSLContextCreator sslContextCreator;
    private final FileUtils fileUtils;

    @Autowired
    public MsgClientFactory(StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor, SSLContextCreator creator, FileUtils fileUtils) {
        this.storeResponseInterceptor = storeResponseInterceptor;
        this.sslContextCreator = creator;
        this.fileUtils = fileUtils;
    }

    /**
     * Creates a client that communicates with a msg service.
     *
     * @param params for the client, such as service url and ssl parameters.
     * @return the msg client
     */
    //TODO evaluate and honor laxhostnameverification and trustall parameter!
    public App2ZusePort create(ClientType params) {

        var factory = new JaxWsClientFactoryBean();
        factory.setServiceClass(App2ZusePort.class);
        factory.setAddress(params.getURL());
        factory.getInInterceptors().add(storeResponseInterceptor);

        var proxy = new JaxWsProxyFactoryBean(factory).create();
        Client client = ClientProxy.getClient(proxy);
        HTTPConduit http = (HTTPConduit) client.getConduit();

        var httpClientPolicy = new HTTPClientPolicy();
        httpClientPolicy.setConnectionTimeout(params.getConnectionTimeout().longValueExact());
        httpClientPolicy.setReceiveTimeout(params.getReceiveTimeout().longValueExact());
        http.setClient(httpClientPolicy);

        if (params.getURL().startsWith("https")) {
            var keystore = resolveKeyStorePath(params.getSSL().getKeyStore());
            var truststore = resolveKeyStorePath(params.getSSL().getTrustStore());
            SSLContext sslContext = sslContextCreator.createSSLContext(keystore, truststore);
            var tlsParams = new TLSClientParameters();
            tlsParams.setSSLSocketFactory(sslContext.getSocketFactory());
            http.setTlsClientParameters(tlsParams);
            log.info("SSLContext initialized. ");
        }

        return ((App2ZusePort)proxy);
    }

    private KeyStoreType resolveKeyStorePath(@Nullable KeyStoreType store) {

        if (store == null) return null;

        var resolvedURI = "file:" + fileUtils.determinePath(store.getFileName());
        log.trace("Resolved key store path from {} to {}.", store.getFileName(), resolvedURI);

        return keyStoreTypeBuilder(store)
                .withFileName(resolvedURI)
                .build();
    }

}