/*******************************************************************************
 * <copyright> Copyright 2014 by E-Government Innovation Center EGIZ, Graz, Austria </copyright>
 * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
 * joint initiative of the Federal Chancellery Austria and Graz University of
 * Technology.
 * 
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 * 
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 ******************************************************************************/
package at.gv.egiz.sl.util;

import iaik.x509.X509Certificate;

import java.security.cert.CertificateException;
import java.util.Iterator;

import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import at.gv.egiz.pdfas.common.exceptions.ErrorConstants;
import at.gv.egiz.pdfas.common.exceptions.PDFASError;
import at.gv.egiz.pdfas.common.exceptions.PdfAsErrorCarrier;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
import at.gv.egiz.pdfas.common.utils.SettingsUtils;
import at.gv.egiz.pdfas.common.utils.StreamUtils;
import at.gv.egiz.pdfas.lib.api.IConfigurationConstants;
import at.gv.egiz.pdfas.lib.api.sign.SignParameter;
import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
import at.gv.egiz.pdfas.lib.impl.BKUHeaderHolder;
import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature;
import at.gv.egiz.pdfas.lib.util.SignatureUtils;
import at.gv.egiz.sl.schema.CreateCMSSignatureResponseType;
import at.gv.egiz.sl.schema.InfoboxAssocArrayPairType;
import at.gv.egiz.sl.schema.InfoboxReadRequestType;
import at.gv.egiz.sl.schema.InfoboxReadResponseType;

public class ISignatureConnectorSLWrapper implements ISignatureConnector {

	public static final String SL_USE_BASE64 = "";

	private static final Logger logger = LoggerFactory
			.getLogger(ISignatureConnectorSLWrapper.class);

	private ISLConnector connector;

	public ISignatureConnectorSLWrapper(ISLConnector connector) {
		this.connector = connector;
	}

	public X509Certificate getCertificate(SignParameter parameter)
			throws PdfAsException {
		X509Certificate certificate = null;
		try {
			InfoboxReadRequestType request = connector
					.createInfoboxReadRequest(parameter);
			InfoboxReadResponseType response = connector
					.sendInfoboxReadRequest(request, parameter);

			Iterator<InfoboxAssocArrayPairType> iterator = response
					.getAssocArrayData().getPair().iterator();

			while (iterator.hasNext()) {
				InfoboxAssocArrayPairType pair = iterator.next();
				if (pair.getKey().equals("SecureSignatureKeypair")) {
					byte[] certData = pair.getBase64Content();
					certificate = new X509Certificate(certData);
					break;
				}
			}
		} catch (CertificateException e) {
			throw new PdfAsSignatureException("error.pdf.sig.01", e);
		} 
		return certificate;
	}

	public byte[] sign(byte[] input, int[] byteRange, SignParameter parameter,
			RequestedSignature requestedSignature) throws PdfAsException {
		RequestPackage pack = connector.createCMSRequest(input, byteRange,
				parameter);
		try {
			CreateCMSSignatureResponseType response = connector.sendCMSRequest(
					pack, parameter);

			VerifyResult verifyResult;
			try {
				verifyResult = SignatureUtils.verifySignature(
						response.getCMSSignature(), input);
				if (SettingsUtils.getBooleanValue(requestedSignature
						.getStatus().getSettings(),
						IConfigurationConstants.KEEP_INVALID_SIGNATURE, false)) {
					Base64 b64 = new Base64();
					requestedSignature
							.getStatus()
							.getMetaInformations()
							.put(ErrorConstants.STATUS_INFO_INVALIDSIG,
									b64.encodeToString(response
											.getCMSSignature()));
				}
			} catch (PDFASError e) {
				throw new PdfAsErrorCarrier(e);
			}

			if (!StreamUtils.dataCompare(requestedSignature.getCertificate()
					.getFingerprintSHA(), ((X509Certificate) verifyResult
					.getSignerCertificate()).getFingerprintSHA())) {
				throw new PdfAsSignatureException("Certificates missmatch!");
			}

			return response.getCMSSignature();
		} finally {
			if (parameter instanceof BKUHeaderHolder) {
				BKUHeaderHolder holder = (BKUHeaderHolder) parameter;

				Iterator<BKUHeader> bkuHeaderIt = holder.getProcessInfo()
						.iterator();

				while (bkuHeaderIt.hasNext()) {
					BKUHeader header = bkuHeaderIt.next();
					if ("Server".equalsIgnoreCase(header.getName())) {
						requestedSignature
								.getStatus()
								.getMetaInformations()
								.put(ErrorConstants.STATUS_INFO_SIGDEVICEVERSION,
										header.getValue());
					} else if (ErrorConstants.STATUS_INFO_SIGDEVICE.equalsIgnoreCase(header.getName())) {
						requestedSignature
						.getStatus()
						.getMetaInformations()
						.put(ErrorConstants.STATUS_INFO_SIGDEVICE,
								header.getValue());
					}
				}
			}
		}

	}

}