package org.openslx.dozmod.authentication;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.Map.Entry;

import org.apache.hc.client5.http.ClientProtocolException;
import org.apache.hc.core5.http.ParseException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.openslx.bwlp.thrift.iface.Satellite;
import org.openslx.bwlp.thrift.iface.TAuthorizationException;
import org.openslx.dozmod.authentication.ServiceProviderResponse.JSatellite;
import org.openslx.dozmod.authentication.ShibbolethEcp.ReturnCode;

import com.google.gson.JsonSyntaxException;

/**
 * @author Jonathan Bauer
 * 
 */
public class EcpAuthenticator implements Authenticator {

	/**
	 * Logger instance for this class
	 */
	private final static Logger LOGGER = LogManager.getLogger(EcpAuthenticator.class);

	private final String ecpUrl;

	public EcpAuthenticator(String ecpUrl) {
		// first lets check the given ecpUrl
		if (!ecpUrl.isEmpty())
			this.ecpUrl = ecpUrl;
		else
			this.ecpUrl = null;
		// NOTE: the actual check for a correct URI will be done by 
		// the ECP client.
	}

	@Override
	public void login(String username, String password, AuthenticatorCallback callback)
			throws TAuthorizationException, JsonSyntaxException, ClientProtocolException, ParseException,
			MalformedURLException, URISyntaxException, IOException {
		// try to login
		ReturnCode ret = ShibbolethEcp.doLogin(this.ecpUrl, username, password);

		if (ret == null) {
			LOGGER.warn("Shibboleth doLogin returned null as ReturnCode!");
			ret = ReturnCode.GENERIC_ERROR;
		}

		ServiceProviderResponse response = ShibbolethEcp.getResponse();
		RuntimeException errEx = null;
		if (response != null && response.error != null) {
			errEx = new RuntimeException(response.error);
		}

		// If login succeeded, set up session data
		AuthenticationData data = null;
		if (ret == ReturnCode.NO_ERROR) {
			// we have a token?
			final String token = response.token;
			if (token == null || token.isEmpty()) {
				// bad token
				LOGGER.error("No token received from the service provider!");
				callback.postLogin(ReturnCode.SERVICE_PROVIDER_ERROR, null, errEx);
			}
			// create the session for the user from the response of the ECP
			List<Satellite> sats = new ArrayList<>();
			// TODO: Handle cert fingerprint
			if (response.satellites2 != null) {
				Base64.Decoder base64 = Base64.getDecoder();
				for (Entry<String, JSatellite> it : response.satellites2.entrySet()) {
					JSatellite jsat = it.getValue();
					ByteBuffer hash = jsat.certHash == null ? null
							: ByteBuffer.wrap(base64.decode(jsat.certHash));
					sats.add(new Satellite(jsat.addresses, it.getKey(), hash));
				}
			}
			data = new AuthenticationData(response.token, response.sessionId, sats);
		}
		callback.postLogin(ret, data, errEx);
	}
}