package at.gv.egiz.moazs;

import at.gv.egiz.moazs.msg.MsgClientFactory;
import at.gv.egiz.moazs.msg.StoreSOAPBodyBinaryInRepositoryInterceptor;
import at.gv.egiz.moazs.scheme.Marshaller;
import at.gv.zustellung.app2mzs.xsd.ClientType;
import at.gv.zustellung.app2mzs.xsd.KeyStoreType;
import at.gv.zustellung.msg.xsd.DeliveryRequestType;
import at.gv.zustellung.msg.xsd.ObjectFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

import javax.xml.bind.JAXBElement;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;

import static at.gv.zustellung.app2mzs.xsd.ClientType.clientTypeBuilder;
import static at.gv.zustellung.app2mzs.xsd.KeyStoreType.keyStoreTypeBuilder;
import static at.gv.zustellung.app2mzs.xsd.SSLType.SSLTypeBuilder;

// @RunWith(SpringRunner.class)
// @SpringBootTest

public class MsgClientTest {

    private final static Logger log = LoggerFactory.getLogger(MsgClientTest.class);
    private final String basePath = "src/test/resources/at/gv/egiz/moazs/MsgClientTest/";

    @Autowired
    private Marshaller msgMarshaller;

    @Autowired
    private MsgClientFactory factory;

    @Autowired
    private StoreSOAPBodyBinaryInRepositoryInterceptor interceptor;

    private static final ObjectFactory OF = new ObjectFactory();


    // tmp disabled. todo: set up integration tests

    // Requirements:
    // - run zusemsg service under httpServiceURL
    // @Test
    public void sendValidMessage() throws IOException {

        var request = loadFromFile("validDeliveryRequest.xml");
        var httpServiceURL =  "http://localhost:8081/services/DeliveryRequest";
        var clientParams = clientTypeBuilder()
                .withURL(httpServiceURL)
                .build();

        var client = factory.create(clientParams);

        try{
            var status = client.delivery(request);
            log.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryResponse(status)));
        } catch (Exception ex) {
            System.out.println(ex.getMessage());
        }
    }

    // Requirements:
    // - run zusemsg service under httpsServiceURL
    // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem)
    // - server uses the server certificate in ssl/server/server.localhost.*.pem
    // - server sends certificate chain ssl/server/ca-chain.cert.pem
    //@Test
    public void sendOverSSLWithClientAuthentication() throws IOException {

        var request = loadFromFile("validDeliveryRequest.xml");
        var httpsServiceURL = "https://localhost/zusemsg/services/DeliveryRequest";

        var clientParams = generateSSLClientParams(httpsServiceURL, false, false);
        var client = factory.create(clientParams);

        var status = client.delivery(request);
        log.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryRequestStatus(status)));
    }

    // Requirements:
    // - run zusemsg service under httpsServiceURL
    // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem)
    // - server uses the server certificate in ssl/server/server.localhost.*.pem
    // - server sends certificate chain ssl/server/ca-chain.cert.pem
    //@Test
    public void sendOverSSLWithClientAuthTrustAll() throws IOException {

        var request = loadFromFile("validDeliveryRequest.xml");
        var httpsServiceURL = "https://localhost/zusemsg/services/DeliveryRequest";

        var clientParams = generateSSLClientParams(httpsServiceURL, true, false);
        var client = factory.create(clientParams);

        var status = client.delivery(request);
        log.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryRequestStatus(status)));
    }

    // Requirements:
    // - run zusemsg service under httpsServiceURL (e.g. by adding notlocalhost to /etc/hosts)
    // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem)
    // - server uses the server certificate in ssl/server/server.localhost.*.pem
    // - server sends certificate chain ssl/server/ca-chain.cert.pem
    //@Test
    public void sendOverSSLWithClientAuthLaxHostnameVerification() throws IOException {

        var request = loadFromFile("validDeliveryRequest.xml");
        var httpsServiceURL = "https://notlocalhost/zusemsg/services/DeliveryRequest";

        var clientParams = generateSSLClientParams(httpsServiceURL, false, true);
        var client = factory.create(clientParams);

        var status = client.delivery(request);
        log.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryRequestStatus(status)));
    }

    //Requirements:
    // - run zusemsg service under httpsServiceURL (e.g. by adding notlocalhost to /etc/hosts)
    // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem)
    // - server uses the server certificate in ssl/server/server.localhost.*.pem
    // - server sends certificate chain ssl/server/ca-chain.cert.pem
    //@Test(expected=SOAPFaultException.class)
    public void rejectBecauseHostNameVerificationFails() throws IOException {

        var request = loadFromFile("validDeliveryRequest.xml");
        var httpsServiceURL = "https://notlocalhost/zusemsg/services/DeliveryRequest";

        var clientParams = generateSSLClientParams(httpsServiceURL, false, false);
        var client = factory.create(clientParams);

        var status = client.delivery(request);
        log.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryRequestStatus(status)));
    }

    private ClientType generateSSLClientParams(String httpsServiceURL, boolean trustAll, boolean laxHostNameVerification) {
        return generateSSLClientParams(httpsServiceURL, trustAll, laxHostNameVerification, generateTrustLocalhostStore());
    }

    private ClientType generateSSLClientParams(String httpsServiceURL, boolean trustAll, boolean laxHostNameVerification, KeyStoreType truststore) {

        var keystore = keyStoreTypeBuilder()
                .withFileName("ssl/client.cert.key.p12")
                .withFileType("PKCS12")
                .withPassword("123456")
                .build();

        var sslParams = SSLTypeBuilder()
                .withLaxHostNameVerification(laxHostNameVerification)
                .withTrustAll(trustAll)
                .withKeyStore(keystore)
                .withTrustStore(trustAll ? null : truststore)
                .build();

        return clientTypeBuilder()
                .withURL(httpsServiceURL)
                .withSSL(sslParams)
                .withReceiveTimeout(BigInteger.ZERO)
                .withConnectionTimeout(BigInteger.ZERO)
                .build();

    }

    private KeyStoreType generateTrustLocalhostStore() {
        return keyStoreTypeBuilder()
                .withFileName("ssl/truststore.jks")
                .withPassword("123456")
                .withFileType("JKS")
                .build();
    }

    private DeliveryRequestType loadFromFile(String fileName) throws IOException {
        try (var inputStream = new BufferedInputStream(new FileInputStream(basePath + fileName))) {
            var request = (JAXBElement<DeliveryRequestType>) msgMarshaller.unmarshallXml(inputStream);
            return request.getValue();
        }
    }

}